Custom search

Google Chrome Zero-day Vulnerability (CVE-2024-4947) Actively Exploited in The Wild

Google has released update for its Chrome to patch a high-severity vulnerability that is being actively exploited by attackers in the wild.

The Hacker News

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

Google fixes critical zero-day vulnerability in Chrome. CVE-2024-4947, a type confusion bug in the V8 JavaScript engine, has been actively exploited b

SC Magazine

Google patches 3rd Chrome browser zero-day inside of a week

Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.

Bleeping Computer

Google patches third exploited Chrome zero-day in a week

Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.

Bleeping Computer

Google fixes third actively exploited Chrome zero-day in a week

Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.

Cyber Security News

5 Common Phishing Vectors and Examples - 2024

Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments.

Ars Technica

SSH backdoor has infected 400,000 Linux servers over 15 years and keeps on spreading

Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.

SecurityWeek

400,000 Linux Servers Hit by Ebury Botnet

The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.

The Hacker News

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

Ebury malware botnet has compromised an estimated 400,000 servers since 2009. Learn how to protect your systems from this advanced threat.

Cyber Security News

10 Best Network Security Providers for Healthcare Industry in 2024

Best Network Security Providers for the Healthcare Industry - 1. Perimeter 81, 2. Palo Alto Networks, 3. Fortinet, 4. Cisco, 5. Trend Micro

The Cyber Express

Chrome Vulnerability Alert: Google’s Rapid Response to 6th Zero-Day Exploit

A new Google Chrome vulnerability has been uncovered and exploited, marking the sixth zero-day incident in 2024 alone. In response,

The Hacker News

Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days

Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.

Bleeping Computer

VMware makes Workstation Pro and Fusion Pro free for personal use

VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost.

Bleeping Computer

Test your network like a hacker with $1,000 off this course bundle

Ethical hacking gets deep into your networks to find problems before criminals can exploit them. For a limited time start learning how with these 18 cybersecurity courses for $39.97, $1058 off the $1098 MSRP.

Infosecurity News

Ebury Botnet Operators Diversify with Financial and Crypto Theft

The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain

Bleeping Computer

Ebury botnet malware infected 400,000 Linux servers since 2009

A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.

The Hacker News

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

Google has released emergency fixes for a new zero-day vulnerability (CVE-2024-4761) that has been actively exploited in the wild.

Cyber Security News

400k Linux Servers Hacked to Mine Cryptocurrency

The botnet, operated by the threat group behind the Ebury malware, has been active since at least 2009 but has evolved over the past decade.

Security Affairs

Google fixes sixth actively exploited Chrome zero-day this year

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability.

Cyber Security News

Chrome Zero-day Vulnerability Exploited in the Wild, Patch Now!

Google has released an urgent security update for the Chrome browser to address a high-severity vulnerability that is being actively exploited in the wild.

Bleeping Computer

Google Chrome emergency update fixes 6th zero-day exploited in 2024

Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.

Latest Hacking News

Google Admits Active Exploitation For Chrome Browser Zero-Day

Chrome users must ensure that their devices are updated with the latest browser release. Google addressed an actively exploited zero-day flaw with the latest build, which applies to all Chrome users with various devices. The

SC Magazine

Google patches 6th Chrome zero-day of 2024, three days after last one

Security pros say the industry can expect to see this bug exploited soon, so patch, monitor and conduct other measures, like browser isolation and sandboxing.

Bleeping Computer

PyPi package backdoors Macs using the Sliver pen-testing suite

A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.

Bleeping Computer

INC ransomware source code selling on hacking forums for $300,000

A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023.

Cyber Security News

Nmap 7.95 Released - What’s New!

The latest version of Nmap, the renowned network exploration tool and security scanner, 7.95, has been officially released. It brings many performance improvements, new features, and bug fixes.

SecurityWeek

$2.5 Million Offered at Upcoming 'Matrix Cup' Chinese Hacking Contest

Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.

Cyber Security News

4 days ago

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)

Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.

CSO

Google Chrome gets a patch for actively exploited zero-day vulnerability

Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists.

Ars Technica

Google patches its fifth zero-day vulnerability of the year in Chrome

Exploit code for critical "use-after-free" bug is circulating in the wild.

Security Affairs

Google fixes fifth actively exploited Chrome zero-day this year

Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser.

SecurityWeek

Exploited Chrome Zero-Day Patched by Google

A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.

Bleeping Computer

Learn ethical hacking techniques with $1,000 off this super bundle

Ethical hacking takes the battle to the black hats and keeps them from taking over the internet. These 18 cybersecurity training courses show you how to fight back for $39.97, $1059 off the $1098 MSRP now through 5/12.

Cyber Security News

New 'TunnelVision' Technique Allows Hackers to Bypass VPN Encryption

Security researchers have uncovered a new technique called "TunnelVision" that exposes a fundamental flaw in routing-based Virtual Private Networks (VPNs),

The Hacker News

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

Google has just released an update to patch a new zero-day flaw, CVE-2024-4671, which hackers are actively exploiting in the wild.

Bleeping Computer

Google fixes fifth Chrome zero-day exploited in attacks this year

Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year.

Cyber Security News

Alert! Google Chrome Zero-day Exploited in the Wild

There is a vulnerability in Chrome's Visuals component that is being tracked as CVE-2024-4671. The flaw is related to the use-after-free issue and can potentially lead to remote code execution.

SC Magazine

7 days ago

Google patches fifth Chrome zero-day of 2024

While Google confirmed that the bug exists in the wild, security researchers say there has yet to have been an instance of active exploitation.

DarkReading

7 days ago

2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts

F5 customers should patch immediately, though even that won't protect them from every problem with their networked devices.

The Hacker News

7 days ago

New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

Researchers have uncovered a vulnerability (CVE-2024-3661) that allows threat actors to snoop on your VPN traffic.

HACKRead

8 days ago

Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO

This article explores Microsoft Azure Entra ID flaw, explains the vulnerability in context, and offers actionable steps to secure your organization.

SecurityWeek

8 days ago

New 'TunnelVision' Technique Leaks Traffic From Any VPN System

A new technique named TunnelVision allows attackers to bypass the VPN and redirect traffic through the local network.

Cyber Security News

Akamai to Acquire API Security Startup Noname for $450 Million

Akamai Technologies, Inc. is set to acquire Noname Security, a top API security vendor, for $450 million, signaling a major move to boost its API security capabilities.

Ars Technica

Ransomware mastermind LockBitSupp reveled in his anonymity—now he’s been ID’d

The US places a $10 million bounty for the arrest of Dmitry Yuryevich Khoroshev.

Bleeping Computer

New attack leaks VPN traffic using rogue DHCP servers

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection.

Cyber Security News

HijackLoader Using Weaponized PNG Files To Deliver Multiple Malware

HijackLoader, a modular malware loader observed in 2023, is evolving with new evasion techniques, as it is a variant using a PNG image to

Cyber Security News

Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack

A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.

Cyber Security News

MITRE Shares Details on Nation-State Hackers' Intrusion into Research Network

The intrusion, believed to have been carried out by a Chinese threat actor group known as UNC5221, exploited two zero-day vulnerabilities.

Cyber Security News

Oracle Weblogic Server Flaw Allows Attackers Full Control - PoC Released

A new secondary JNDI injection vulnerability was discovered in a recent version of WebLogic, allowing attackers to trigger JNDI injection

Bleeping Computer

Prepare for CompTIA exams with $525 off this super-sized course bundle

CompTIA certifications validate your experience and help you stay up to date on your skills. These 15 CompTIA exam study courses get you ready for the test for $59.97, $525 off the $585 MSRP through the end of May 12th.

Cyber Security News

Microsoft Defender XDR Expanded to Malicious OAuth Apps With the Power of AI

Microsoft has announced an expansion of its Defender Extended Detection & Response (XDR) capabilities to include advanced AI-powered detection

Cyber Security News

New CraxsRAT Version Claims Capability To Bypass Google Play Antivirus

In a concerning development in the cybersecurity landscape, the latest version of CraxsRAT, known as v7.4, has been released with claims of

Cyber Security News

SandStorm Hackers Added New Kapeka Tool to it’s Arsenal

Kapeka, also known as KnuckleTouch, is a sophisticated backdoor malware that has been making waves in the cybersecurity world.

Ars Technica

Novel attack against virtually all VPN apps neuters their entire purpose

TunnelVision vulnerability has existed since 2002 and may already be known to attackers.

Cyber Security News

New Cuckoo Malware Attacking macOS Users to Steal Sensitive Data

Cybersecurity researchers have uncovered a new malware strain dubbed "Cuckoo., exhibits characteristics of both spyware and an infostealer

Cyber Security News

Finland Warns Of New Android Malware Stealing Banking Logins

Watch out for harmful Finnish SMS which tricks Android device users into loading banking malware by dialing a spoofed service number.

Cyber Security News

MedStar Health Breach: Hackers Accessed Emails & Files

MedStar Health, a major healthcare provider in the U.S, has reported a data breach involving unauthorized access to the email accounts.

Cyber Security News

Multiple Xiaomi Android Devices Vulnerability Let Attackers Hijack Phones

Several security experts have recently discovered that Xiaomi Android devices are suffering from a range of security vulnerabilities that affect several apps and system components.

Cyber Security News

Internal Communication Gaps Exposes Organizations to Cyber Attacks

However, a significant communication gap within organizations is increasingly a vulnerability, exposing to sophisticated cyber threats.

Cyber Security News

AI Powered Deepfake Detector to Combact Deepfakes Threats

This enhancement, developed in collaboration with Intel, aims to provide a robust defense against the escalating threat of deepfake scams.

Cyber Security News

10 Best Active Directory Management Tools 2024

Best Active Directory Management Tools: 1. Microsoft AD Explorer 2. SolarWinds Permissions Analyzer 3. Netwrix 4.ManageEngine ADAudit Plus.

Cyber Security News

PostgreSQL Security Flaws Let Attackers Execute Code

Two vulnerabilities have been identified in pgAdmin of PostgreSQL which were associated with Cross-Site Scripting and Multi-Factor

Cyber Security News

NVIDIA ChatRTX for Windows Vulnerability Lets Attackers Escalate Privileges

NVIDIA, a leading technology company, has recently released a security update regarding its Windows ChatRTX application.

CyberSecurity Dive

11 days ago

5 considerations for securing your software supply chain

Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.

CyberSecurity Dive

11 days ago

Five considerations for securing your software supply chain

Do you know what’s in your code? These 5 considerations should help you drive your security activities and identify weak points in your software supply chain.

Cyber Security News

12 days ago

Russian Hackers Exploit Outlook Flaw to Hijack Numerous Email Accounts

Russian state-sponsored hackers, identified as APT28 or Fancy Bear, have been exploiting a critical vulnerability in Microsoft Outlook to hijack email accounts on a large scale.

The Hacker News

12 days ago

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Czechia and Germany reveal they were targets of a massive cyber espionage campaign by Russia-linked APT28 hacker group.

Cyber Security News

12 days ago

Android Bug Leaks DNS Traffic to Hackers While Switching VPN Servers

Android's operating system has identified a critical vulnerability that allows DNS traffic to leak during VPN server switches, potentially exposing users' internet activity to cybercriminals.

Security Affairs

Russia-linked APT28 and crooks are still using the Moobot botnet

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations.

Cyber Security News

ShadowSyndicate Hackers Exploit Aiohttp Vulnerability To Steal Sensitive Data

A directory traversal vulnerability (CVE-2024-23334) was identified in aiohttp versions before 3.9.2, allowing remote attackers to

Cyber Security News

Florida Man Arrested For Selling Fake Cisco Device To U.S. Military

Onur Aksoy, a forty-year-old resident of Florida and dual citizen of Turkey and the United States, was found guilty of running a large

Cyber Security News

AI-Based Webshell Detection Model - Detailed Overview

While injection vulnerabilities are on the rise, Webshells have become a serious concern as they allow attackers to gain unauthorized access

SecurityWeek

Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals

A botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers.

Cyber Security News

Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints Across the Globe

Security researchers have uncovered four zero-day vulnerabilities within OpenVPN, the world's leading VPN solution.

Cyber Security News

Operation PANDORA Shutdown 12 Fake Call Centers that Steal Over €10M

Operation PANDORA has dismantled a network of 12 fraudulent call centers, dealing a blow to a criminal enterprise has stolen over €10m.

Cyber Security News

CISA & FBI Release Urges Developers to Eliminate Directory Traversal Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint Secure by Design Alert, calling on software developers and industry executives to intensify their efforts in eliminating directory traversal vulnerabilities within their products. This move comes in response to a series of high-profile cyber-attacks that have exploited […]

Cyber Security News

Path Traversal Vulnerability In Popular Android Apps Let Attackers Overwrite Files

The reason why hackers aim at well-known Android applications is that many people use them, and this means that when they attack it can impact

Cyber Security News

ArcaneDoor Hackers Who Exploited Cisco Firewall Zero-Days Linked To China

Hackers target Cisco Firewalls due to their widespread use and the potential to exploit vulnerabilities to gain unauthorized access, steal

Cyber Security News

CISA Warns Of Hackers Actively Attacking GitLab Password Reset Vulnerability

Washington, D.C., May 1, 2024 – The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert concerning a newly

Cyber Security News

NCSC Warns of Russian Hackers Attacking Critical National Infrastructure

The NCSC has issued a stark warning about a new wave of cyber threats from Russian-aligned groups targeting the UK's national infrastructure.

Cyber Security News

New macOS Adload Malware Bypasses Built-in macOS Antivirus Detection

A new variant of the notorious Adload malware has been discovered to bypass the latest updates to Apple's built-in antivirus, XProtect.

The Hacker News

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw

A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015 (CVE-2015-2051).

Cyber Security News

Beware! Threat Actors Selling RDP Access on Hacker Forums

Cybersecurity communities are on high alert as threat actors have begun selling RDP access on various underground hacker forums.

Cyber Security News

Critical MailCleaner Vulnerabilities Let Attackers Execute arbitrary command

Critical vulnerabilities in MailCleaner versions before 2023.03.14 allow attackers to take control of appliances through malicious emails

DarkReading

'DuneQuixote' Shows Stealth Cyberattack Methods Are Evolving

A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. Cyber defenders must keep pace.

Cyber Security News

Dropbox Sign Hacked: Attackers Stolen API Keys, MFA, & Hashed Passwords

Dropbox disclosed a significant security breach affecting its electronic signature service, Dropbox Sign (formerly known as HelloSign).

Ars Technica

Hacker free-for-all fights for control of home and office routers everywhere

How and why nation-state hackers and cybercriminals coexist in the same router botnet.

Bleeping Computer

Protect your data without losing speed with $233 off SurfShark VPN

A VPN lets you connect anywhere with confidence that snoops and thieves won't be able to tap into your data. This two-year subscription to SurfShark VPN gives you unlimited bandwidth and device connection for $56.99, $233 off the $290 MSRP.

Latest Hacking News

Judge0 Vulnerabilities Could Allow Sandbox Escape

A security researcher discovered a security vulnerability in the Judge0 system, which received a patch that could further be bypassed, leading to further vulnerabilities. While the developer eventually patched the issue after repeated exploits, the

Cyber Security News

Hackers Infiltrated 9-days Within UnitedHealth Network Before Ransomware Attack

The cyberattack, which unfolded on the morning of February 21, 2024, was the culmination of a 9-day silent infiltration by the hackers within the UnitedHealth network.

Cyber Security News

Malware Cuckoo - Previously Unknown Infosteler Spyware Steals Data From MacOS

a previously undetected malware threat for macOS that exhibits characteristics of both an infostealer and spyware.

Cyber Security News

Millions of Docker Hub Repositories Found Pushing Malware for Over 5 Years

Repositories on Docker Hub, a popular platform for developers to store and share containerized applications, have been exploited to spread malicious software and phishing scams.

Trend Micro

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024.

SecurityWeek

Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover

Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.

SecurityWeek