Security Affairs
Experts devised attack technique to extract ChatGPT training data
Researchers devised an attack technique that could have been used to trick ChatGPT into disclosing training data.
Cyber Security News
Google Revealed RETVec to Defend Malicious Emails & Spam for Gmail Users
Researchers at Google recently developed and unveiled a new resilient and efficient text vectorizer dubbed as "RETVec,".
The Hacker News
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.
A mysterious malware called Agent Racoon is infiltrating organizations in the Middle East, Africa, and the U.S.
Bleeping Computer
Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.
The Cyber Wire
Ukraine at D+685: Influence operations in a winter war.
Russian disinformation seeks to reach anglophone audiences, and makes some claims that would be too far-fetched to get past a science-fiction editor.
The Hacker News
Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
DOJ and FBI dismantle Qakbot malware and botnet, but is the threat really gone? Find out the aftermath and mitigation strategies.
The Hacker News
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
Chinese-speaking threat actor targeting Uzbekistan Ministry of Foreign Affairs and South Korean users with dangerous SugarGh0st RAT.
The Hacker News
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
Gcore's customer faced two massive DDoS attacks peaking at 1.1 and 1.6 Tbps. Discover the attacker's strategies and how Gcore defended against them.
The Hacker News
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Zyxel released patches for 15 security issues in NAS, firewall, and AP devices. Includes 3 critical flaws allowing authentication bypass and comman
The Record
Cyber Command, NSA nominee now double-blocked
Air Force Lt. Gen. Timothy Haugh was already subject to a long-running blockade of nominations in the Senate. Now Sen. Ron Wyden is holding it up as leverage to get more information about the NSA's potential connections with the data broker industry.
The Record
EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’
There should be “a European cyber force … equipped with offensive capabilities,” according to the president of the European Council, which sets the EU's political priorities.
The Record
Ukraine appoints new cyber chief following ouster of top officials
The Ukrainian government has appointed Yury Myronenko, a decorated serviceman and air defense commander, as head of one of its main cybersecurity agencies amid a corruption probe.
The Record
60 credit unions facing outages due to ransomware attack on popular tech provider
The ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.
The Record
XDSpy hackers attack military-industrial companies in Russia
A cyberespionage group known as XDSpy recently targeted Russian military-industrial enterprises, according to new research.
Bleeping Computer
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks.
Ars Technica
ChatGPT is one year old. Here’s how it changed the tech world.
Examining 365 days with OpenAI's bot: The good, the bad, the ugly—and the productive?
SecurityWeek
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices
Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks.
Bleeping Computer
Zyxel warns of multiple critical vulnerabilities in NAS devices
Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage (NAS) devices.
Ars Technica
How Huawei made a cutting-edge chip in China and surprised the US
China's flagship smartphone maker pulled off the feat despite sanctions.
Infosecurity News
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool
The new ScrubCrypt obfuscation tool is designed to avoid antivirus protections
The Cyber Wire
Ukraine at D+684: A hacktivist auxiliary is actively recruiting.
NATO conducts its annual cyber exercise against a background of hybrid war, heightened cyber espionage, and increased activity on the part of hacktivist auxiliaries.
Cyber Security News
New Android Malware Employs Various Tactics to Deceive Malware Analyst
cybercriminals employ ever more sophisticated forms of malware, with code obfuscation standing out as a deceptive technique.
SecurityWeek
Hundreds of Malicious Android Apps Target Iranian Mobile Banking Users
Zimperium has identified over 200 information-stealing Android applications targeting mobile banking users in Iran.
HACKRead
Cybercriminals Exploit ActiveMQ Flaw to Spread GoTitan Botnet, PrCtrl Rat
The recently discovered GoTitan botnet is built on the Golang programming language, whereas PrCtrl Rat is a .NET program.
Ars Technica
Report: Apple and Goldman Sachs are breaking up over money-losing Apple Card
Goldman Sachs has lost billions of dollars on its consumer-focused businesses.
Cyber Security News
GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ.
CyberNews
In the age of AI, “authentic” is Merriam-Webster’s word of 2023
Merriam-Webster, a publishing company known for its dictionaries, has chosen “authentic” as its word of the year, highlighting the impact of the rise of AI.
Cyber Security News
Genesis Market Technique: Hackers Exploited Node.js and EV Certificates
Trend Micro Managed XDR team has uncovered a malevolent symphony echoing the tactics employed by the infamous Genesis Market.
CyberSecurity Dive
For financial services firms, a pattern of malicious cyber activity is emerging
The suspected ransomware attack against Fidelity National Financial marks the latest in a series of incidents, leading regulators to take additional enforcement actions.
The Hacker News
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn
A new report reveals an ongoing Android malware campaign targeting Iranian banks with over 200 malicious apps.
The Cyber Express
Play Ransomware Group Lists 17 Victims, 14 US-Based Companies Named
Infamous Play ransomware group has extended its list of victims by adding 17 new names of companies based in the
Computerworld
How to go incognito in Chrome, Edge, Firefox, and Safari
While incognito mode in any of the big four web browsers offers a measure of privacy, it doesn’t completely hide your tracks online. Here’s how the feature works in each browser, and how to use it.
The Hacker News
DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software
Beware of Xaro! This DJVU ransomware variant spreads through cracked software, endangering users who download from untrusted sources.
The Hacker News
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
🚨 Apache ActiveMQ's CVE-2023-46604 vulnerability is under active exploitation by threat actors, leading to the distribution of a new Go-based botnet
Bleeping Computer
Microsoft shares temp fix for Outlook crashes when sending emails
Today, Microsoft shared a temporary fix for a known issue causing Outlook Desktop to crash when sending emails from Outlook.com accounts.
The Cyber Wire
Ukraine at D+682: OSINT on morale, and a coming hacktivist shakeup.
Storms impede ground operations. Smartphones as intelligence sources (and as a security problem). Notes on hacktivist auxiliaries, both Russian and Ukrainian.
Bleeping Computer
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
CyberNews
Meta's paid ad-free service targeted in Austrian privacy complaint
Meta’ paid no-ads subscription service launched in Europe this month faces a test as advocacy group NOYB on Tuesday filed a complaint with an Austrian regulator.
CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
The Record
High-profile ransomware gang suspects arrested in Ukraine
The international operation, centered on Kyiv, essentially neutralized a group known for deploying variants of LockerGoga, MegaCortex, Hive and Dharma ransomware, authorities said.
The Hacker News
How to Handle Retail SaaS Security on Cyber Monday
Cyber Monday Alert: $13.7 billion in spending today! Retailers, safeguard your SaaS apps to protect customer data.
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
CyberNews
Japan's top messaging app gets hacked
Line app has informed users about unauthorized access to its systems, which resulted in hundreds of thousands of user, business partner, and employee records being leaked.
-1.webp)
Cyber Security News
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive
SysJoker malware, a multi-platform backdoor with several variants for Windows, Linux, and Mac, has been observed being used by a Hamas-affiliated APT to target Israel. This malware was first identified by Intezer in 2021 and was recently used in targeted attacks. Checkpoint researchers disclosed the malware’s growth, variations in the intricacy of its execution flow, and […]
-1.webp)
Cyber Security News
Loader Malware Steal Sensitive System Data & Installs Other Malware
Loader malware emerges as a silent force, discreetly breaching unsuspecting systems and setting the stage for more sophisticated onslaughts.
SecurityWeek
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons
The U.S. military is increasing use of artificial intelligence (AI) technology that will fundamentally alter the nature of war.
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Cyber Security News
PolarDNS - A Free DNS Server For Vulnerability Research & Pentesting
Oryxlabs recently launched a free DNS server that is written in Python 3.x for vulnerability research and pentesting, dubbed as "PolarDNS."
-1.webp)
Cyber Security News
Hackers Using Malicious Browser Extensions to Steal Facebook Business Accounts
Ducktail is a specifically designed information stealer that can have severe consequences, such as privacy breaches and identity theft.
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
The Hacker News
Tell Me Your Secrets Without Telling Me Your Secrets
GitGuardian launches "HasMySecretLeaked" service to help developers check if their sensitive information has been exposed on GitHub.
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
Security Affairs
North Korea-linked Konni APT uses Russian-language documents
North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware .............
Security Affairs
ClearFake campaign spreads macOS AMOS information stealer
Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of ClearFake campaign.
Infosecurity News
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
The Hacker News
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
New Malware Alert: WailingCrab, a sophisticated loader, is spreading via shipping-themed email messages.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
Infosecurity News
University of Manchester CISO Speaks Out on Summer Cyber-Attack
University of Manchester CISO Heather Lowrie shared how the institution tackled a major data breach earlier in 2023
The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
Infosecurity News
North Korea Blamed For CyberLink Supply Chain Attacks
Legitimate app installer modified with malicious code
The Hacker News
North Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
North Korean hackers, aka Diamond Sleet, spread a trojanized version of CyberLink's legit app.
CyberNews
FEAM Aero reportedly hit by ransomware
Feam Aero, the global aircraft maintenance and technical services company, has been claimed by the LockBit ransomware gang.
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Security Affairs
New InfectedSlurs Mirai-based botnet exploits two zero-days
Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices.
DarkReading
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Ars Technica
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet
Internet scans show 7,000 devices may be vulnerable. The true number could be higher.
Bleeping Computer
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
Bleeping Computer
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
SecurityWeek
Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets
Researchers say public exposure of Kubernetes configuration secrets should be considered a “ticking supply chain attack bomb.”
CSO
9 in 10 organizations have embraced zero-trust security globally
Nearly all of them still have a long way to go according to a new Cisco report.
Infosecurity News
Why Ensuring Supply Chain Security in the Space Sector is Critical
Cybersecurity challenges facing the space sector are unique and securing the supply chain is a high priority
CyberNews
Thousands of exposed gas pumps invite cyberwarriors
Gas station pump controllers could become vital targets in a cyber war.
Cyber Security News
Hackers Exploiting 0-day RCE Flaws in the Wild to Deploy Mirai Malware
The Mirai botnet is a malicious network of infected computers, routers, and IoT devices harnessed by cybercriminals to launch large-scale DDoS attacks.
Infosecurity News
Europol Launches OSINT Taskforce to Hunt For Russian War Crimes
New unit will scour the internet for evidence
The Hacker News
ClearFake Campaign Expands to Deliver Atomic Stealer on Mac Systems
macOS users beware! Atomic Stealer, a $1,000/month malware, is now spreading through deceptive web browser updates via ClearFake.
Ars Technica
USB worm unleashed by Russian state hackers spreads worldwide
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Infosecurity News
India Faces Surge in IM App Attacks With Trojan Campaigns
Microsoft highlighted a shift in tactics, with attackers directly sharing malicious APK files
Infosecurity News
Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities
Fortinet researchers have detected a malicious Word document displaying Russian text
Bleeping Computer
DarkGate and Pikabot malware emerge as Qakbot’s successors
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled.
SecurityWeek
LLM Security Startup Lasso Emerges From Stealth Mode
Lasso Security raises $6 million in seed funding to tackle cyber threats to secure generative AI and large language model algorithms.
Bleeping Computer
Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN
Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th.
The Hacker News
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
New variant of Agent Tesla malware identified. It's a keylogger and remote access trojan (RAT) offered as part of a malware-as-a-service (MaaS) model.
The Hacker News
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are getting smarter! Cybercriminals are now using QR codes, CAPTCHAs, and steganography to trick victims. Learn how to stay safe.
The Hacker News
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and persona
The Hacker News
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
China-linked Mustang Panda cyber actor targets Philippines government entity amid South China Sea tensions.
CyberNews
Ukraine’s top two cybersecurity officials axed amid embezzlement probe
Two heads of Ukraine’s national cybersecurity agency were fired Monday amid accusations of participating in an embezzlement scheme involving millions in state funds.
Bleeping Computer
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group.
DarkReading
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
Bleeping Computer
VX-Underground malware collective framed by Phobos ransomware
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.
CyberNews
British Library ransom attack claimed, data leak confirmed
The British Library confirms data has been leaked as it struggles to recover from a November 6 ransomware attack claimed by the e Rhysida ransom gang.
The Hacker News
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
Education, government, and businesses are under attack by NetSupport RAT, a dangerous remote access trojan.
SecurityWeek
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations.
The Hacker News
Product Walkthrough: Silverfort's Unified Identity Protection Platform
Silverfort's Unified Identity Protection Platform: A game-changer in cybersecurity. Discover how it protects organizations from identity-based attacks
Bleeping Computer
Lumma Stealer malware now uses trigonometry to evade detection
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
.webp)
Cyber Security News
LitterDrifter Powershell Worm Rapidly Spreads on USB Drives by Itself
Gamaredon (aka Primitive Bear, ACTINIUM, and Shuckworm), stands out in Russian espionage by exclusively targeting Ukrainian entities.
SecurityWeek
Russia's LitterDrifter USB Worm Spreads Beyond Ukraine
Russian Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries.
Security Affairs
DarkCasino joins the list of APT groups exploiting WinRAR 0day
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831.
The Hacker News
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
Indian Hack-for-Hire Group targeted U.S., China, Pakistan, and more for over a decade.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
Security Affairs
Security Affairs newsletter Round 446 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Ars Technica
The FCC says new rules will curb SIM swapping. I’m pessimistic
SIM swaps and port-out scams are a fact of life. New rules aren't likely to change that.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
Computerworld
Critical zero-day flaws in Windows, Office mean it's time to patch
Microsoft's Patch Tuesday release for November delivers 63 updates, with three zero-day flaws affecting Windows and Office. That makes quick patching a must.
SecurityWeek
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools
Bug hunters uncover over a dozen exploitable vulnerabilities in tools used to build chatbots and other types of AI/ML models.
Bleeping Computer
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
SecurityWeek
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks.
SecurityWeek
Key GOP Lawmaker Calls for Renewal of Surveillance Tool as He Proposes Changes to Protect Privacy
A Key GOP lawmaker has called for the renewal of surveillance tool as he proposes changes to protect privacy
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
Security Affairs
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
US CISA added 3 vulnerabilities (tracked as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities catalog.
Infosecurity News
Royal Mail to Spend £10m on Ransomware Remediation
Postal service was breached in January 2023
Security Affairs
A critical OS command injection flaw affects Fortinet FortiSIEM
Fortinet warns of a critical OS command injection flaw in FortiSIEM report server that could be exploited to execute arbitrary commands
Cyber Security News
FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands
Cybersecurity researchers identified a FortiSIEM injection flaw that lets execute malicious commands & tracked as "CVE-2023-36553."
The Hacker News
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.
Bleeping Computer
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet
MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.
Latest Hacking News
Microsoft Patch Tuesday November Fixes 63 Flaws, Including 5 Zero-Days
This week marked the Redmond giant Microsoft’s monthly security updates for its products. With Patch Tuesday November, Microsoft addressed fewer vulnerabilities – over 60 only, including five zero-day flaws. Five Zero-Days Patched With Latest Microsoft Updates Microsoft
Bleeping Computer
Fortinet warns of critical command injection bug in FortiSIEM
Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.
The Hacker News
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks
Novel attack methods targeting Google Workspace & Cloud Platform could enable ransomware and data breaches.
CyberNews
Hive reborn: new ransomware group emerges from the ashes
Hive lost its aura in January 2023, when the FBI and other law enforcement agencies in Germany penetrated Hive’s computer network.
Cyber Security News
Wireshark 4.2.0 Released - What’s New!
Wireshark is a popular open-source network protocol analyzer that is primarily used by security experts and network administrators.
Cyber Security News
CacheWarp : A New Flaw in AMD's SEV Let Attackers Hijack Encrypted Virtual Machines
CacheWarp, is a new software-based fault attack that allows attackers to gain access to encrypted virtual machines (VMs).
Security Affairs
FBI and CISA warn of attacks by Rhysida ransomware gang
The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors.
The Hacker News
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.
Cyber Security News
OracleIV: Dockerized Botnet Launches DDoS Attack Against Docker Engine
Hackers use networks of compromised computers (botnets) to generate massive traffic, disrupting the target's normal functioning by overloading its resources. The goal is to make a website or online service inaccessible to legitimate users.
CyberNews
FAA clears Musk's SpaceX for Starship rocket lift off
The US Federal Aviation Administration (FAA) grants Elon’s Musk’s SpaceX a license to launch 2nd test flight of its Starship and “Super Heavy” lift rocket.
CSO
Top cybersecurity product news of the week
New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Noname Security, and more.
The Record
MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC
Ransomware group AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission (SEC) for not informing the regulator of a cyberattack.
The Record
Customs and Border Protection acquired ‘huge amount of surveillance power’
LexisNexis Risk Solutions provided CBP with capabilities such as collecting geolocation data, monitoring social media accounts and tracking cell phone call histories for non-U.S. and U.S. residents alike, according to documents obtained by an advocacy group.
Ars Technica
Microsoft launches custom chips to accelerate its plans for AI domination
Amid GPU shortages, Microsoft reaches for custom silicon to run its AI language models.
SecurityWeek
Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI
Microsoft provided guidance on an Azure CLI bug leading to the exposure of sensitive information through GitHub Actions logs.
SecurityWeek
CISA Outlines AI-Related Cybersecurity Efforts
CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI.
SecurityWeek
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
The rise of AI-powered disinformation presents an immense challenge to society’s ability to discern fact from fiction.
Cyber Security News
Hackers Deliver Weaponized LNK Files Through Legitimate Websites
Hackers may exploit LNK files to deliver malicious payloads by disguising them as legitimate shortcuts, and execution of malicious code.
The Record
UK National Cyber Force operations to become ‘more embedded’ with policing
The elite U.K. hacking unit eventually will be more integrated into police operations, alongside military and intelligence ones, according to Gen. Sir Jim Hockenhull, the chief of Strategic Command.
Bleeping Computer
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
DarkReading
Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation
Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.
Bleeping Computer
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.
Bleeping Computer
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities.
Bleeping Computer
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs
Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface).
Cyber Security News
8 New Metasploit Exploit Modules Released Targeting Critical Vulnerabilities
Metasploit is an open-source penetration testing framework created by Rapid7 that enables security professionals to simulate attacks against computer systems, networks, and applications.
.jpg)
DarkReading
Royal Ransom Demands Exceed $275M, Rebrand in Offing
The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.
SecurityWeek
MySQL Servers, Docker Hosts Infected With DDoS Malware
Researchers warn attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed DDoS attacks.
CyberNews
‘Denial of pleasure’ attack: FlipperZero targets adult toys
Researchers find that Flipper Zero can connect and control adult toys remotely by making them vibrate or stop working via a Bluetooth Low-Energy (BLE) broadcast.
CyberNews
Pro-Hamas cybergang develops complex infection tactics with new downloader
A threat actor targeting West Asian governments now uses a labyrinthine infection chain based on delivering a new initial access downloader dubbed IronWind
SecurityWeek
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal (AKA Weld Pond) founder and CTO of Veracode and member of the hacker collective L0pht Heavy Industries.
The Hacker News
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Publicly-accessible Docker Engine API instances are under attack! Threat actors aim to create a DDoS botnet called OracleIV.
Infosecurity News
Pro-Palestine APT Group Uses Novel Downloader in New Campaign
TA402 launches new targeted phishing campaigns
The Hacker News
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
Vietnamese hackers behind Ducktail malware launch a new campaign targeting Indian marketing pros.
The Record
NY governor wants new cybersecurity rules for hospitals after multiple attacks
Gov. Kathy Hochul says the proposed regulations "set forth a nation-leading blueprint" for protecting hospital networks.
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
DarkReading
Ducktail Malware Targets the Fashion Industry
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
Bleeping Computer
DP World cyberattack blocks thousands of containers in ports
A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports.
Security Affairs
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
US CISA added four vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog.
Infosecurity News
Python Malware Poses DDoS Threat Via Docker API Misconfiguration
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks
Bleeping Computer
Criminal IP & Cisco SecureX/XDR: Enhanced Cyber Threat Analysis
The Criminal IP threat intelligence search engine by AI SPERA has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors. Learn more about this integration from Criminal IP in this article.
Cyber Security News
BiBi Wiper Attacking Windows Machine to Cause Data Destruction
The ongoing conflict between Israel and Hamas has taken a new turn as cyberattacks have become a prominent weapon for both sides.
The Hacker News
New Ransomware Group Emerges with Hive's Source Code and Infrastructure
A new ransomware group, Hunters International, has taken over the reins from Hive, acquiring its source code and infrastructure.
The Hacker News
Top 5 Marketing Tech SaaS Security Challenges
Don't leave your marketing data exposed. Discover the top challenges in securing SaaS applications used by marketing teams.
The Hacker News
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations
Chinese nation-state hackers are targeting 24 Cambodian government organizations in a long-term espionage campaign.
CyberSecurity Dive
4 data-driven priorities for security leaders in 2024
According to a new report, security teams are struggling amid relentless cyberattacks and limited resources. What can leaders do to set their teams up for a more stable 2024?
Bleeping Computer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Cyber Security News
10 Best Digital Forensic Investigation Tools - 2024
Best Free Digital Forensic Tools: 1. Sleuth Kit (+Autopsy) 2. Forensic Investigator 3.Autopsy 4. Dumpzilla 5. X-Ways Forensics.
Cyber Security News
Batloader: A Batch File That Delivers Several Different Types of Malware
One of the common methods used for delivering the ransomware, RATs, and Cryptojackers was the use of a batloader.
Bleeping Computer
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know
Ransomware attacks are rapidly becoming the weapon of choice, making up over half of all attacks in the healthcare industry. Learn more from Specops Software on securing your organization from these attacks.
Cyber Security News
Watch Out For Malicious Python Packages That Can Hijack Your Computer
Attackers have been observed spreading malicious Python packages disguised as legitimate obfuscation tools that contain malicious code.
The Hacker News
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
Iranian hacker group Imperial Kitten launches cyberattacks on transportation, logistics, and tech sectors, including Israel.
The Hacker News
Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan
Urdu-speaking readers in Gilgit-Baltistan, beware! A WATERING HOLE ATTACK using Kamran spyware has been uncovered by ESET
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
The Record
Clearing the informational fog in Israel and Gaza
The Click Here podcast team reports on wartime technological improvisations: An activist unexpectedly leads an effort to identify the missing and the dead. And an English teacher finds a way to connect mobile phones as infrastructure collapses.
DarkReading
'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines
Checkmarx researchers warn that BlazeStealer can exfiltrate information, steal passwords, disable PCs, and take over webcams.
CyberScoop
Cyber ops linked to Israel-Hamas conflict largely improvised, researchers say
Microsoft and Mandiant researchers believe Iranian hackers were not prepared for the initial Hamas attack.
Bleeping Computer
Microsoft shares temp fix for broken Windows Server 2022 VMs
Microsoft publicly acknowledged a known issue causing Windows Server 2022 virtual machine (VM) blue screens and boot failures on VMware ESXi hosts.
Infosecurity News
New Kamran Spyware Targets Urdu-Speaking Users in Pakistan
ESET said the attack affects Android users accessing the Urdu version of the Hunza News website
Infosecurity News
Iran-Affiliated Group Targets Israeli Firms Amid Israel-Hamas Conflict
CrowdStrike attributes recent attacks on the Israeli transportation, logistics, and technology sectors to Iran-affiliated group Imperial Kitten
Bleeping Computer
Russian hackers switch to LOTL technique to cause power outage
Russian state hackers have evolved their methods for breaching industrial control systems by adopting living-off-the-land techniques that enable reaching the final stage of the attack quicker and with less resources
The Hacker News
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
MuddyWater expands its cyber arsenal with MuddyC2Go, a new C2 framework used in sophisticated attacks targeting Israel.
Cyber Security News
Google Calendar RAT Abusing Calendar Events to Create Red Teaming Infrastructure
Google Calendar RAT is a proof of concept for Command & Control . It's useful when setting up a full red teaming infrastructure.
The Record
NATO allies express support for collective response to cyberattacks
NATO delegates gathered on Thursday for the alliance’s first annual Cyber Defence Conference, marking a growing acceptance among allies that new methods are needed to tackle cyberattacks beyond resilience.
The Record
Iranian Charming Kitten hackers targeted Israeli organizations in October
The Iranian hacking group targeted organizations in Israel’s transportation, logistics and technology sectors amid an uptick in Iranian cyber activity since the start of Israel’s war with Hamas.
DarkReading
Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant
The attacks are another manifestation of the concerning rise in information stealers for harvesting data and enabling persistent access to enterprise networks.
CSO
Generative AI to fuel stronger phishing campaigns, information operations at scale in 2024
Google Cloud forecasts continued use of gen AI to create smarter campaigns while cybersecurity pros will use the same tools to defend and close the skills gap.
Ars Technica
Highly invasive backdoor snuck into open source packages targets developers
Packages downloaded thousands of times targeted people working on sensitive projects.
Bleeping Computer
FBI: Ransomware gangs hack casinos via 3rd party gaming vendors
The Federal Bureau of Investigation is warning that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network.
Infosecurity News
FBI Warns of Emerging Ransomware Initial Access Techniques
The FBI notification advises how to protect against the growing targeting of third-party vendors and services
CyberNews
Black Friday warning as ‘grinch bots’ target retailers
Advanced bargain-stealing bots make up more than half of automated retail traffic, says cybersecurity analyst Imperva.
CyberNews
Despite pledges not to pay, ransoms are here to stay
Cybernews asked more than 30 experts from various fields if they’d be willing to pay a ransom in the event of a cybersecurity breach.
CSO
NetRise releases Trace solution with AI-powered semantic search aimed at protecting firmware
The platform analyzes XIoT firmware using large language model capabilities to follow compromised or vulnerable assets back to their source.
Bleeping Computer
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
DarkReading
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
CSO
Eclypsium launches supply chain security guide to track risks and incidents
The guide offers supply chain risk intelligence for IT infrastructure including endpoints, servers, network devices, and cloud infrastructure products.
Cyber Security News
RedLine Malware Steals Sensitive Data and Installs More Malware
Researchers from Any Run saw again its active activity intended to develop to steal, cause financial loss, and data, targeting both enterprise and personal devices.
Infosecurity News
GootBot Implant Heightens Risk of Post-Infection Ransomware
IBM found Gootloader group opting for GootBot over off-the-shelf tools for lateral movement
Cyber Security News
New Millenium RAT Sold on GitHub Attacking Windows Systems
Millenium-RAT, a sophisticated Remote Access Tool (RAT) for Windows systems, is now available for purchase on GitHub.
Infosecurity News
New BlueNoroff Malware Variant Targets Cryptocurrency Exchanges
Jamf Threat Labs found a Mach-O universal binary communicating with an identified malicious domain