Video Various questions linger following the botnet’s sudden and deliberate demise, including: who actually initiated it? 03 Nov 2023 This week, ESET researchers described what they had aptly called “a fascinating case of cyberforensics” – the sudden and mysterious shutdown of the Mozi botnet. One of the world’s most notorious IoT botnets experienced a sudden
An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That’s according to findings from Kaspersky, which has codenamed the threat StripedFly, describing it as an “intricate modular framework that supports both
Threat actors have compromised sensitive health data on tens of millions of US patients so far this year, according to new figures released by the Department of Health and Human Services (HHS). The HHS said that there had been a 239% increase in “large breaches” reported to its Office for Civil Rights (OCR) in the
Nov 03, 2023NewsroomCloud Security / Linux The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a “new experimental campaign” designed to breach cloud environments. “Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials
A new social engineering campaign conducted by the “MuddyWater” group has been observed targeting two Israeli entities with tactics, techniques and procedures (TTPs) previously associated with this threat actor. MuddyWater, a group known for spear-phishing emails since 2020, has historically employed links and PDFs, RTFs and HTML attachments that direct victims to archives hosted on different file-sharing
Nov 02, 2023The Hacker NewsSaaS Security / Software This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model Securing employees’ SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches
North Korean hackers suspected to be associated with the Lazarus Group have been observed targeting blockchain engineers involved in cryptocurrency exchange platforms with a new macOS malware named Kandykorn. This intrusion, tracked as REF7001 by Elastic Security Labs, utilized a combination of custom and open source capabilities to gain initial access and post-exploitation on macOS
We Live Progress Global Diversity Awareness Month is a timely occasion to reflect on the steps required to remove the obstacles to women’s participation in the security industry, as well as to consider the value of inclusion and diversity in the security workforce. 31 Oct 2023 • , 7 min. read While our digital age
A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that’s offered to other threat actors for at least over the past four years. Prolific Puma creates “domain names with an RDGA [registered domain generation algorithm] and use these domains to provide a link shortening
Cybersecurity experts at Cisco Talos have exposed the latest operations of the espionage-driven Arid Viper advanced persistent threat (APT) group. The new campaign, active since April 2022, has been targeting Arabic-speaking Android users. According to an advisory published earlier today, the modus operandi of Arid Viper involves the deployment of customized mobile malware in the
Digital Security Cybersecurity Awareness Month draws to a close and Halloween is just around the corner, so here is a bunch of spine-tingling figures about some very real tricks and threats lurking online Phil Muncaster 30 Oct 2023 • , 4 min. read October is Cybersecurity Awareness Month (CSAM) in the US and Canada and
Nov 01, 2023NewsroomVulnerability / Cyber Attack F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure that could result in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker
A new malicious campaign by the notorious Lazarus Group has been observed leveraging malware distributed through legitimate software. Kaspersky’s Research and Analysis Team (GReAT) unveiled the cyber campaign at the Security Analyst Summit (SAS). The team’s investigation identified a series of cyber incidents where targets were infected through legitimate software designed to encrypt web communications
Oct 31, 2023NewsroomPrivacy / Online Security Meta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union (EU), European Economic Area (EEA), and Switzerland to comply with “evolving” data protection regulations in the region. The ad-free subscription, which costs €9.99/month on the web or €12.99/month
Microsoft has described the Octo Tempest (aka Scattered Spider, 0ktapus, UNC3944) group as “one of the most dangerous financial criminal groups” operating today. In a lengthy analysis, the tech giant explained that the financial extortion group is unusual in comprising English-speaking threat actors, even though it has collaborated with the Russian-speaking ALPHV/BlackCat ransomware operation. “Historically,
Oct 30, 2023NewsroomKubernetes / Server Security Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows – CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain
The UK’s National Cyber Security Centre (NCSC) has announced the launch of a new offering designed to prevent school users visiting malicious websites. PDNS for Schools is completely free and will be rolled out from now into the coming year, according to NCSC deputy director for economy and society, Sarah Lyons. “This timeframe will allow
Video The zero-day exploit deployed by the Winter Vivern APT group only requires that the target views a specially crafted message in a web browser 27 Oct 2023 This week, ESET research described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to target European governmental entities
Oct 28, 2023NewsroomPrivacy / Data Security New findings have shed light on what’s said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. “The attacker has issued several new TLS certificates using
Generative AI is too beneficial to abandon despite the threats it poses to organizations, according to experts speaking at the ISC2 Security Congress 2023. During a session at the event, Kyle Hinterburg, Manager at LBMC and Brian Willis, Senior Manager at LBMC pointed out that while criminals will utilize generative AI tools and they carry
Oct 27, 2023NewsroomCyber Attack / Malware The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and
In an update to previous reports, Kaspersky’s Global Research and Analysis Team (GReAT) has disclosed new insights into the notorious Operation Triangulation at the recent Security Analyst Summit. The investigation delves into the complex cyber assault that targeted both the public and Kaspersky’s own employees, offering fresh details on the attack chain and its implications
ESET Research ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible Matthieu Faou 25 Oct 2023 • , 5 min. read ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began
Oct 27, 2023NewsroomNetwork Security / Vulnerability F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. “This vulnerability
Oct 25, 2023NewsroomThreat Intelligence / Vulnerability The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims’ accounts. “Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube,” ESET security researcher Matthieu Faou said
ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new campaign, described in an advisory published today, targeted Roundcube Webmail servers of governmental entities and a think tank in Europe. ESET Research promptly reported the vulnerability to the
Salt Security has revealed research unveiling critical API security vulnerabilities in the OAuth protocol implementations of popular online platforms like Grammarly, Vidio and Bukalapak. These vulnerabilities, which have now been addressed, had the potential to compromise user credentials and enable full account takeovers, endangering billions of users. The research paper, published today, marks the final chapter
Digital Security Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off? André Lameiras 23 Oct 2023 • , 6 min. read “Continue with Google” – such a seamless way to sign
Oct 25, 2023NewsroomExploit / Vulnerability Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. “An
A recent research report by Uptycs has highlighted the evolution of QuasarRAT, an open-source remote administration tool (RAT) known for its lightweight nature and range of malicious functions. According to an advisory published on Friday by Uptycs security researcher Tejaswini Sandapolla, the C#-based tool, also referred to as CinaRAT or Yggdrasil, has been discovered employing
- « Previous Page
- 1
- …
- 10
- 11
- 12
- 13
- 14
- …
- 114
- Next Page »