DarkReading
When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.
Ars Technica
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
SecurityWeek
The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.
The Hacker News
Ebury malware botnet has compromised an estimated 400,000 servers since 2009. Learn how to protect your systems from this advanced threat.
Bleeping Computer
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
Infosecurity News
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
Bleeping Computer
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.
.webp)
Cyber Security News
The botnet, operated by the threat group behind the Ebury malware, has been active since at least 2009 but has evolved over the past decade.
.png)
Cyber Security News
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
Security Affairs
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin's private SSH key.
Bleeping Computer
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key.
.webp)
Cyber Security News
The FBI has issued a warning about a sophisticated phishing and smishing campaign orchestrated by a cybercriminal group known as STORM-0539,.
Cyber Security News
Citrix has released a security bulletin detailing a critical vulnerability (CVE-2024-31497) affecting certain versions of their Citrix
Bleeping Computer
The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024.
CyberNews
The Federal Bureau of Investigation (FBI) has warned of heightened cybercriminal activity against employees at US retail corporate offices.
CSO
The attack compromised some healthcare data with no material or financial losses, the company said.
Security Affairs
MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence.
The Hacker News
MITRE, a renowned research firm, has revealed alarming details about a recent cyber attack that dates back to late 2023.
Cyber Security News
In a concerning development for cybersecurity, over 150 SSH accounts with root access are currently being advertised for sale on various
Security Affairs
The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations.
SecurityWeek
A botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers.
The Hacker News
A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015 (CVE-2015-2051).
Ars Technica
How and why nation-state hackers and cybercriminals coexist in the same router botnet.
Cyber Security News
a previously undetected malware threat for macOS that exhibits characteristics of both an infostealer and spyware.
Trend Micro
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024.
Ars Technica
Credential-stuffing attack uses proxies to hide bad behavior.
The Cyber Express
Okta reported an "unprecedented scale" of credential stuffing attacks targeting its identity and access management solutions, resulting in the breach
SecurityWeek
Okta warns of an increase in credential stuffing attacks leveraging anonymizing services such as DataImpulse, Luminati, and NSocks.
CyberNews
The mobile devices and browsers of everyday users are behind the recent spike in credential-stuffing attacks.
Security Affairs
Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances.
SC Magazine
The IAM service provider said easy access to stolen credentials and residential proxy services were behind the surge.
Security Affairs
Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services.
The Hacker News
Okta is sounding the alarm on an unprecedented spike in credential stuffing attacks targeting online services.
The Hacker News
Multiple critical vulnerabilities discovered in Brocade SANnav SAN management application, impacting all versions up to 2.3.0.
SecurityWeek
The Brocade SANnav management application is affected by multiple vulnerabilities, including a publicly available root password.
Cyber Security News
The XZ cyber incident is a textbook example of how sophisticated social engineering tactics can lead to significant security breaches.
Bleeping Computer
Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide.
SC Magazine
The stealthy threat group is particularly focused on exfiltrating data from Asia-Pacific government and defense organizations.
The Record
A hacking operation labeled ToddyCat continues to steal data primarily from governmental targets in the region, researchers say.
DarkReading
The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.
DarkReading
The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
The Hacker News
Kaspersky has uncovered a concerning threat actor, ToddyCat, targeting government and military entities.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
DarkReading
Attackers are indiscriminately targeting VPNs from Cisco and several other vendors in what may be a reconnaissance effort, company says.
Bleeping Computer
Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root.
SecurityWeek
Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services.
The Hacker News
Researchers alert of a global rise in brute-force attacks from TOR nodes targeting VPNs, web interfaces, and SSH services
Security Affairs
Cisco Talos warns of large-scale brute-force attacks against VPN services, web application authentication interfaces and SSH services.
SC Magazine
While a longstanding method, the scale and systematic execution of the attacks signify an escalation, security pros said.
SC Magazine
Attackers exploited a critical vulnerability to create a new administrator account.
Ars Technica
Attacks coming from nearly 4,000 IP addresses take aim at VPNs, SSH and web apps.
CyberNews
A new advisory warns of an uptick in brute force attacks targeting VPNs, SSH services, and other services.
Security Affairs
The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could be exploited to recover private keys.
Bleeping Computer
Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide.
SecurityWeek
PuTTY vulnerability CVE-2024-31497 allows attackers to compromise private keys and use them to forge signatures.
Bleeping Computer
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.
The Hacker News
A critical vulnerability in PuTTY, affecting versions 0.68 through 0.80, compromises the security of NIST P-521 private keys.
Cyber Security News
A severe vulnerability has been discovered in the PuTTY client and related components, allowing attackers to fully recover NIST P-521 private keys.
Security Affairs
The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure.
SecurityWeek
A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.
The Hacker News
Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.
CSO
Sisense customers told to update credentials following a compromise that is under investigation.
Bleeping Computer
Google has announced a new version of its browser for organizations, Chrome Enterprise Premium, which comes with extended security controls for a monthly fee per user.
Cyber Security News
Google has unveiled a significant upgrade to its enterprise browsing capabilities with the launch of Chrome Enterprise Premium.
Bleeping Computer
A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain.
SecurityWeek
Siemens and Schneider Electric release their ICS Patch Tuesday advisories for April 2024, informing customers about dozens of vulnerabilities.
CSO
The group was discovered recently through Sysdig honeypots as it attempted to exploit a Laravel vulnerability.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
CyberScoop
An operation to undermine the software utility XZ Utils has exposed the fragile human foundations on which the modern internet is built.
Infosecurity News
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities
SecurityWeek
The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago.
CyberSecurity Dive
Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.
Infosecurity News
A backdoor in XZ Utils, a widely used file-compressing software in Linux systems, could have led to a critical supply chain attack had a Microsoft researcher not spotted it in time
Bleeping Computer
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094.
The Hacker News
Popular Linux compression tool XZ Utils found with backdoor. Threat actors can remotely execute code on your machine, bypassing authentication.
The Cyber Express
A critical vulnerability has been discovered within the XZ Utils library (a command line tool for compressing and decompressing XZ
HACKRead
A vulnerability, CVE-2024-3094, was discovered in XZ Utils package. This vulnerability threatens Linux systems with backdoor attacks.
SecurityWeek
Major Linux distributions have been impacted by a supply chain attack involving backdoored versions of the XZ Utils data compression library.
%20--%20Supply%20Chain%20Backdoor%20(1).webp)
Cyber Security News
Fedora Linux 40 beta users have been urged to take immediate action after an Upstream supply chain attack that has compromised SSH protocol.
Ars Technica
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.
The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
The Hacker News
Secret backdoor found in XZ Utils compression library used by major Linux distros, like Fedora, Kali Linux, and openSUSE.
DarkReading
In this Tech Tip, we outline how to check if a system is impacted by the newly discovered backdoor in the open source xz compression utility.
Ars Technica
Malicious code planted in xz Utils has been circulating for more than a month.
Bleeping Computer
Today, Red Hat warned users to immediately stop using systems running Fedora development versions because of a backdoor found in the latest XZ data compression tools and libraries.
SC Magazine
The critical supply chain threat affects beta releases of Red Hat Fedora, Debian and more.
Bleeping Computer
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command.
SecurityWeek
Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters.
.webp)
Cyber Security News
Agenda ransomware group, also known by its aliases Qilin and Water Galura, has been ramping up its attacks on a global scale.
The Hacker News
Researchers uncover active exploitation of a critical flaw in Anyscale Ray, a popular AI platform.
_Igor_Golovnov_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
DarkReading
A new and improved variant of the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.
SecurityWeek
A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5.
The Hacker News
Minecraft faces a growing threat from DDoS attacks, impacting over 500 million registered users. Learn how these attacks disrupt gameplay and what you
%20(1)%20(1).webp)
Cyber Security News
Firstly, it is used for remote access to servers and systems at large hence a great ground for infiltration.
Trend Micro
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
The Hacker News
China-linked threat group aggressively exploits software flaws in Connectwise ScreenConnect & F5 BIG-IP.
Cyber Security News
First identified in 2020, Sysrv is a botnet that uses a Golang worm to infect devices and deploy cryptominers, propagates by exploiting
The Hacker News
Moldovan national gets 3+ years in US prison for running E-Root Marketplace, a massive platform selling stolen login details.
Trend Micro
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
SecurityWeek
Sandu Diaconu has been sentenced to 42 months in prison for operating a marketplace for compromised credentials.
Loading more articles....