The Hacker News
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
A vulnerability in Microsoft Access that could be exploited to leak a Windows user’s NTLM tokens.
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
-1.webp)
Cyber Security News
Researcher Discloses OpenCart Vulnerability; Company Reacts Aggressively
A security researcher who goes under the name “0xbro” discovered a Static code injection vulnerability in OpenCart.
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
The Record
Suspected Hamas-linked hackers target Israel with new version of SysJoker malware
Cybersecurity companies Check Point and Intezer analyzed what appears to be a rewrite of backdoor malware that targeted Israel's education sector as early as 2021.
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Cyber Security News
PolarDNS - A Free DNS Server For Vulnerability Research & Pentesting
Oryxlabs recently launched a free DNS server that is written in Python 3.x for vulnerability research and pentesting, dubbed as "PolarDNS."
-1.webp)
Cyber Security News
Hackers Using Malicious Browser Extensions to Steal Facebook Business Accounts
Ducktail is a specifically designed information stealer that can have severe consequences, such as privacy breaches and identity theft.
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
The Hacker News
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
Beware of Telekopye: The malicious Telegram bot used by the "Neanderthals" for large-scale phishing scams. It crafts phishing websites and emails.
SecurityWeek
North Korean Software Supply Chain Attack Hits North America, Asia
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack.
The Hacker News
Tell Me Your Secrets Without Telling Me Your Secrets
GitGuardian launches "HasMySecretLeaked" service to help developers check if their sensitive information has been exposed on GitHub.
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
Infosecurity News
Windows Hello Fingerprint Tech is Hacked
Blackwing researchers bypass the authentication system
Infosecurity News
Black Friday: Phishing Emails Soar 237%
Global brands impersonated to capitalize on busy shopping period
Infosecurity News
Rug Pull Schemes: Crypto Investor Losses Near $1M
New scam identified by Check Point Threat Intelligence Blockchain system
The Hacker News
6 Steps to Accelerate Cybersecurity Incident Response
Effective Incident Response is more than just tools. It's a process. Explore the 6-step framework for successful IR.
CSO
Cyberattacks on Israel intensify as the war against Hamas rages: Check Point
Cyberattacks have grown in frequency as well as sophistication as the Israel-Hamas conflict intensifies.
CyberNews
FEAM Aero reportedly hit by ransomware
Feam Aero, the global aircraft maintenance and technical services company, has been claimed by the LockBit ransomware gang.
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Bleeping Computer
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
Ars Technica
USB worm unleashed by Russian state hackers spreads worldwide
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
DarkReading
Exploit for Critical Windows Defender Bypass Goes Public
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
Infosecurity News
Black Friday: Significant Security Gaps in E-Commerce Web Apps
Millions of consumers’ PII could be at risk due to exploitable vulnerabilities and a lack of basic security protocols in e-commerce web apps
Cyber Security News
Hackers Attacking Apache Web Servers to Install Coinminers
An attack campaign that installs XMRig Coinminer on Windows web servers that run on Apache has been discovered recently.
SecurityWeek
Sumo Logic Completes Investigation Into Recent Security Breach
Sumo Logic has completed its investigation into the recent security breach and found no evidence of impact to customer data.
The Hacker News
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are getting smarter! Cybercriminals are now using QR codes, CAPTCHAs, and steganography to trick victims. Learn how to stay safe.
Cyber Security News
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
Trend Micro researchers recently revealed Apache ActiveMQ vulnerability (CVE-2023-46604) was actively exploited.
The Hacker News
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and persona
Security Affairs
The Top 5 Reasons to Use an API Management Platform - Security Affairs
Organizations need to govern and control the API ecosystem, this governance is the role of API management.
DarkReading
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
Bleeping Computer
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group.
Bleeping Computer
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
SecurityWeek
5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms
Secure Services Edge (SSE) platforms can introduce loopholes & vulnerabilities; it's crucial to assess the risk profiles of SSE platforms.
SecurityWeek
Russia's LitterDrifter USB Worm Spreads Beyond Ukraine
Russian Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries.
CyberSecurity Dive
CISA explains how to apply secure-by-design principles
The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said.
The Hacker News
Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking
🚨 Bitcoin wallets created from 2011 to 2015 vulnerable to "Randstorm" exploit, potentially allowing unauthorized access by recovering passwords.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Ars Technica
The FCC says new rules will curb SIM swapping. I’m pessimistic
SIM swaps and port-out scams are a fact of life. New rules aren't likely to change that.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
Bleeping Computer
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
Bleeping Computer
Bloomberg Crypto X account snafu leads to Discord phishing attack
The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack.
Infosecurity News
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
Check Point Research say these latest luxury brand scams are a wake-up call for shoppers to stay vigilant online
The Record
Russian analysts point finger at China, North Korea over cyber activity
Despite the countries' warm relationship, Russia is being targeted by North Korean and Chinese state hacking groups, a cybersecurity firm connected to Rostelecom claims.
The Record
Remcos, again: Ukrainian agencies targeted in a new spying campaign
In a recent campaign, the hacking group tracked as UAC-0050 attempted to spread the Remcos remote access tool, according to research by Ukraine's computer emergencies response team (CERT-UA).
Bleeping Computer
How DDoS attacks are taking down even the largest tech companies
DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets.
Cyber Security News
ChatGPT for Malware Analysis: Enhancing GPT’s Ability to Guide Malware Analyst
GPT excels in verbal thinking, skillfully choosing precise words for optimal responses. Understanding this key property is crucial, as much of its subsequent behavior stems from this ability.
The Hacker News
How to Automate the Hardest Parts of Employee Offboarding
Eliminate 90% of the time and effort in finding and offboarding cloud and SaaS accounts. Say goodbye to IT offboarding headaches.
Cyber Security News
Best Network Security Vendors for SaaS - 2024
Best Network Security Vendors for SaaS : 1. Perimeter 81 2. Palo Alto Networks 3. Fortinet 4. Symantec 5. Check Point 6. McAfee 7. Okta.
Cyber Security News
OracleIV: Dockerized Botnet Launches DDoS Attack Against Docker Engine
Hackers use networks of compromised computers (botnets) to generate massive traffic, disrupting the target's normal functioning by overloading its resources. The goal is to make a website or online service inaccessible to legitimate users.
Ars Technica
Developers can’t seem to stop exposing credentials in publicly accessible code
Many transgressions come from "very large companies that have robust security teams."
Bleeping Computer
Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw
Citrix has released hotfixes for two vulnerabilities impacting Citrix Hypervisor, one of them being the "Reptar" high-severity flaw that affects Intel CPUs for desktop and server systems.
Bleeping Computer
FBI and CISA warn of opportunistic Rhysida ransomware attacks
The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors.
Security Affairs
Critical flaw fixed in SAP Business One product
Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product.
Bleeping Computer
The OWASP Top 10: What They Are and How to Test Them
This article takes a deep dive into the OWASP Top 10 and advises on how to test your web applications for susceptibility to these security risks.
SecurityWeek
Application Security Startup Aikido Security Raises €5 Million
Aikido Security has raised €5 million (~$5.4 million) in seed funding for an all-in-one application security platform.
CyberNews
Israel unplugged Gaza: Human rights watchdog says “Internet shutdowns are fatal”
As Gaza goes into a complete internet blackout in the coming hours, human rights watchdog, calling for an immediate digital and physical ceasefire.
SecurityWeek
SAP Patches Critical Vulnerability in Business One Product
SAP released a hotfix for a critical-severity improper access control vulnerability in Business One product installation.
Security Affairs
Law enforcement agencies dismantled botnet proxy service IPStorm
The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm.
Infosecurity News
UK Privacy Regulator Issues Black Friday Smart Device Warning
Consumers urged to think before they buy connected technology
The Hacker News
Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments
Intel released critical fixes for a high-severity vulnerability called Reptar (CVE-2023-23583). It affects multi-tenant virtualized environments.
The Record
CISA adds three Microsoft Patch Tuesday bugs to vulnerability list
The top cybersecurity agency in the U.S. warned that hackers are exploiting three vulnerabilities disclosed by Microsoft on Tuesday.
Bleeping Computer
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
Bleeping Computer
New Reptar CPU flaw impacts Intel desktop and server systems
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.
Ars Technica
Intel fixes high-severity CPU bug that causes “very strange behavior”
Among other things, bug allows code running inside a VM to crash hypervisors.
Bleeping Computer
Windows 11 KB5032190 update enables Moment 4 features for everyone
Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features, provided you turn on the "Get latest updates" toggle.
Bleeping Computer
Windows 10 KB5032189 update released with 11 improvements
Microsoft has released the KB5032189 cumulative update for Windows 10 21H2 and Windows 10 22H2, which contains eleven fixes for various issues.
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
Bleeping Computer
Ethereum feature abused to steal $60 million from 99K victims
Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months.
The Record
Ransomware attack on Ohio city impacts multiple services
Huber Heights, Ohio, said several divisions in the city government — but not Public Safety Services — were affected by the incident.
Cyber Security News
Best Security Solutions for Marketers - 2024
Best security solutions for Marketers: 1. Perimeter 81 2. Surfshark3. Private Internet Access 4. Malwarebytes 5. CyberGhost 6. GoodAccess
Cyber Security News
10 Best Digital Forensic Investigation Tools - 2024
Best Free Digital Forensic Tools: 1. Sleuth Kit (+Autopsy) 2. Forensic Investigator 3.Autopsy 4. Dumpzilla 5. X-Ways Forensics.
Cyber Security News
Top 10 Best Google Alternatives in 2024
Best Google Alternatives: 1. DuckDuckGo 2. Search Encrypt 3. Qwant 4. Startpage 5. Mojeek 6. Bing 7. Gibiru 8. Ask 9. SearX 10. Yahoo!
Cyber Security News
Burp Suite 2023.10.3.4 Released for Professional & Community - What's New!
developers at PortSwigger released a new version of Burp Suite for ethical hackers and security professionals, which is Burp Suite 2023.10.3.4
Cyber Security News
SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT
SideCopy, the Pakistani-based threat actor, has been using the WinRAR vulnerability (CVE-2023-38831) to target Indian government entities.
Infosecurity News
MOVEit Gang Targets SysAid Customers With Zero-Day Attacks
Lace Tempest looks to spread Clop malware to victims
The Record
Clearing the informational fog in Israel and Gaza
The Click Here podcast team reports on wartime technological improvisations: An activist unexpectedly leads an effort to identify the missing and the dead. And an English teacher finds a way to connect mobile phones as infrastructure collapses.
Bleeping Computer
Google ads push malicious CPU-Z app from fake Windows news site
A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.
CyberNews
Be careful what you scan: QR scams increase by 51%
Threat actors are using malicious QR codes to steal valuable data and money. Experts say it’s still difficult to detect and mitigate the threats spread by this method.
Bleeping Computer
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
Latest Hacking News
Microsoft Authenticator Restricts Suspicious MFA Notifications
The Redmond giant has recently announced introducing a new privacy feature to its authenticator app. With this feature, Microsoft Authenticator app now blocks suspicious multi-factor authentication notifications to prevent potential abuse. Microsoft Authenticator App Blocks Suspicious
Cyber Security News
Top 6 Cyber Incident Response Plans - 2024
Top Incident Response Plans : 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons learned.
Ars Technica
Highly invasive backdoor snuck into open source packages targets developers
Packages downloaded thousands of times targeted people working on sensitive projects.
Computerworld
Windows Hello for Business: Passwordless authentication for Windows shops
Microsoft has brought biometric sign-in to Windows 10 business and enterprise users with Windows Hello for Business. Here’s how it works and how to deploy it to your users.
Cyber Security News
4 Zero-Day Bug in Microsoft Exchange Let Attackers Execute Arbitrary Code
Four new zero-day vulnerabilities have been identified in Microsoft Exchange with server-side request forgery and remote code execution.
Bleeping Computer
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices.
The Hacker News
Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors
Iranian-linked Agonizing Serpens APT group using novel wiper malware and tactics to target Israeli education and tech sectors.
Cyber Security News
The Ultimate SaaS Security Admin Guide - 2024
SaaS Security Admin Guide: 1. Encryption 2. Backup and Recovery 3. Data Residency 4. Regular Audits 5. Data Privacy 6. Least Privileges.
The Hacker News
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
StripedFly, a stealthy malware posing as a crypto miner, has infected over a million devices worldwide and has flown under the radar for 5 years.
The Hacker News
Google Play Store Introduces 'Independent Security Review' Badge for Apps
Google's new "Independent security review" badge in the Play Store's Data safety section will help you identify secure Android apps.
-1.webp)
Cyber Security News
Okta Hacked: 5000+ Employees Personal Information Exposed
Recently, security experts of Okta itself have confirmed that nearly 5,000 of its employees were affected by a third-party data breach.
Bleeping Computer
Your end-users are reusing passwords – that’s a big problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. Learn more from Specops Software on how to mitigate the risk of compromised credentials.
Infosecurity News
The People Hacker: AI a Game-Changer in Social Engineering Attacks
Jenny Radcliffe talks to Infosecurity about the changing nature of social engineering scams and the threats posed by AI
Cyber Security News
Cisco Meeting Server Flaw Let Attacker Trigger a DoS Attack
Cisco has warned about a serious security issue in the Web Bridge feature of the Cisco Meeting Server. The flaw (CVE-2023-20255) could let someone who is not authorized attack the system and cause a DoS condition.
Bleeping Computer
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide
Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region.
Bleeping Computer
Microsoft: Windows Copilot makes desktop icons jump between displays
Microsoft says a new known issue is causing desktop icons to behave erratically on systems with multiple displays when using the Windows Copilot AI-powered digital assistant.
Bleeping Computer
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks
F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution.
SecurityWeek
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks
Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East.
Cyber Security News
Kubernetes Security Flaw Let Attackers Escalate to Admin Privileges
A new escalation vulnerability has been discovered in Kubernetes which allows threat actors to gain administrative privileges on affected pods.
The Hacker News
Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East
Iranian threat actor "Scarred Manticore" has launched a year-long cyber espionage campaign targeting the Middle East finance, government, military.
The Hacker News
Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
F5 warns of active exploitation of a critical flaw (CVE-2023-46747) in BIG-IP, enabling attackers to execute system commands.
The Record
Commerce Department promises safeguards to prevent surveillance tech sales abroad
The new policies require staff at the Commerce Department's International Trade Administration to consider human rights concerns when providing export assistance to foreign governments.
Bleeping Computer
Windows 11 23H2 - New features in the Windows 11 2023 Update
This article will explore Windows 11 23H2 features, from dynamic lighting to Windows Copilot upgrades.
DarkReading
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks
The wider availability of turnkey cyberattack kits in the criminal underground is leading to a glut of campaigns using remote access Trojans (RATs).
Bleeping Computer
Microsoft releases Windows 11 23H2 as an enablement package
Microsoft announced today the release of Windows 11, version 23H2, the next feature update for its operating system (also known as the Windows 11 2023 Update).
Infosecurity News
Scarred Manticore Targets Middle East With Advanced Malware
Discovered by Check Point Research (CPR) and Sygnia, the campaign peaked in mid-2023
Bleeping Computer
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices.
The Record
Iranian hackers caught spying on governments and military in Middle East
An Iranian nation-state threat actor is targeting high-profile organizations in the Middle East in an ongoing espionage campaign, according to a new report.
Ars Technica
“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard
By some estimates, 20,000 devices have already been hacked.
Computerworld
Biden lays down the law on AI
The White House today issued a long-awaited executive order that hammers out clear rules and oversight measures to ensure artificial intelligence is kept in check, while also providing paths for it to grow.
Cyber Security News
NGINX ingress Security Flaw Let Attackers Kubernetes API Server Credentials
3 vulnerabilities have been discovered in NGINX ingress controllers which were associated with arbitrary command RCE injection.
The Hacker News
New Webinar: 5 Must-Know Trends Impacting AppSec
Join our expert panel of security veterans Emo Gokay, Multi-Cloud Security Engineer at EY Technologies and George Prichici, VP of products at OPSWAT,
Latest Hacking News
Patches Released For The Actively Exploited Cisco IOS XE Zero-Day Flaws
Days after back-to-back disclosures about actively exploited zero-day vulnerabilities, Cisco has finally patched them with the latest IOS XE software release. Given the severity of the matter and to avoid potential risks, users must rush
Cyber Security News
Lazarus Group Hacked Software Vendor to Steal Source Code, Attack Supply Chain
This year, a software vendor fell victim to Lazarus malware through unpatched software, despite prior warnings and patches.
The Hacker News
ServiceNow Data Exposure: A Wake-Up Call for Companies
ServiceNow exposes sensitive data due to misconfigurations. Learn how this could've jeopardized your business and the steps to ensure your data is sec
SecurityWeek
Whistleblowers: Should CISOs Consider Them a Friend or Foe?
Are whistleblowers a danger to corporate brand image, and an insider threat? Or can they be used to strengthen cybersecurity and compliance?
The Hacker News
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
Three new high-severity security flaws discovered in NGINX Ingress controller for Kubernetes. Hackers can steal secret credentials.
The DFIR Report
Netsupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More
The Record
Russia to launch its own version of VirusTotal due to US snooping fears
The repository, to be called “Multiscanner,” would mimic the Google-owned platform, which allows organizations to share suspected malware.
Bleeping Computer
Windows 11 adds support for 11 file archives, including 7-Zip and RAR
Microsoft says Windows 11 22H2 now natively supports almost a dozen additional archive formats, including RAR, 7-Zip, Tar, and GZ archives.
The Hacker News
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
A wiretapping attempt targeting the jabber[.]ru XMPP-based instant messaging service has been discovered, involving TLS certificates and a #ManiTheMid
Bleeping Computer
The Week in Ransomware - October 27th 2023 - Breaking Records
Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023.
Bleeping Computer
F5 fixes BIG-IP auth bypass allowing remote code execution attacks
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.
Bleeping Computer
Windows 11 KB5031455 preview update enables Moment 4 features by default
Microsoft has released the optional KB5031455 Preview cumulative update for Windows 11 22H2, which enables 72 new Moment 4 features by default and fixes 22 issues.
CSO
Failure to verify OAuth tokens enables account takeover on websites
Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information.
Bleeping Computer
Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues
Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon.exe.
Bleeping Computer
France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
CyberNews
Curve Finance suffers second crypto cyberattack
Stablecoin trader hacked again and is being drained of money by an unknown threat actor, cybersecurity analysts are claiming.
The Record
UK government accused of ‘vandalism’ over abolishing biometrics safeguards
The British government’s plans to remove safeguards around biometrics and public space surveillance were described on Thursday as “shocking” and “tantamount to vandalism” by an outgoing commissioner.
Bleeping Computer
Chilean telecom giant GTD hit by the Rorschach ransomware gang
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services.
Ars Technica
University of Chicago researchers seek to “poison” AI art generators with Nightshade
Altered images could destroy AI model training efforts that scrape art without consent.
CSO
Citrix urges immediate patching of critically vulnerable product lines
NetScaler ADC and NetScaler Gateway have multiple high-severity vulnerabilities that can allow information disclosure and denial of service (DoS) attacks on affected versions.
The Hacker News
The Rise of S3 Ransomware: How to Identify and Combat It
The Rise of S3 Ransomware: How to Identify and Combat It | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
The Hacker News
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Brazil's popular PIX payment system is under attack! Cybercriminals are using a new malware, GoPIX, to target users searching for "WhatsApp web."
The Record
Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says
Hackers believed to be based in Kazakhstan are targeting other members of the Commonwealth of Independent States in a wide-ranging espionage campaign, according to new research.
SecurityWeek
Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant
The number of Cisco devices hacked via recent zero-days remains high, but the attackers have updated their implant.
CyberSecurity Dive
Cisco urges IOS XE customers to patch as thousands of devices remain infected
The company released enhanced guidance after security researchers were temporarily unable to detect exploited devices.
The Hacker News
Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks
Sophisticated Apple iOS attack dubbed Operation Triangulation employed clever techniques to targets victims with a backdoor implant called "TriangleDB
The Hacker News
Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection
Discover how threat actors modified a backdoor on Cisco devices using zero-day flaws in IOS XE software, evading detection with new techniques.
DarkReading
Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices
A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend — but it turns out the malicious implants were just hiding.
Bleeping Computer
Palestine crypto donation scams emerge amid Israel-Hamas war
As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. BleepingComputer has come across several posts on X (formerly Twitter), Telegram and Instagram where scammers list dubious cryptocurrency wallet addresses.
Bleeping Computer
Cisco patches IOS XE zero-days used to hack over 50,000 devices
Cisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week.
CyberNews
New to DeFi? Here’s what you need to know before digging deeper
Defi protocols are helping to bank the unbanked
The Hacker News
Who's Experimenting with AI Tools in Your Organization?
See how you can find out in minutes with Nudge Security. Automate discovery of new AI tools as they are introduced, collect context on how AI tools ar
Cyber Security News
How To Locate Your BitLocker Recovery Key And Initiate BitLocker Recovery
A BitLocker recovery key is a unique 48-character alphanumeric code generated when you enable BitLocker drive encryption on a Windows compuer
CyberNews
Social media is drowning in misinformation on the Israel-Hamas conflict
No slickly edited five-minute video can explain the Israeli-Palestinian conflict with adequate context, professor Mazza says.
The Hacker News
Malvertisers Using Google Ads to Target Users Searching for Popular Software
Beware of fake software ads on Google Search! Hackers use Google Ads to direct users searching for popular software to malicious copycats.
Bleeping Computer
Fake Corsair job offers on LinkedIn push DarkGate malware
A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine.
-1.webp)
Cyber Security News
U.S. Government Releases Popular Phishing Technique Used by Hackers
Phishing is a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security.
The Record
Okta says hackers used stolen credentials to view customer files
Hackers accessed files from customer support cases, exposing the information of an undisclosed number of people.
The Hacker News
Google Play Protect Introduces Real-Time Code-Level Scanning for Android Malware
Google Play Protect now scans apps in real time to detect and block novel malware before you install them.
The Record
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities
Hackers are using a leaked toolkit used to create do-it-yourself versions of the popular LockBit ransomware, making it easy for even amateur cybercriminals to target common vulnerabilities.
Bleeping Computer
Google Play Protect adds real-time scanning to fight Android malware
Google has announced new, real-time scanning features for Google Play Protect that make it harder for malicious apps employing polymorphism to evade detection.
Bleeping Computer
MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
Cyber Security News
Best Unified Network Security Solutions for Small Businesses
Best Unified Network Security Solutions for Small Businesses. 1. Perimeter 81, 2. Snort, 3. OSSEC, 4. Wireshark, 5. Burp Suite, 6. Splunk.
Bleeping Computer
Microsoft disables bad spam rule flagging all sent emails as junk
Microsoft has disabled a bad anti-spam rule flooding Microsoft 365 admins' inboxes with blind carbon copies (BCC) of outbound emails mistakenly flagged as spam.
CSO
Critical Cisco IOS XE vulnerability gives attackers control of devices
Active exploits have been seen in the wild for a major vulnerability affecting Cisco’s router software, the company disclosed this week.
Bleeping Computer
Malicious Notepad++ Google ads evade detection for months
A new Google Search malvertizing campaign targets users looking to download the popular Notepad++ text editor, employing advanced techniques to evade detection and analysis.
Ars Technica
Mazda’s DMCA takedown kills a hobbyist’s smart car API tool
Financial risk too great for dev working "in my spare time to help others."
Bleeping Computer
Fighting off cyberattacks? Make sure user credentials aren’t compromised
Login credential theft presents one of the biggest and most enduring cybersecurity problems. This article by Specops SOftware looks at the motivations driving credential theft and the tactics bad actors are likely to use.
Cyber Security News
Threat Actors Actively Exploiting Cisco IOS XE Zero-day Vulnerability
A new Zero-day vulnerability (CVE-2023-20198) in Cisco IOS XE's Web UI feature that affects devices with exposed HTTP/HTTPS Server functionality.
SecurityWeek
Cisco Devices Hacked via IOS XE Zero-Day Vulnerability
Cisco is warning customers that a new IOS XE zero-day vulnerability tracked as CVE-2023-20198 is being exploited to hack devices.
SecurityWeek
WordPress Websites Hacked via Royal Elementor Plugin Zero-Day
A critical vulnerability in the Royal Elementor WordPress plugin has been exploited as a zero-day since August 30.
Ars Technica
Actively exploited Cisco 0-day with maximum 10 severity gives full network control
An unknown threat actor is exploiting the vulnerability to create admin accounts.
Bleeping Computer
Kansas courts IT systems offline after ‘security incident’
Information systems of state courts across Kansas are still offline after they've been disrupted in what the Kansas judicial branch described last Thursday as a "security incident."
Bleeping Computer
Fake 'RedAlert' rocket alert app for Israel installs Android spyware
Israeli Android users are targeted by a malicious version of the 'RedAlert - Rocket Alerts' app that, while it offers the promised functionality, acts as spyware in the background.
Bleeping Computer
CISA, FBI urge admins to patch Atlassian Confluence immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks.
-1.webp)
Cyber Security News
CISA to Flag Vulnerabilities & Misconfigurations Exploited in Ransomware Attacks
CISA launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 to assist organizations in overcoming this possible blind hole.
The Hacker News
The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)
SaaS Security breaches often stem from misconfigured settings. Learn how 'SaaS Security on Tap' video series tackles the key concepts.
SecurityWeek
Spyware Caught Masquerading as Israeli Rocket Alert Applications
A threat actor targets Israelis with spyware masquerading as an Android application for receiving rocket alerts.
The Record
Kansas courts closed, electronic systems down after alleged ransomware attack
Courts in the city of Topeka are closed to the public on Monday, while the Kansas Supreme Court is exclusively using paper records to operate.
Bleeping Computer
Steam enforces SMS verification to curb malware-ridden updates
Valve has announced implementing additional security measures for developers publishing games on Steam, including SMS-based confirmation codes. This is to deal with a recent outbreak of malicious updates pushing malware from compromised publisher accounts.
Bleeping Computer
Women Political Leaders Summit targeted in RomCom malware phishing
A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in Brussels, a summit focusing on gender equality and women in politics.
Ars Technica
How DDoSers used the HTTP/2 protocol to deliver attacks of unprecedented size
More than 8 years after the adoption of HTTP/2, DDoSers devise rapid reset attack.
Latest Hacking News
Microsoft October Patch Tuesday Fixes 100+ Flaws, Including Zero-Days
With October Patch Tuesday, Microsoft fixed 104 security vulnerabilities across different products, including three zero-day flaws. While Microsoft ensures automatic roll-out of the updates to all eligible devices, users must still check their systems for
The Hacker News
Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration
Kaspersky sheds light on hacking group ToddyCat's latest arsenal of tools. Designed for data theft, their tactics are more advanced than ever.
The Record
Serving startup nation: How Israel's cyber specialists work amid war
Tech and cybersecurity executives who build their businesses in Israel are always aware of the possibility of war.
DarkReading
Brands Beware: X's New Badge System Is a Ripe Cyber-Target
Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.
Infosecurity News
Vulnerability Exposed in WordPress Plugin User Submitted Posts
With over 20,000 active installations, the plugin is used for user-generated content submissions
Bleeping Computer
ToddyCat hackers use 'disposable' malware to target Asian telecoms
A newly discovered campaign dubbed "Stayin' Alive" has been targeting government organizations and telecommunication service providers across Asia since 2021, using a wide variety of "disposable" malware to evade detection.
DarkReading
Backdoor Lurks Behind WordPress Caching Plugin to Hijack Websites
Evasive malware disguised as a caching plugin allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy.
SecurityWeek
Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin
A backdoor malware deployed on a compromised WordPress website poses as a legitimate plugin to hide its presence.
Cyber Security News
New WordPress Malware as Cache Plugin Creates Rogue Admin Account
The malicious file has access to standard WordPress functionality just like other plugins since it operates as a plugin inside of the WordPress environment.
The Hacker News
Researchers Uncover Malware Posing as WordPress Caching Plugin
A new malware disguises as a WordPress caching plugin, secretly creating admin accounts to control your site.
The Hacker News
Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants
Cybersecurity experts uncover an ongoing threat to government and telecom entities in Asia.
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
DarkReading
Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware
A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail.
Bleeping Computer
BianLian extortion group claims recent Air Canada breach
The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance.
Ars Technica
CD-indexing cue files are the core of a serious Linux remote code exploit
Yet another tiny, crucial piece of volunteer software begets a big problem.
DarkReading
Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals
Cisco's $28 billion purchase of Splunk was the biggest story, but there were other big security acquisitions and investments during a richer-than-expected quarter.
Bleeping Computer
Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
The Hacker News
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
Protecting your organization starts with strong passwords. Learn why password reuse is a serious threat and how to combat it effectively.
-1-1.webp)
Cyber Security News
Top 10 Best SaaS Security Tools
Top 10 Best SaaS Security Tools. 1. DoControl, 2. Splunk, 3. Zscaler, 4. Qualys, 5. Proofpoint, 6. Veracode, 7. Okta, 8. Trend Micro.
Cyber Security News
SAP Patches for XSS, Log Injection & Other Vulnerabilities
SAP has released the security patches for the Patch Day of October 2023 in which they have a release of new Security Notes and 2 updates.
DarkReading
Reasonable Valuations Drove Mergers and Acquisition Activity in Q3, 2023
Cisco's $28 billion purchase of Splunk was the biggest story, but other security majors made strategic acquisitions as well in a better-than-expected quarter.
SecurityWeek
Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks
An APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure.
Bleeping Computer
Windows 10 KB5031356 update released with 25 improvements
Microsoft has released the KB5031356 cumulative update for Windows 10 21H2 and Windows 10 22H2, with twenty-five fixes for various issues.