Security Affairs
Google fixes seventh actively exploited Chrome zero-day this year
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
Security Affairs
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
Latest Hacking News
Researchers caught numerous security vulnerabilities riddling Cinterion cellular modems, exploiting which would threaten millions of devices. Since no active patches currently exist for the flaws, the researchers recommend applying the suggested mitigations to prevent potential
SecurityWeek
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Cyber Security News
Google has released update for its Chrome to patch a high-severity vulnerability that is being actively exploited by attackers in the wild.
The Hacker News
Google fixes critical zero-day vulnerability in Chrome. CVE-2024-4947, a type confusion bug in the V8 JavaScript engine, has been actively exploited b
SC Magazine
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
The Cyber Express
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and
The Cyber Express
Microsoft patched a zero-day vulnerability exploited by attackers to distribute QakBot and other malware payloads on susceptible Windows systems. Identified
The Cyber Express
Cyble Research and Intelligence Labs (CRIL) researchers have uncovered a new SideCopy campaign. The threat actor group has previously been
The Hacker News
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
SC Magazine
In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.
DarkReading
CVE-2024-30051 is the most concerning out of this month's Patch Tuesday offerings, and is already under active exploit by several QakBot actors.
SecurityWeek
Microsoft patched 60 security bugs in multiple products and waned of an actively exploited Windows zero-day (CVE-2024-30051)
Bleeping Computer
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Bleeping Computer
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
HACKRead
The Israel-Hamas conflict has fueled a wave of hacktivism activity, with groups like SiegedSec launching attacks and leaking sensitive information.
Cyber Security News
Few Critical vulnerabilities have been discovered in Cinterion Cellular modems that could allow an unauthorized remote attacker to execute
The Cyber Express
Millions of Internet of Things (IoT) devices present across the industrial, healthcare, automotive, financial, and telecommunication sectors are at significant
Krebs on Security
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS…
HACKRead
Kaspersky researchers have identified multiple security vulnerabilities in Cinterion cellular modems, which could be exploited by threat actors.
Infosecurity News
The flaws include CVE-2023-47610, a security weakness within the modem’s SUPL message handlers
SecurityWeek
A critical vulnerability in the Cinterion cellular modems can be exploited for remote code execution via SMS messages.
The Hacker News
Kaspersky researchers have uncovered multiple security flaws in Cinterion cellular modems that could put your communication networks and IoT devices a
The Hacker News
Black Basta ransomware-as-a-service (RaaS) operation has targeted over 500 private industry and critical infrastructure entities in North America, Eur
SC Magazine
Security pros say critical flaws in cellular these modems could cut across the industrial, healthcare, automotive, financial, and telecom sectors.
DarkReading
Researchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in widely deployed Telit Cinterion modems.
The Hacker News
North Korean hackers have unleashed a new Golang malware called "Durian" in targeted attacks against South Korean crypto firms.
SecurityWeek
European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom support portal.
The Hacker News
Fake Android apps mimicking popular platforms like Google & WhatsApp are stealing user data.
Bleeping Computer
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS.
Bleeping Computer
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS.
DarkReading
Researchers recently spotted the Spanish-speaking threat actor —with nearly 400 previous victims under its belt — in a new campaign in Latin America and Central Africa.
Infosecurity News
Afghanistan, Turkmenistan and Tajikistan victims experienced the highest share of banking Trojans
Infosecurity News
The award recognises Khan's outstanding contributions to the field and his role in shaping the cybersecurity industry
The Cyber Express
Passwords remain the most common instrument in securing our digital lives, yet they still serve as the basis of targeted
DarkReading
A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. Cyber defenders must keep pace.
CyberNews
The FCC is moving to prevent Huawei, ZTE, and other Chinese telecom companies, deemed a threat to US national security, from certifying wireless equipment.
SecurityWeek
Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.
Cyber Security News
The XZ cyber incident is a textbook example of how sophisticated social engineering tactics can lead to significant security breaches.
DarkReading
Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.
SC Magazine
The stealthy threat group is particularly focused on exfiltrating data from Asia-Pacific government and defense organizations.
Cyber Security News
Hackers abuse Windows Print Spooler vulnerabilities because it runs with elevated SYSTEM privileges which allows privilege escalation.
The Hacker News
The U.S. is cracking down on individuals involved in the development and sale of commercial spyware.
The Record
A hacking operation labeled ToddyCat continues to steal data primarily from governmental targets in the region, researchers say.
DarkReading
The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.
Ars Technica
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.
Infosecurity News
The scheme was uncovered by Kaspersky and has been operational since November 2023
The Hacker News
Kaspersky has uncovered a concerning threat actor, ToddyCat, targeting government and military entities.
Security Affairs
Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote.
The Hacker News
A new threat, 'DuneQuixote', targets Middle East governments with sophisticated evasion tactics.
The Hacker News
New Android malware "SoumniBot" targets users in South Korea by exploiting unique evasion tactics. Find out how it slips through security cracks.
Bleeping Computer
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure.
Cyber Security News
The cybersecurity community is sounding the alarm about the growing risk of a "mobile NotPetya" event - a self-propagating mobile malware.
The Hacker News
Hackers are exploiting a critical vulnerability in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.
Security Affairs
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy
DarkReading
Researchers discovered the new variant after responding to a critical incident targeting an organization in West Africa.
Cyber Security News
Hackers leverage the LockBit 3.0 ransomware due to its sophisticated encryption functionalities which enables them to successfully encrypt
Infosecurity News
Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords
The Hacker News
A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy.
The Hacker News
Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.
Infosecurity News
Distribution vectors of the Raspberry Robin worm now include Windows Script Files (WSF) alongside other methods like USB drives
The Hacker News
Researchers uncover a fresh wave of the Raspberry Robin campaign spreading malware through malicious Windows Script Files (WSFs) since March 2024.
HACKRead
The Russian language fan club forum for the cybersecurity giant Kaspersky has experienced a data breach by RGB hacking group.
SecurityWeek
An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans.
Infosecurity News
Kaspersky said cybercriminals harvested 50.9 login credentials per infected device in 2023
Security Affairs
Linux variant of DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn
Bleeping Computer
Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022.
SecurityWeek
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
The Hacker News
Linux users, beware. A nasty piece of malware named DinodasRAT is on the loose, targeting China, Taiwan, Turkey, and Uzbekistan.
Infosecurity News
Kaspersky's findings revealed phishing pages posing as vendors, enticing users with discounts
SecurityWeek
Google’s post-quantum cryptography threat model, keyboard typing sounds can expose data, DHS publishes AI roadmap.
DarkReading
INTERPOL assisted in the operation where analysts identified Grandoreiro group members by analyzing and matching malware samples.
Cyber Security News
With our weekly cybersecurity news summary, explore and learn about the most recent developments in the cybersecurity field.
CyberNews
Internet of Things (IoT) products, if they meet “robust cybersecurity standards,” now may qualify for a voluntary label under the US Cyber Trust Mark program
The Hacker News
Chinese users searching for Notepad++ & VNote on engines like Baidu face malicious ads leading to fake versions with trojans.
Cyber Security News
Threat actors target Notepad++ as it is a widely used text editor among developers and users, offering a large potential victim pool.
HACKRead
ChatGPT plugins are designed to enhance the chatbot's capabilities by enabling it to interact with external services across various domains.
Infosecurity News
Kaspersky said access control weaknesses and failures in data protection accounted for 70% of all flaws
The Cyber Express
With human error responsible for almost two-thirds of cyber incidents in the last two years, over 50% of current cybersecurity
SecurityWeek
Noteworthy stories that might have slipped under the radar: Google AI bug bounties, font vulnerabilities, IBM opens new training facility.
Cyber Security News
Best Network Security Solutions for Enterprise: 1. Perimeter81 2. Cisco Systems 3. Palo Alto Networks 4. Fortinet 5. Sophos 6. McAfee.
The Hacker News
Threat actors leverage QEMU emulator for network tunneling, bypassing traditional defenses in a sophisticated cyber attack. Kaspersky highlights the n
CyberNews
Russian cybersecurity firms have allegedly designated a US government offensive cyber group with its very own codename, Sand Eagle.
HACKRead
Over 225,000 infostealer logs containing compromised ChatGPT credentials were detected between January-October 2023.
The Hacker News
A sophisticated Android app named XHelper is being used by criminals to manage money-laundering activities in India.
The Cyber Express
According to the findings from a recent Kaspersky study revealed at Cybersecurity Weekend, 41% of companies worldwide are facing a
DarkReading
Convincing phishing emails, synthetic identities, and deepfakes all have been spotted in cyberattacks on the continent.
Infosecurity News
Kaspersky reported a 231% surge in compromised accounts from 4.7 million in 2021 to 15.5 million in 2023
Krebs on Security
Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and…
The Cyber Express
A newcomer to the underground forum "Crackingx" under the username "10cker" caused a stir by offering the source code of
Infosecurity News
Kaspersky said that in 2023, the number of mobile attacks soared to nearly 33.8 million
The Hacker News
Cybersecurity experts uncover a surge in phishing attacks using Google Cloud Run to distribute banking malware across LATAM and Europe.
DarkReading
Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.
Infosecurity News
Kaspersky explained the fraudulent emails prompted recipients to enable two-factor authentication
SC Magazine
The fileless, self-modifying, worm-like network traversal tool automatically searches for SSH keys.
Infosecurity News
Kaspersky’s recent report said the shortage is particularly acute in Europe, Russia and Latin America
Trend Micro
In this blog entry, we focus on Earth Preta's campaign that employed a variant of the DOPLUGS malware to target Asian countries.
Cyber Security News
Cybersecurity analysts at Kaspersky Labs recently discovered Coyote malware that leverages the NodeJS to attack users of more than 60 banks.
The Hacker News
New banking trojan Coyote targets 61 Brazilian banks. It uses Nim and Node.js for evasion and the Squirrel installer framework for distribution.
DarkReading
Brazil, the world's center for banking Trojan malware, has produced one of its most advanced tools yet. And as history shows, Coyote may soon expand its territory.
Loading more articles....