Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

April 18, 2024

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That’s according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the […]

Windows 10 latest update is broken and riddled with bugs – with no fix in sight

April 9, 2024

Back in January, we reported on a small security update patch for Windows 10 that brought on a lot of headaches for IT admins and brought on a veritable cavalcade of error codes. Microsoft promised a fix was in the […]

Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

April 2, 2024

The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, […]

Mobile, Mobile security, Threats & Malware, Virus & Malware

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

April 15, 2024

Via: The Hacker News

Cybersecurity researchers have discovered a “renewed” cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. “The latest iteration of LightSpy, dubbed ‘F_Warehouse,’ boasts a modular framework with extensive spying […]

Cyber warfare, Cyber-crime

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

April 15, 2024

Via: Security Affairs

Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet. The Blackjack group […]

Threats & Malware, Vulnerabilities

Palo Alto Networks Warns of Exploited Firewall Vulnerability

April 12, 2024

Via: Security Week

Tracked as CVE-2024-3400 and assigned a severity score of 10 out of 10, the security defect was identified in the GlobalProtect feature of PAN-OS, the operating system running on Palo Alto Networks appliances. “A command injection vulnerability in the GlobalProtect […]

Threats & Malware, Vulnerabilities

Microsoft fixed two zero-day bugs exploited in malware attacks

April 11, 2024

Via: Security Affairs

Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows […]

Threats & Malware, Vulnerabilities

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

April 9, 2024

Via: Security Affairs

Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on […]

Data loss, Threats & Malware

Home Depot confirms worker data leak after miscreant dumps info online

April 8, 2024

Via: The Register

Home Depot has confirmed that a third-party company accidentally exposed some of its employees’ personal details after a criminal copy-pasted the data online. In a statement to The Register, Home Depot spokesperson Beth Marlowe said: “A third-party SaaS vendor inadvertently […]

Cyber-crime, Malware

Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms

April 8, 2024

Via: Dark Reading

The sophisticated threat group behind a complex JavaScript remote access Trojan (RAT) known as JSOutProx has released a new version of the malware to target organizations in the Middle East. Cybersecurity services firm Resecurity analyzed technical details of multiple incidents […]