CSO
US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
HACKRead
HP Reports Low-Effort, High-Impact Cat-Phishing Targeting Users
New HP report reveals cybercriminals are increasingly leveraging "cat-phishing" techniques, exploiting open redirects in legitimate websites to deceive users and deliver malware.
DarkReading
US AI Experts Targeted in SugarGh0st RAT Campaign
Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.
Infosecurity News
SugarGh0st RAT Variant Used in Targeted AI Industry Attacks
Proofpoint said the attackers modified registry key names for persistence
Security Magazine
59% of organizations faced a software supply chain attack
59% of organizations experienced a software supply chain attack, with 54% of these respondents having experienced one in the past year.
Bleeping Computer
Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.
Infosecurity News
53,000 Employees' Social Security Numbers Exposed in Nissan Breach
Car manufacturer Nissan revealed that over 53,000 of its North America employees had their social security numbers accessed by a ransomware attacker
The Hacker News
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign
Kimsuky hackers launch new social engineering attack using fake Facebook accounts. Learn how they target activists via Messenger and deliver malware.
Cyber Security News
Top 10 Best Managed Service Providers (MSP) for CISO, CTO & IT Managers - 2024
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
DarkReading
Windows Quick Assist Anchors Black Basta Ransomware Gambit
When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.
Bleeping Computer
Kimsuky hackers deploy new Linux backdoor in attacks on South Korea
The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.
Bleeping Computer
Kimsuky hackers deploy new Linux backdoor via trojanized installers
The North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir in cyberespionage campaigns against targets in South Korea.
HACKRead
IoT Cameras Exposed by Chainable Exploits, Millions Affected
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
SecurityWeek
Android 15 Brings Improved Fraud and Malware Protections
Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.
Cyber Security News
Hackers Exploiting Microsoft's Quick Assist Tool To Deliver Ransomware
Remote assist tools are often targeted by hackers as they create a direct channel that can be used to get into desired systems while using
%20(1).webp)
Cyber Security News
Earth Hundun Hacker Group Employs Advanced Tactics to Evade Detection
Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear, first encountered Deuterbear.
Cyber Security News
Palo Alto Networks Buys IBM’s QRadar
In a major move to bolster its cloud security offerings, Palo Alto Networks announced today that it has agreed to purchase the QRadar .
The Cyber Express
UK NCSC to Defend ‘High-Risk’ Political Candidates from Cyberattacks
In response to heightened cyber threats targeting political candidates, election officials and civil society groups, the National Cyber Security Centre
The Hacker News
Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks
Beware of Storm-1811! This financially motivated group is abusing Microsoft's Quick Assist tool in social engineering attacks.
SC Magazine
Microsoft’s Quick Assist used in scam to drop Black Basta ransomware
Threat actors use the remote management tool and social engineering to access victims’ systems and install malware.
Trend Micro
Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
The Record
New UK system will see ISPs benefit from same protections as government networks
The Share and Defend system will provide a list of malicious domains to a range of U.K. communications providers so the domains can be added to blocklists.
Ars Technica
BreachForums, an online bazaar for stolen data, seized by FBI
An earlier iteration of the site was taken down last year; now its reincarnation is gone.
Bleeping Computer
Android to add new anti-theft and data protection features
Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later.
Bleeping Computer
Android 15, Google Play get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices.
Bleeping Computer
Android 15, Google Play Protect get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users' devices.
Cyber Security News
5 Common Phishing Vectors and Examples - 2024
Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments.
The Hacker News
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
Android 15 introduces new features to prevent malicious apps from capturing your sensitive data. Find out more about these crucial updates:
Ars Technica
SSH backdoor has infected 400,000 Linux servers over 15 years and keeps on spreading
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
Infosecurity News
PDF Exploitation Targets Foxit Reader Users
CPR said exploit builders in .NET and Python have been employed to deploy this malware
Infosecurity News
NCSC Expands Election Cybersecurity to Safeguard Candidates
The National Cyber Security Centre launches an opt-in Personal Internet Protection service to safeguard individuals from cyber threats during the upcoming election
SecurityWeek
Threat Actors Abuse GitHub to Distribute Multiple Information Stealers
Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.
Bleeping Computer
Protect against lateral movement attacks by securing credentials
Organizations need to detect and remove intruders quickly to prevent data loss and minimize the impact of lateral movement attacks. Learn more from Specops Software on blocking lateral movement in networks.
.webp)
Cyber Security News
Turla APT Group Attacking European Ministry of Foreign Affairs
The well-known advanced persistent threat (APT) group Turla, which is based in Russia, is said to be going after the European Ministry.
Security Magazine
Malware was almost 50% of threat detections in Q1 2024
According to a cybersecurity and threat intelligence report, the U.S. was the 4th most targeted country in the world regarding phishing attacks.
SecurityWeek
400,000 Linux Servers Hit by Ebury Botnet
The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.
.webp)
Cyber Security News
Hackers Abusing to GitHub to Host Malicious Infrastructure
Cybercriminals have been exploiting GitHub, a platform widely trusted by developers, to host malicious infrastructure.
The Hacker News
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
Ebury malware botnet has compromised an estimated 400,000 servers since 2009. Learn how to protect your systems from this advanced threat.
The Cyber Express
Microsoft Addresses Zero-Day Vulnerability Exploited by QakBot Malware
Microsoft patched a zero-day vulnerability exploited by attackers to distribute QakBot and other malware payloads on susceptible Windows systems. Identified
Infosecurity News
Microsoft Fixes Three Zero-Days in May Patch Tuesday
Microsoft has released patches for three zero-day vulnerabilities including two actively exploited in the wild
Cyber Security News
10 Best Network Security Providers for Healthcare Industry in 2024
Best Network Security Providers for the Healthcare Industry - 1. Perimeter 81, 2. Palo Alto Networks, 3. Fortinet, 4. Cisco, 5. Trend Micro
The Cyber Express
SideCopy APT Campaign Found Targeting Indian Universities
Cyble Research and Intelligence Labs (CRIL) researchers have uncovered a new SideCopy campaign. The threat actor group has previously been
%20(1).webp)
Cyber Security News
WaveStealer Malware Delivered Via Telegram & Discord Messaging Platforms
Cybersecurity experts have identified a new malware, dubbed WaveStealer, being actively distributed through popular messaging platforms.
The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
CSO
FBI warns Black Basta ransomware impacted over 500 organizations worldwide
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
The Record
New backdoors on a European government's network appear to be Russian
Researchers with cybersecurity company ESET have labeled two new pieces of suspected Russian malware as LunarWeb and LunarMail.
SC Magazine
Microsoft fixes exploited Qakbot-delivering 0-day in May Patch Tuesday
In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.
Bleeping Computer
Microsoft fixes VPN failures caused by April Windows updates
Today, Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates.
Cyber Security News
Alert! Microsoft Fixes 60 Vulnerabilities With 2 Actively Exploited Zero-Days
Microsoft fixed 60 vulnerabilities in its Patch Tuesday release in May 2024, including 2 zero-day vulnerabilities actively exploited in the wild
Bleeping Computer
Microsoft fixes Windows Server bug causing crashes, NTLM auth failures
Microsoft has fixed a known issue causing NTLM authentication failures and domain controller reboots after installing last month's Windows Server security updates.
SecurityWeek
Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities
Microsoft patched 60 security bugs in multiple products and waned of an actively exploited Windows zero-day (CVE-2024-30051)
Bleeping Computer
Microsoft fixes Windows zero-day exploited in QakBot malware attacks
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Bleeping Computer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
Infosecurity News
Ebury Botnet Operators Diversify with Financial and Crypto Theft
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
DarkReading
Dangerous Google Chrome Zero-Day Allows Sandbox Escape
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
Bleeping Computer
Ebury botnet malware infected 400,000 Linux servers since 2009
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.
HACKRead
Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
Infosecurity News
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
HACKRead
DNS Tunneling Used for Stealthy Scans and Email Tracking
DNS tunneling is being used to bypass security filters by hiding malicious traffic in DNS packets, allowing hackers to steal stolen data.
DarkReading
DNS Tunneling Abuse Expands to Tracking & Scanning Victims
Several campaigns are leveraging the evasive tactic to provide useful insights into victims' online activities, and find new ways to compromise organizations.
SecurityWeek
Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker
Ron Reiter was a childhood hacker in Israel and recruited into the IDF’s Unit 8200. Now he is CTO and co-founder of cybersecurity firm Sentra.
.webp)
Cyber Security News
400k Linux Servers Hacked to Mine Cryptocurrency
The botnet, operated by the threat group behind the Ebury malware, has been active since at least 2009 but has evolved over the past decade.
HACKRead
Kaspersky Reveals Global Rise in APTs, Hacktivism and Targeted Attacks
The Israel-Hamas conflict has fueled a wave of hacktivism activity, with groups like SiegedSec launching attacks and leaking sensitive information.
SecurityWeek
Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks
Threat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures.
The Hacker News
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
12 security flaws addressed, including two critical issues leading to remote code execution. Update to version 1.2.27 now to stay protected
The Hacker News
Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls
A new social engineering campaign is targeting enterprises with spam emails to gain initial access. The threat actor overwhelms users' email and calls
Infosecurity News
Hackers Use DNS Tunneling to Scan and Track
Palo Alto Networks warns threat actors are using DNS tunneling techniques to probe for network vulnerabilities
Cyber Security News
Hackers Weaponize Word Files To Deliver DanaBot Malware
Recent email campaigns distribute DanaBot malware through two document types: those using equation editor exploits and those containing
Latest Hacking News
Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence
Torrance, California, May 13th, 2024, CyberNewsWireCriminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially
SecurityWeek
Zscaler Confirms Only Isolated Test Server Was Hacked
Zscaler has completed its investigation into the recent hacking claims and found that only an isolated test environment was compromised.
Security Affairs
Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware
CSO
Equipped with AI tools, hackers make apps riskier than ever
The odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools.
SC Magazine
LockBit ransomware spread in millions of emails via Phorpiex botnet
Emails from “Jenny Green” delivered LockBit Black through attached ZIP files.
Krebs on Security
Patch Tuesday, May 2024 Edition
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS…
Bleeping Computer
PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
Ars Technica
Black Basta ransomware group is imperiling critical infrastructure, groups warn
Threat group has targeted 500 organizations. One is currently struggling to cope.
Infosecurity News
Mallox Ransomware Deployed Via MS-SQL Honeypot Attack
Analyzing Mallox samples, Sekoia identified two distinct affiliates using different approaches
%20(1).webp)
Cyber Security News
Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence
"Our partnership with Quad9 is a recognition of the accuracy of Criminal IP's data," stated Byungtak Kang, CEO of AI SPERA.
SecurityWeek
Europol Investigating Breach After Hacker Offers to Sell Classified Data
Europol is investigating a data breach, but says no core systems are impacted and no operational data has been compromised.
Bleeping Computer
Criminal IP Teams with Quad9 for Advanced Threat Intelligence Sharing
The Criminal IP Threat Intelligence (CTI) search engine to integrate with Quad9's threat-blocking service. Learn more from Criminal IP about how this integration can help you.
HACKRead
Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence
Torrance, California, May 13th, 2024, CyberNewsWire
.webp)
Cyber Security News
New Breed of Romance Scams Employs Fake Cryptocurrency Exchanges
Romance scam schemes involve intricate manipulations, including using fake cryptocurrency exchanges to defraud victims.
The Hacker News
The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield
Are your browser extensions safe? 33% in most orgs aren't! Learn to protect your data with insights from the 2024 Browser Security Report.
SecurityWeek
Black Basta Ransomware Hit Over 500 Organizations
The US government warns of Black Basta ransomware attacks targeting critical infrastructure organizations.
The Cyber Express
Alleged Hosocongty Data Breach Exposes Vietnamese Job Seekers
A dark web hacker, known as "makishimaaaa," has recently advertised a significant data breach on the Nuovo BreachForums. The compromised
Cyber Security News
CISA Warns Of Black Basta Ransomware Attacking 500+ Industries
Black Basta ransomware is used by threat actors because of its powerful abilities and inconspicuous moves.
The Hacker News
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
Researchers found a malicious Python package called requests-darwin-lite hiding a sneaky malware.
CyberSecurity Dive
Don’t be afraid of GenAI code, but do be wary
Don’t fall for scare headlines about GenAI code—it offers multiple benefits—but also be aware of its limits and risks.
Krebs on Security
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy,…
The Record
'Russian' hackers deface potentially hundreds of local British news sites
An infiltrator posted a breaking news story titled "PERVOKLASSNIY RUSSIAN HACKERS ATTACK" on websites owned by Newsquest Media Group.
SC Magazine
Malicious PyPI ‘requests’ fork hides backdoor in PNG file
The “requests-darwin-lite” package was downloaded more than 400 times before its removal.
Security Affairs
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
Security Affairs
As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide
Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported.
The Hacker News
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
The notorious FIN7 hacking group is at it again! This time, they're using malicious Google ads to trick users into downloading malware disguised as le
Bleeping Computer
The Week in Ransomware - May 10th 2024 - Chipping away at LockBit
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation.
The Hacker News
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms
North Korean hackers have unleashed a new Golang malware called "Durian" in targeted attacks against South Korean crypto firms.
Infosecurity News
#RSAC: Experts Highlight Novel Cyber Threats and Tactics
Well-funded cybercriminals are adopting more sophisticated techniques, creating a need for defenders to stay informed about the evolving threat landscape
CyberNews
“Do more” – UK authority issues vague call to bolster cyber defenses
The UK’s Information Commissioner's Office (ICO) calls organizations to boost “cybersecurity and protect the personal information they hold.”
Security Affairs
Russia-linked APT28 targets government Polish institutions
CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28.
Loading more articles....