September 30, 2023
Via: Caitlin SimmonsIn today’s interconnected world, data breaches and cyber-attacks have become increasingly common, often making headline news. One of the recurring themes in many of these breaches is the vulnerability of password-based security. While passwords have been a cornerstone of digital […]
September 27, 2023
Via: SecurityCuratedAmidst the dynamic nature of modern work environments, characterized by the adoption of hybrid models, the conventional boundaries of office spaces are becoming history. This shift presents new possibilities for collaboration and heightened work efficiency, but it also brings unprecedented […]
Threats & Malware, Virus & Malware
September 8, 2023
Via: The Hacker NewsA new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic […]
Threats & Malware, Vulnerabilities
September 8, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]
Threats & Malware, Vulnerabilities
August 24, 2023
Via: The Hacker NewsA recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it […]
Threats & Malware, Virus & Malware
August 22, 2023
Via: The Hacker NewsA new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called “OfficeNote.” “The new version of XLoader is bundled inside a standard Apple […]
August 11, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft’s .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), […]
Threats & Malware, Virus & Malware
August 8, 2023
Via: The Hacker NewsAn unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate […]
August 7, 2023
Via: The Hacker NewsA group of academics has devised a “deep learning-based acoustic side-channel attack” that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy. “When trained on keystrokes recorded using the video conferencing software […]
Threats & Malware, Vulnerabilities
July 27, 2023
Via: The Hacker NewsCybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the […]
Application security, Security
July 11, 2023
Via: The Hacker NewsApple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors […]
Threats & Malware, Vulnerabilities
June 28, 2023
Via: The Hacker NewsMultiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. “These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements,” SonarSource researcher Thomas […]
Application security, Security
June 26, 2023
Via: The Hacker NewsAn unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134, said the […]
June 20, 2023
Via: The Hacker NewsOver 101,100 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available […]
June 16, 2023
Via: The Hacker NewsThe threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor’s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via […]
Threats & Malware, Virus & Malware
June 12, 2023
Via: The Hacker NewsA fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant “threat actors the ability to load numerous malware families and exploits with […]
Application security, Security
April 10, 2023
Via: The Hacker NewsToday, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use […]
July 7, 2022
Via: Help Net SecurityUnidentified cyber threat actors have started using Brute Ratel C4 (BRc4), an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have […]
Threats & Malware, Vulnerabilities
June 22, 2022
Via: Security WeekThe behavior, which is similar to that of suspicious or malicious applications, is related to Acrobat Reader’s use of the Chromium Embedded Framework (CEF), which has some incompatibility issues with certain security products. Minerva says it has observed a gradual […]
Threats & Malware, Vulnerabilities
June 13, 2022
Via: Security WeekPointer authentication (PA) is a mechanism to prevent the modification of pointers in memory using a cryptographic hash, or pointer authentication code (PAC). With the integrity of a pointer verified against the PAC, a crash is triggered if the values […]