In a recent phishing attempt, Cofense researchers spotted an email disguised as a communication from a company’s HR department, prompting recipients to review an updated employee handbook. This article has been indexed from Cyware News – Latest Cyber News Read…
Tag: Cyware News – Latest Cyber News
SEXi Ransomware Rebrands as ‘APT Inc.,’ Retains Prior Extortion Tactics
The cybercrime group known as SEXi ransomware, now operating as APT Inc., has been targeting organizations since February. They use a leaked Babuk encryptor for VMware ESXi servers and LockBit 3 encryptor for Windows servers. This article has been indexed…
Void Banshee Targets Windows Users Through MSHTML Flaw to Spread Atlantida Stealer
The vulnerability, CVE-2024-38112, was observed by Trend Micro in May 2024, being exploited as part of a multi-stage attack chain using internet shortcut files. The campaign has been active throughout 2024. This article has been indexed from Cyware News –…
DNS Hijacks Target Cryptocurrency Platforms Registered With Squarespace
A coordinated wave of DNS hijacking attacks recently targeted decentralized finance (DeFi) cryptocurrency domains. Attackers used the Squarespace registrar to redirect visitors to phishing sites that aimed to steal cryptocurrency and NFTs. This article has been indexed from Cyware News…
Risk Related to Non-Human Identities: Believe the Hype, Reject the FUD
The hype surrounding non-human identities (NHIs) has recently increased due to the risk they pose, with breaches causing fear, uncertainty, and doubt. With NHIs outnumbering human identities, the associated risks need to be addressed. This article has been indexed from…
Realm: Open-Source Adversary Emulation Framework
Realm is an open-source adversary emulation framework focused on scalability, reliability, and automation. It features a custom interpreter in Rust, enabling the creation of complex TTPs as code. This article has been indexed from Cyware News – Latest Cyber News…
Report: Hackers Use PoC Exploits in Attacks 22 Minutes After Release
Threat actors rapidly weaponize proof-of-concept exploits in real attacks, often within 22 minutes of their public release, as per Cloudflare’s 2024 Application Security report covering May 2023 to March 2024. This article has been indexed from Cyware News – Latest…
New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns
The deployment of BugSleep is a significant development in MuddyWater’s tactics, targeting various sectors with phishing emails leading to the distribution of Remote Management Tools and the BugSleep malware. This article has been indexed from Cyware News – Latest Cyber…
Over 4000 Domains Used By FIN7 Actors Mimic Popular Brands
By targeting famous brands like tech firms and financial industry players, FIN7 actors deploy redirects, multi-stage phishing campaigns, and impersonate open directories to spread malware. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Malvertising Campaign Lures Mac Users with Fake Microsoft Teams Ad
The malicious ad campaign employed advanced filtering techniques to evade detection and appeared as a top search result for Microsoft Teams. It redirected users through deceptive links despite displaying microsoft.com as its URL. This article has been indexed from Cyware…
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
The US Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team exercise at an unnamed federal agency in 2023, exposing serious security failings that left critical assets vulnerable. This article has been indexed from Cyware News – Latest Cyber…
Zeus Banking Malware Player Gets Nine-Year Prison Term
Vyacheslav Igorevich Penchukov, a criminal who used Zeus and IcedID malware to steal millions of dollars from victims, has been sentenced to almost a decade in prison and ordered to pay $73 million in restitution by a Nebraska federal court…
Netgear Warns Users to Patch Auth Bypass, XSS Router Flaws
Netgear released firmware patches to fix stored XSS and authentication bypass flaws in the XR1000 Nighthawk gaming router and CAX30 Nighthawk AX6 6-Stream cable modem routers, respectively. This article has been indexed from Cyware News – Latest Cyber News Read…
Palo Alto Networks Fixed a Critical Bug in the Expedition Tool
Palo Alto Networks has released security updates to address five vulnerabilities in its products, including a critical flaw in the Expedition tool that could enable admin account takeover. This article has been indexed from Cyware News – Latest Cyber News…
Google Reportedly in Talks to Acquire Cloud Security Company Wiz for $23B
Alphabet, Google’s parent company, is in advanced talks to acquire cloud security provider Wiz for around $23 billion. Wiz recently raised $1 billion at a $12 billion valuation and has a total of $1.9 billion in funding. This article has…
White House Calls for Defending Critical Infrastructure
The Office of Management and Budget has issued a memorandum outlining the administration’s cybersecurity priorities for fiscal year 2026, aligning with the national cybersecurity strategy. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Signal Downplays Encryption Key Flaw, Fixes it After X Drama
Signal has now taken steps to address the issue by integrating Electron’s SafeStorage API to secure the data store from offline attacks. The new implementation is currently being tested and will soon be available in a Beta version. This article…
CISA Urges Software Makers to Eliminate OS Command Injection Flaws
The US government is pressuring software manufacturers to address operating system command injection vulnerabilities following high-profile threat actor campaigns exploiting these flaws in 2024. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Several DOD IT Programs Still Don’t Have a Cyber Strategy, Watchdog Finds
The U.S. Government Accountability Office’s annual assessment of the Defense Department’s IT spending revealed that several programs lack approved cybersecurity strategies, leaving them vulnerable to potential cyberattacks. This article has been indexed from Cyware News – Latest Cyber News Read…
ClickFix Deception: A Social Engineering Tactic to Deploy Malware
McAfee Labs has uncovered a unique malware delivery method called the “Clickfix” infection chain, which starts with users being directed to compromised websites and instructed to paste a script into a PowerShell terminal. This article has been indexed from Cyware…
Exein Raised $16.3 Million Series B to Stop Robotic Arms Going Haywire
Exein, a Rome-based startup, is addressing the critical issue of device security in the IoT space. The company recently secured €15 million (~$16.3 million) in a Series B funding round led by cybersecurity-focused VC 33N. This article has been indexed…
Credential-Stealing OSS ‘Crystalray’ Attacks Jump 10X
Crystalray’s attack chain involves using various OSS tools for reconnaissance, scanning, and exploiting vulnerabilities. The group was first discovered in February using the “SSH-Snake” tool to exploit vulnerabilities in Atlassian Confluence. This article has been indexed from Cyware News –…
White House to Require Increased Cybersecurity Protocols for R&D Institutions
Federal research agencies will now require covered institutions to implement cybersecurity programs for research and development security due to threats from China. The goal is to increase awareness of security threats and enable apt responses. This article has been indexed…
China’s APT41 Crew Adds Stealthy Malware to its Toolbox
DodgeBox deploys MoonWalk backdoor as a DAT file post-execution. The backdoor shares evasion techniques with DodgeBox and uses Google Drive for command-and-control communication. This article has been indexed from Cyware News – Latest Cyber News Read the original article: China’s…
Coyote Banking Trojan Targets LATAM with a Focus on Brazilian Financial Institutions
A .NET banking Trojan named Coyote has been identified as a threat to Brazilian financial institutions. It uses a unique execution chain involving the abuse of legitimate software to harvest user financial information. This article has been indexed from Cyware…
Malicious NuGet Campaign Uses Homoglyphs and IL Weaving to Fool Devs
This new set of packages, consisting of approximately 60 packages and 290 versions, showcases a more sophisticated approach compared to earlier attacks revealed in October 2023, according to ReversingLabs. This article has been indexed from Cyware News – Latest Cyber…
Exim Vulnerability Affecting 1.5M Servers Lets Attackers Attach Malicious Files
Security researchers have identified a critical vulnerability affecting over 1.5 million Exim email servers, making them vulnerable to attacks that can deliver executable attachments to user accounts. This article has been indexed from Cyware News – Latest Cyber News Read…
Japanese Space Agency Spots Unspecified Zero-Day Attacks
JAXA was targeted with zero-day exploits during its investigation with Microsoft into a 2023 cyberattack. The attack mainly affected its Active Directory system, prompting JAXA to shut down networks to prevent data compromise. This article has been indexed from Cyware…
Macau Government Websites Hit with Cyberattack by Suspected Foreign Hackers
The attack, identified as a distributed denial-of-service attack (DDoS), affected websites of security services, police, fire and rescue services, and the academy for public security forces. This article has been indexed from Cyware News – Latest Cyber News Read the…
Japan Warns of Attacks Linked to North Korean Kimsuky Hackers
The attacks were detected earlier this year, with indicators of compromise shared by AhnLab Security Intelligence Center. The attackers initiate their attacks with phishing emails containing malicious attachments disguised as documents. This article has been indexed from Cyware News –…
The Stark Truth Behind the Resurgence of Russia’s FIN7
FIN7, a cybercrime group responsible for billions in losses, was dismantled by U.S. authorities in 2023. However, they resurfaced in 2024 with Stark Industries Solutions, hosting thousands of fake websites mimicking renowned companies. This article has been indexed from Cyware…
Ransomware Gangs Invest in Custom Data Stealing Malware
Ransomware gangs are now creating custom data-stealing malware instead of just encrypting files. Mature crime organizations are investing in bespoke data theft tools, according to a Cisco Talos report on the top 14 ransomware groups. This article has been indexed…
Multiple Threat Actors Exploit PHP Flaw CVE-2024-4577 to Deliver Malware
The PHP vulnerability, tracked as CVE-2024-4577, with a CVSS score of 9.8, allows attackers to execute commands on Windows systems using Chinese and Japanese language settings. This article has been indexed from Cyware News – Latest Cyber News Read the…
Cytactic Raises $16M in Seed Funding
Cytactic, an Israel-based provider of a platform pioneering cyber crisis readiness and management, raised $16M in a seed funding round led by Evolution Equity Partners. It intends to use the funds to expand operations and development efforts. This article has…
Veeam Flaw Becomes Ransomware Vector a Year After Patching
A new ransomware gang known as EstateRansomware is exploiting a Veeam vulnerability that was patched over a year ago to spread file-encrypting malware and demand ransom payments. This article has been indexed from Cyware News – Latest Cyber News Read…
Exploring Compiled V8 JavaScript Usage in Malware
Compiled V8 JavaScript in Google’s engine converts JavaScript into low-level bytecode, making analysis and detection difficult. Attacks using this bytecode ensure compatibility with the V8 engine for successful execution. This article has been indexed from Cyware News – Latest Cyber…
BunkerWeb: Open-Source Web Application Firewall (WAF)
The genesis of BunkerWeb came from the need to apply security practices manually every time a web application was put online. The solution meets global needs with a modular architecture allowing for extensions. This article has been indexed from Cyware…
ViperSoftX Info-Stealing Malware Being Distributed Through Fake Ebooks
Originally detected in 2020, the ViperSoftX malware now incorporates more sophisticated evasion tactics by using the Common Language Runtime (CLR) to run PowerShell commands within AutoIt scripts distributed through pirated eBook copies. This article has been indexed from Cyware News…
Critical GitLab Bug Lets Attackers Run Pipelines as Other Users
The vulnerability impacts all GitLab CE/EE versions from 15.8 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.…
Risk Escalates as Communication Channels Proliferate
A survey by data security company Kiteworks reveals that around 60% of organizations struggle to track their information once it leaves through communication channels like email. This article has been indexed from Cyware News – Latest Cyber News Read the…
Russian Researchers Identify Alleged Ukrainian Developer of Malicious Remote Access Tool
Researchers have identified the developer of a malicious remote access tool used in attacks on Russian organizations. Known as Mr. Burns, the developer has been active in darknet forums since 2010, creating harmful versions of popular tools. This article has…
Huione Guarantee Exposed as a $11 Billion Marketplace for Cybercrime
Huione Guarantee, an online marketplace, is reportedly being used for money laundering, particularly in “pig butchering” investment scams. Victims are tricked into investing in fake sites with high returns. This article has been indexed from Cyware News – Latest Cyber…
Singapore to Phase Out One-Time Passwords in Banking
This decision comes after a warning from the Singapore Police about phishing scams targeting bank customers. Scammers have managed to defraud individuals of over S$600,000 ($445,000) in just a few weeks. This article has been indexed from Cyware News –…
Google Advanced Protection Program gets passkeys for high-risk users
Google announced that passkeys are now available for high-risk users enrolling in the Advanced Protection Program, ensuring top-notch account security. The program offers free protection for accounts of high-risk individuals. This article has been indexed from Cyware News – Latest…
Diversifying Cyber Teams to Tackle Complex Threats
A diverse workforce brings different perspectives, experiences, and problem-solving approaches to the table, enabling teams to identify vulnerabilities and develop more robust defense strategies. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
New Malware Campaign Targeting Spanish Language Victims and the Mining Sector
Poco RAT was first categorized on February 7, 2024, and has since targeted customers in multiple sectors, with Mining being the primary focus. One company was the most targeted, responsible for 67% of the total volume of campaigns. This article…
Universal Code Execution by Chaining Messages in Browser Extensions
Cybersecurity analyst Eugene Lim discovered the risk posed by this vulnerability, which hackers can exploit by chaining messaging APIs in browsers and extensions, bypassing security measures like the Same Origin Policy. This article has been indexed from Cyware News –…
Citrix Fixed Critical and High-Severity Bugs in NetScaler Product
The most severe flaw is an improper authorization issue (CVE-2024-6235) with a CVSS score of 9.4, allowing attackers to access sensitive information through the NetScaler Console IP. This article has been indexed from Cyware News – Latest Cyber News Read…
VMware Fixed Critical SQL Injection Flaw in Aria Automation Platform
VMware has fixed a high-severity SQL-Injection vulnerability, known as CVE-2024-22280, in its Aria Automation platform. This flaw could allow authenticated users to execute unauthorized database operations through specially crafted SQL queries. This article has been indexed from Cyware News –…
US Busts Russian AI-Driven Disinformation Operation
The Department of Justice investigated around 1,000 accounts on social media platform X, previously Twitter, which were used by the Kremlin to spread pro-Moscow propaganda created by the AI-driven Meliorator software. This article has been indexed from Cyware News –…
Regional Transport Office Themed Phishing Campaign Targets Android Users In India
Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named “VAHAN PARIVAHAN.apk”. This article has been indexed from Cyware News – Latest Cyber News Read the…
As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit
Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent. This article has been indexed from Cyware News – Latest…
US Senate NDAA 2025 Boosts Military Cyber and AI Initiatives
The Senate Armed Services Committee presented the NDAA for fiscal year 2025, totaling $923.3 billion for defense funding. This includes $878.4 billion for the Pentagon and $33.4 billion for national security programs under the Department of Energy. This article has…
Ticket Heist Network of 700 Domains Sells Fake Olympic Games Tickets
QuoIntelligence discovered the operation called Ticket Heist, with convincing websites selling fake Olympic tickets. The prices on these websites are much higher than the official ones. This article has been indexed from Cyware News – Latest Cyber News Read the…
CISA Adds Microsoft Windows and Rejetto HTTP File Server Bugs to its Known Exploited Vulnerabilities Catalog
The vulnerabilities added include CVE-2024-23692 affecting Rejetto HTTP File Server, CVE-2024-38080 impacting Windows Hyper-V, and CVE-2024-38112 targeting Windows MSHTML Platform. This article has been indexed from Cyware News – Latest Cyber News Read the original article: CISA Adds Microsoft Windows…
Microsoft July 2024 Patch Tuesday Fixes 142 Flaws, 4 Zero-Days
As part of Microsoft’s July 2024 Patch Tuesday, 142 flaws were addressed, including two zero-days actively exploited and two publicly disclosed. Five critical vulnerabilities were fixed, all related to remote code execution. This article has been indexed from Cyware News…
Monocle: Open-Source LLM for Binary Analysis Search
Monocle is an open-source tool powered by an LLM for searching natural language in compiled binaries. It can analyze binaries based on criteria like authentication code or password strings, using Ghidra headless for decompilation. This article has been indexed from…
Blast RADIUS Attack can Bypass Authentication for Clients
This vulnerability, known as Blast RADIUS and rated 7.5 out of 10 on the severity scale, affects the RADIUS networking protocol, potentially granting unauthorized access to network devices and services without credentials. This article has been indexed from Cyware News…
How CISA Plans to Measure Trust in Open-Source Software
The CISA is developing a new framework to assess the trustworthiness of open-source software projects. The agency’s open-source software security roadmap aims to increase visibility into OSS use and risks across the federal government. This article has been indexed from…
New Flaw in OpenSSH can Lead to Remote Code Execution
A vulnerability in certain versions of the OpenSSH secure networking suite may allow for remote code execution. The vulnerability, identified as CVE-2024-6409 with a CVSS score of 7.0, affects specific versions of OpenSSH such as 8.7p1 and 8.8p1. This article…
UK Government Advises Best Practices for Embedded Device Security
The cybersecurity arm of the UK government, RITICS, has released a new guide to assist companies in enhancing the security of their operational technology (OT) and industrial control system (ICS) hardware. This article has been indexed from Cyware News –…
Hackers Target WordPress Calendar Plugin Used by 150,000 Sites
Hackers are targeting a vulnerability in the Modern Events Calendar WordPress plugin found on over 150,000 websites to upload files and execute code remotely. The plugin by Webnus is used to manage events. This article has been indexed from Cyware…
Persistent npm Campaign Shipping Trojanized jQuery
Approximately 68 malicious packages were created between May 26 and June 23, 2024, with deceptive names like cdnjquery and jquertyi. These packages were manually crafted, unlike automated attacks, allowing the threat actor to steal website form data. This article has…
CISA and Partner Agencies Join ASD’S ACSC to Release Advisory on APT40, a Chinese State-Sponsored Group
Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the UK, and the US have warned about APT40, a China-linked cyber espionage group known for quickly exploiting new security bugs after public disclosure. This article has been indexed…
Researchers Catch Yemeni Hackers Spying on Middle East Military Phones
A Yemeni hacking group associated with the Houthi movement has been spying on military personnel in the Middle East by infecting their phones with surveillance software, according to cybersecurity firm Lookout. This article has been indexed from Cyware News –…
Scammers Double-Dip by Offering Prior Victims Help to Recover Stolen Funds
The scammers identify previous scam victims and pose as trusted entities such as government agencies, cybersecurity firms, or fund recovery services, asking for upfront fees or personal information to supposedly help with the recovery process. This article has been indexed…
Apache Fixed a Source Code Disclosure Flaw in Apache HTTP Server
This vulnerability, tracked as CVE-2024-39884 and caused by a regression, can lead to unintentional exposure of sensitive data when legacy content-type configurations are used. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Splunk Addresses Critical Vulnerabilities in Enterprise and Cloud Platforms
Splunk has released a set of security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including high-severity issues. CVE-2024-36985 allows remote code execution via External Lookup in Splunk Enterprise. This article has been indexed from Cyware News…
Update: Network Segmentation Hobbled Midnight Blizzard’s Attack on TeamViewer
The company revealed that their corporate IT network, production environment, and TeamViewer connectivity platform are segmented to prevent unauthorized access. Immediate remediation measures were effective in blocking suspicious activity. This article has been indexed from Cyware News – Latest Cyber…
Critical Infrastructure Providers Seek Guardrails on Scope, Timeline for CIRCIA Rules
Critical infrastructure providers are urging federal officials for more flexibility in reporting cyber incidents within the first 72 hours under the Cyber Incident Reporting for Critical Infrastructure Act. This article has been indexed from Cyware News – Latest Cyber News…
Increase in the Exploitation of Microsoft SmartScreen Vulnerability
Cyble Research and Intelligence Labs (CRIL) has identified an increase in the exploitation of the Microsoft SmartScreen vulnerability (CVE-2024-21412) through an active campaign targeting regions like Spain, the US, and Australia. This article has been indexed from Cyware News –…
As Cyber Command Evolves, Its Novel Malware Alert System Fades Away
The shift away from public disclosure on Twitter is part of an evolution in how the CNMF communicates cyber threat information. The command now focuses on working closely with industry partners to share information effectively and efficiently. This article has…
Indian Government Issues Serious Warning on Phishing Scams Alleging Sexual Offenses
The emails falsely accuse recipients of sexual offences, using names and seals of authorities to appear authentic. Citizens are advised not to respond to such emails and report them to authorities. This article has been indexed from Cyware News –…
Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 Ransomware Released
Avast researchers have identified a cryptographic weakness in the DoNex ransomware and its previous versions, enabling them to create a decryptor for files encrypted by these variants. This article has been indexed from Cyware News – Latest Cyber News Read…
New Variation of WordFence Evasion Malware Discovered
A new variation of WordFence evasion malware has been discovered, concealing backdoors in infected WordPress environments. A suspicious plugin named “wp-engine-fast-action” was found tampering with the popular WordFence security plugin. This article has been indexed from Cyware News – Latest…
Vinted Fined $2.6m Over Data Protection Failure
Vinted, a prominent online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for violating the EU’s General Data Protection Regulation (GDPR) by not properly handling personal data deletion requests. This article has been indexed from Cyware News – Latest…
Gogs Vulnerabilities May Put Your Source Code at Risk
Exploiting these flaws could allow attackers to execute arbitrary commands, read source code, and gain unauthorized access. The vulnerabilities require authentication, with one flaw specifically requiring the built-in SSH server to be enabled. This article has been indexed from Cyware…
Report: 47% of Corporate Data Stored in the Cloud Is Sensitive
Cloud resources are increasingly targeted by cyberattacks, with SaaS applications, cloud storage, and cloud management infrastructure being the top categories of attack, according to Thales. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Report: 99% of IoT Exploitation Attempts Rely on Previously Known CVEs
The expanding attack surface, with over 15 billion connected devices worldwide, raises concerns about privacy breaches for users. The average home now has 21 connected devices, facing more than 10 daily cyberattacks. This article has been indexed from Cyware News…
GootLoader is Still Active and Efficient
The malware has evolved into multiple versions, with GootLoader 3 being the latest one in use. Despite updates to the payload, the infection strategies have remained consistent since its resurgence in 2020. This article has been indexed from Cyware News…
Infostealing Malware Masquerading as Generative AI Tools
Information-stealing malware families have evolved to impersonate generative AI tools, with examples like GoldPickaxe stealing facial recognition data for deepfake videos. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Infostealing Malware Masquerading…
Pro-Bangladeshi Hacktivists Enter Global Stage with Matryoshka 424 Alliance
Team ARXU gained recognition earlier this year for targeting Romania over its support for Israel. The hacker group has a history of cyberattacks against Israel and its allies. This article has been indexed from Cyware News – Latest Cyber News…
Latest Ghostscript Vulnerability Haunts Experts as the Next Big Breach Enabler
The vulnerability could be exploited to compromise systems without requiring user interaction, contrary to some severity assessments initially made by Tenable and Red Hat. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Traeger Security Bugs Threatening Grillers’ Hard Work
Traeger grills face security bugs that could spell trouble for BBQ enthusiasts. High-severity vulnerabilities in the Traeger Grill D2 Wi-Fi Controller could allow remote attackers to control the grill’s temperature or shut it down. This article has been indexed from…
New Eldorado Ransomware Targets Windows, VMware ESXi VMs
Eldorado also encrypts network shares using the SMB protocol, deletes shadow volume copies, and skips certain file types to prevent system damage. Affiliates can customize attacks on Windows, while Linux customization is limited. This article has been indexed from Cyware…
Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication
Online accounts are increasingly protected by passkey technology, but many platforms like banking, e-commerce, social media, and software development can still be compromised using adversary-in-the-middle (AitM) attacks. This article has been indexed from Cyware News – Latest Cyber News Read…
New Golang Zergeca Botnet appeared in the threat landscape
The researchers at QiAnXin XLab team discovered a new Golang-based botnet called Zergeca, capable of conducting DDoS attacks. It was detected through a suspicious ELF file and has been used to launch DDoS attacks in Canada, the U.S., and Germany.…
Malicious QR Reader App in Google Play Delivers Anatsa Banking Malware
A malicious QR code reader app on Google Play has been found distributing the Anatsa banking malware, posing a significant threat to users’ financial data. The app has already been downloaded thousands of times. This article has been indexed from…
Turla: A Master of Deception
The Turla malware has been found using weaponized LNK files to infect computers. The malware leverages a compromised website to distribute malicious packages through phishing emails. This article has been indexed from Cyware News – Latest Cyber News Read the…
Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server from Rejetto to drop malware and cryptocurrency mining software by exploiting a critical vulnerability (CVE-2024-23692) that allows executing arbitrary commands without authentication. This article has been indexed from Cyware News…
OVHcloud blames record-breaking DDoS attack on MikroTik botnet
OVHcloud successfully mitigated a record-breaking DDoS attack with a packet rate of 840 million packets per second. The attack originated from compromised MikroTik network devices, which were used to generate high packet rates. This article has been indexed from Cyware…
384,000 sites pull code from sketchy code library recently bought by Chinese firm
Over 384,000 websites, including those of major companies and government entities, are still linking to the polyfill[.]io code library that was recently acquired by a Chinese firm and used to perform a supply chain attack. This article has been indexed…
Hackers abused API to verify millions of Authy MFA phone numbers
Twilio has confirmed that an unsecured API endpoint allowed threat actors to access phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. This article has been indexed from Cyware…
Infostealer malware logs used to identify child abuse website members
Researchers at Recorded Future’s Insikt Group analyzed infostealer malware logs captured between February 2021 and February 2024. They cross-referenced the credentials with 20 known CSAM domains, identifying 3,324 unique username-password pairs. This article has been indexed from Cyware News –…
RCE, DoS Exploits Found in Rockwell PanelView Plus: Patch Now
Microsoft has exposed two significant vulnerabilities in Rockwell Automation’s PanelView Plus devices that could be exploited by attackers to execute remote code and launch denial-of-service attacks. This article has been indexed from Cyware News – Latest Cyber News Read the…
New Ransomware Group Uses Phone Calls to Pressure Victims, Researchers Say
Researchers have identified a new ransomware group called Volcano Demon responsible for two recent successful attacks on companies in the manufacturing and logistics sectors. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Vulnerabilities in CocoaPods: The Achilles’ Heel of the Apple App Ecosystem
Recent discoveries have unveiled severe vulnerabilities within CocoaPods, a dependency manager essential for iOS and macOS application development. These security flaws could lead to significant supply chain attacks, jeopardizing numerous applications. The exploit allows attackers to alter the software update…
Secator: Open-Source Pentesting Swiss Army Knife
Secator is an open-source task and workflow runner designed for security assessments to streamline the use of various security tools for pen testers and security researchers. This article has been indexed from Cyware News – Latest Cyber News Read the…
Understanding the FakeBat Loader: Distribution Tactics and Cybercriminal Infrastructure
In the early part of 2024, the FakeBat loader, also known as EugenLoader or PaykLoader, emerged as a significant threat utilizing the drive-by download technique to spread malware. This article has been indexed from Cyware News – Latest Cyber News…
Feds Hit Health Entity With $950K Fine in Ransomware Attack
The US Department of Health and Human Services has levied a fine of $950,000 from the Heritage Valley Health System in Pennsylvania. It must address potential HIPAA violations after a ransomware attack in 2017. This article has been indexed from…