Tag: exploit

INTERPOL Urges to End ‘Pig Butchering’ Replaces With >>Romance Baiting<<

Dec 18, 2024 1:42 PM

by

Andy Stern

in SecurityNews

Tags: cyber, exploit, international, interpol, law, scam

INTERPOL has called for the term >>romance baiting>pig butchering,>Romance Baiting
Exploitation of Recent Critical Apache Struts 2 Flaw Begins

Dec 18, 2024 12:42 PM

by

Andy Stern

in SecurityNews

Tags: apache, attack, exploit, flaw, malicious, remote-code-execution, vulnerability

Researchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). The post Exploitation of Recent Critical Apache Struts 2 Flaw Begins appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/
Careto A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal Files

Dec 18, 2024 11:42 AM

by

Andy Stern

in SecurityNews

Tags: attack, cyber, cyberattack, email, exploit, group, threat, windows

Recent research has linked a series of cyberattacks to The Mask group, as one notable attack targeted a Latin American organization in 2022, where attackers compromised the organization’s MDaemon email server and exploited the WorldClient webmail component to maintain persistent access. While the initial compromise vector remains unknown, the successful exploitation of the MDaemon server…
Jetzt patchen! Angreifer nutzen kritische Sicherheitslücke in Apache Struts aus

Dec 18, 2024 11:42 AM

by

Andy Stern

in SecurityNews

Tags: apache, bug, exploit

Die Uploadfunktion von Apache Struts ist fehlerhaft und Angreifer können Schadcode hochladen. Sicherheitsforscher warnen vor Attacken. First seen on heise.de Jump to article: www.heise.de/news/Jetzt-patchen-Angreifer-nutzen-kritische-Sicherheitsluecke-in-Apache-Struts-aus-10212840.html
Meta hit with $263 million fine in Europe over 2018 data breach

Dec 18, 2024 11:42 AM

by

Andy Stern

in SecurityNews

Tags: access, breach, business, ceo, cio, compliance, cyber, data, data-breach, exploit, finance, framework, GDPR, governance, incident response, law, privacy, regulation, risk, technology, threat, unauthorized, vulnerability

Meta has been fined $263.5 million (Euro251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally.The breach exploited a vulnerability in Facebook’s “view as” feature, which allows users to view their profiles as others would see them.The exploit enabled unauthorized access…
Azure Data Factory And Apache Airflow Integration Flaws Let Attackers Gain Write Access

Dec 18, 2024 10:42 AM

by

Andy Stern

in SecurityNews

Tags: access, apache, breach, control, cyber, data, exploit, flaw, microsoft, service, unauthorized, vulnerability

Researchers have uncovered vulnerabilities in Microsoft Azure Data Factory’s integration with Apache Airflow, which could potentially allow attackers to gain unauthorized access and control over critical Azure resources. By exploiting these vulnerabilities, attackers could compromise the integrity of the Azure environment, potentially leading to data breaches, service disruptions, and other severe consequences. The identified vulnerabilities…
Cybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns

Dec 18, 2024 10:42 AM

by

Andy Stern

in SecurityNews

Tags: cyber, cybercrime, exploit, google, phishing, tool

Attackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations. Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts. Google Calendar: A Trusted Tool Turned Target Google Calendar, a widely used scheduling tool with over…
Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released

Dec 18, 2024 9:42 AM

by

Andy Stern

in SecurityNews

Tags: access, cve, cyber, exploit, framework, unauthorized, vulnerability

A Proof of Concept (PoC) exploit for the critical path traversal vulnerability identified as CVE-2024-38819 in the Spring Framework has been released, shedding light on a serious security issue affecting applications that serve static resources via functional web frameworks. This vulnerability allows attackers to access unauthorized files on the server through carefully crafted HTTP requests.…
Hackers Exploit Linux SSH Servers Using Screen hping3 Tools With >>cShell<< Bot

Dec 18, 2024 9:42 AM

by

Andy Stern

in SecurityNews

Tags: attack, cyber, data-breach, exploit, hacker, intelligence, linux, malware, monitoring, service, tool

The AhnLab Security Intelligence Center (ASEC) has detected a new strain of malware targeting poorly protected Linux SSH servers. This malware, named >>cShell,
CISOs should stop freaking out about attackers getting a boost from LLMs

Dec 18, 2024 8:43 AM

by

Andy Stern

in SecurityNews

Tags: ai, attack, automation, ciso, cyber, cybercrime, cybersecurity, defense, disinformation, exploit, hacker, hacking, infrastructure, LLM, malware, network, offense, penetration-testing, phishing, programming, ransomware, risk, social-engineering, startup, technology, threat, tool, vulnerability, warfare

A common refrain from cybersecurity professionals in recent years has been the need for a diversification of the CISO role to meet the demands of increased responsibility across numerous categories. In the past year, this refrain has grown louder, specifically around the topic of generative AI.Large language models (LLMs) have added a new dimension to…
Hackers Attacking Linux SSH Servers DDoS Bot cShell Using Screen hping3 Tools

Dec 18, 2024 8:43 AM

by

Andy Stern

in SecurityNews

Tags: attack, cyber, data-breach, ddos, exploit, hacker, intelligence, linux, malware, monitoring, service, tool

The AhnLab Security Intelligence Center (ASEC) has detected a new strain of malware targeting poorly protected Linux SSH servers. This malware, named >>cShell,
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Dec 18, 2024 7:42 AM

by

Andy Stern

in SecurityNews

Tags: apache, cve, cvss, exploit, flaw, threat, update, vulnerability

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164,…
Top 10 Cyberattacks in 2024 that Stole the Spotlight

Dec 18, 2024 6:42 AM

by

Andy Stern

in SecurityNews

Tags: attack, corporate, cyberattack, data, exploit, infrastructure, ransomware, threat, vulnerability

Cyberattacks this year have escalated into a high-stakes battle, with increasingly advanced attacks targeting critical infrastructure, personal data, and corporate systems. From state-sponsored cyberattacks to ransomware campaigns, the top cyberattacks of 2024 have proven that threat actors have been weaponizing advanced technologies to exploit vulnerabilities in both private and public sectors. First seen on thecyberexpress.com…
HiatusRAT Campaign Targets Web Cameras and DVRs: FBI Warns of Rising IoT Exploits

Dec 18, 2024 5:42 AM

by

Andy Stern

in SecurityNews

Tags: cctv, cisa, exploit, Internet, iot, malware

The FBI, in collaboration with CISA, has issued a new alert regarding the HiatusRAT malware campaign. The latest iteration of the campaign has shifted its focus to Internet of Things... First seen on securityonline.info Jump to article: securityonline.info/hiatusrat-campaign-targets-web-cameras-and-dvrs-fbi-warns-of-rising-iot-exploits/
Critical security hole in Apache Struts under exploit

Dec 17, 2024 11:42 PM

by

Andy Stern

in SecurityNews

Tags: apache, attack, exploit, rce, remote-code-execution, update

You applied the patch that could stop possible RCE attacks last week, right? First seen on theregister.com Jump to article: www.theregister.com/2024/12/17/critical_rce_apache_struts/
Clop is back to wreak havoc via vulnerable file-transfer software

Dec 17, 2024 9:43 PM

by

Andy Stern

in SecurityNews

Tags: attack, cybersecurity, exploit, extortion, group, ransomware, software, threat, vulnerability

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks. Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT…
Over 300 orgs compromised through several DrayTek exploits

Dec 17, 2024 9:43 PM

by

Andy Stern

in SecurityNews

Tags: exploit

First seen on scworld.com Jump to article: www.scworld.com/brief/over-300-orgs-compromised-through-several-draytek-exploits
Identity crisis: Cybercriminals are exploiting trust faster than you can defend it

Dec 17, 2024 9:43 PM

by

Andy Stern

in SecurityNews

Tags: cybercrime, exploit, identity

First seen on scworld.com Jump to article: www.scworld.com/feature/identity-crisis-cybercriminals-are-exploiting-trust-faster-than-you-can-defend-it
Winnti-Like ‘Glutton’ Backdoor Targets Cybercriminals

Dec 17, 2024 8:43 PM

by

Andy Stern

in SecurityNews

Tags: backdoor, china, cybercrime, exploit, hacker, malware, threat

Malware Exploits Cybercrime Ecosystem for Profit. Hackers are using a variant of a backdoor that’s the hallmark of a Chinese threat actor suspected of ties to Beijing in order to target the cybercriminal underground. The malware t shares near-complete similarity with a backdoor exclusively used by the Winnti Group. First seen on govinfosecurity.com Jump to…
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

Dec 17, 2024 7:42 PM

by

Andy Stern

in SecurityNews

Tags: access, exploit, malware, microsoft, social-engineering

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate.”An attacker used social engineering via a Microsoft Teams call to impersonate a user’s client and gain remote access to their system,” Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.”The attacker…
New critical Apache Struts flaw exploited to find vulnerable servers

Dec 17, 2024 7:42 PM

by

Andy Stern

in SecurityNews

Tags: apache, cve, exploit, flaw, vulnerability

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/
Cleo releases CVE for actively exploited flaw in file-transfer software

Dec 17, 2024 6:42 PM

by

Andy Stern

in SecurityNews

Tags: cve, exploit, flaw, ransomware, software, vulnerability, zero-day

Researchers confirmed a new zero-day vulnerability is separate from a flaw originally disclosed in October. A notorious ransomware group;linked itself to the attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cleo-exploited-flaw-file-transfer-software/735664/
Next-gen cybercrime: The need for collaboration in 2025

Dec 17, 2024 5:42 PM

by

Andy Stern

in SecurityNews

Tags: ai, attack, awareness, cloud, crime, crimes, cyber, cyberattack, cybercrime, cybersecurity, defense, exploit, framework, group, healthcare, infrastructure, intelligence, risk, service, strategy, tactics, technology, threat, training, vulnerability

Cybercrime is a relentless and evolving threat to organizations worldwide. However, with the right insights, we can significantly enhance our security, mitigate risks, and stay ahead of these criminals.FortiGuard Labs’ Cyberthreat Predictions for 2025 report is designed to provide exactly these insights. It identifies emerging threat trends for the coming year and offers actionable guidance…
Cybercriminals Exploit Google Calendar to Spread Malicious Links

Dec 17, 2024 5:42 PM

by

Andy Stern

in SecurityNews

Tags: cybercrime, email, exploit, google, malicious

Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-exploit-google/
Cyber Criminals Exploit Windows Management Console to Deliver Backdoor Payloads

Dec 17, 2024 1:42 PM

by

Andy Stern

in SecurityNews

Tags: attack, backdoor, cyber, exploit, microsoft, phishing, threat, windows

A recent campaign dubbed FLUX#CONSOLE has come to light, leveraging Microsoft Common Console Document (.MSC) files to infiltrate systems with backdoor malware. The campaign showcases the growing sophistication of phishing techniques and the exploitation of lesser-known Windows features. The FLUX#CONSOLE Campaign The FLUX#CONSOLE campaign has been identified as a multi-stage attack with sinister objectives. By using MSC files, threat actors…
CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities

Dec 17, 2024 12:42 PM

by

Andy Stern

in SecurityNews

Tags: adobe, cisa, exploit, vulnerability, windows

CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild. The post CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-exploited-adobe-coldfusion-windows-vulnerabilities/
CyberPanel: Angreifer können Schadcode einschleusen

Dec 17, 2024 12:42 PM

by

Andy Stern

in SecurityNews

Tags: exploit, vulnerability

In der Server-Verwaltungssoftware CyberPanel wurden zwei Schwachstellen entdeckt. Sie erlauben Angreifern das Einschleusen beliebigen Codes. First seen on heise.de Jump to article: www.heise.de/news/CyberPanel-Angreifer-koennen-Schadcode-einschleusen-10202632.html
Beware of Malicious Ads on Captcha Pages that Deliver Password Stealers

Dec 17, 2024 11:42 AM

by

Andy Stern

in SecurityNews

Tags: captcha, cyber, cybercrime, exploit, malicious, malware, password

Malicious actors have taken cybercrime to new heights by exploiting captcha verification pages, a typically harmless security feature, to launch large-scale malware distribution campaigns. This startling revelation uncovers how these fake captchas, interlaced with malicious advertising, are infecting users with password-stealing malware. Over the past several weeks, cybercriminals have been leveraging fake captcha pages to…
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Dec 17, 2024 11:42 AM

by

Andy Stern

in SecurityNews

Tags: attack, cyber, detection, exploit, hacker, malware, software, threat, tool, update

Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker.”Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks,” Morphisec researcher Nadav Lorber said in a technical report published Monday.The attacks make use of fake update alerts…
CrushFTP: Attacken auf Admins möglich

Dec 17, 2024 11:42 AM

by

Andy Stern

in SecurityNews

Tags: exploit

Angreifer können in Logs von CrushFTP Schadcode verstecken. Dagegen gerüstete Versionen sind verfügbar. First seen on heise.de Jump to article: www.heise.de/news/CrushFTP-Attacken-auf-Admins-moeglich-10202537.html