Tag: malicious
-
Dell Warns of Critical Code Execution Vulnerability in Power Manager
by
in SecurityNewsDell Technologies has issued a security advisory, DSA-2024-439, to alert users of a critical vulnerability in its Dell Power Manager software. The vulnerability, identified as CVE-2024-49600, could allow malicious attackers to execute arbitrary code and gain elevated privileges on the affected systems. Users are urged to update immediately to mitigate potential risks. The vulnerability has been…
-
Ongoing Phishing and Malware Campaigns in December 2024
by
in SecurityNewsCyber attackers never stop inventing new ways to compromise their targets. That’s why organizations must stay updated on the latest threats. Here’s a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you.Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems…
-
Researchers Uncovered Hackers Infrastructre Using Passive DNS Technique
by
in SecurityNewsCybersecurity researchers have unveiled an advanced technique to uncover hackers’ operational infrastructure using passive DNS data. This groundbreaking method sheds light on how attackers establish and maintain their networks to perpetrate malicious activities while remaining resilient to detection. By leveraging passive DNS analysis, experts have made significant strides in identifying threats before they wreak havoc,…
-
Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins
by
in SecurityNewsCybercriminals online take advantage of well-known events to register malicious domains with keywords related to the event, with the intention of tricking users through phishing and other fraudulent schemes. The analysis examines event-related abuse trends across domain registrations, DNS and URL traffic, active domains, verdict change requests, and domain textual patterns, with specific examples from…
-
New Meeten Malware Attacking macOS And Windows Users To Steal Logins
by
in SecurityNewsA sophisticated crypto-stealing malware, Realst, has been targeting Web3 professionals, as the threat actors behind this campaign have employed AI-generated content to create fake companies, such as >>Meetio,
-
Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners
by
in SecurityNewsThe Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can exploit this vulnerability by manipulating serialized class types in the OpenWire protocol to load malicious class configurations from external sources. Successful exploitation allows attackers to execute arbitrary code on the vulnerable server, leading to potential system compromise, which has been actively…
-
Hackers Target Android Users via WhatsApp to Steal Sensitive Data
Researchers analyzed a malicious Android sample created using Spynote RAT, targeting high-value assets in Southern Asia, which, likely deployed by an unknown threat actor, aims to compromise sensitive information. Although the target’s precise location and nature have not been disclosed, its high-value nature suggests that advanced persistent threat (APT) groups may be interested in it. …
-
APT53 Weaponizing LNK Files To Deploy Malware Into Target Systems
by
in CISOGamaredon, a persistent threat actor since 2013, targets the government, defense, diplomacy, and media sectors of their victims, primarily through cyberattacks, to gain sensitive information and disrupt operations. It continues to employ sophisticated tactics, leveraging malicious LNK and XHTML files alongside intricate phishing schemes to carry out cyberattacks. Phishing emails with four distinct attack payloads…
-
SpyNote RAT Targets High-Value Individuals in Southern Asia
by
in SecurityNewsCybersecurity researchers at CYFIRMA have uncovered a sophisticated cyberattack targeting high-value individuals in Southern Asia. Leveraging the SpyNote Remote Administration Tool (RAT), an unknown threat actor designed a malicious Android... First seen on securityonline.info Jump to article: securityonline.info/spynote-rat-targets-high-value-individuals-in-southern-asia/
-
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
by
in SecurityNewsA flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/
-
Bug bounty programs: Why companies need them now more than ever
by
in SecurityNews
Tags: attack, best-practice, bug-bounty, business, crypto, cyber, cybercrime, cybersecurity, defense, exploit, finance, guide, hacker, hacking, jobs, malicious, ransom, strategy, threat, tool, update, vulnerability, zero-dayIn the fast-evolving landscape of cybersecurity, the need for proactive measures has become more pressing than ever.When I first entered the cybersecurity field, the primary threats were largely opportunistic hackers exploiting known vulnerabilities and multi-million-dollar ransoms were unheard of. Today, the stakes are significantly higher. According to Cybersecurity Ventures, cybercrime is expected to cost the…
-
Attackers Can Use QR Codes to Bypass Browser Isolation
by
in SecurityNewsResearchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/attackers-qr-codes-bypass-browser-isolation
-
Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation
by
in SecurityNewsThe CVE-2024-54143 vulnerability affects the OpenWrt sysupgrade server and exposes users to risks of installing malicious firmware images. The post Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-openwrt-flaw-exposes-firmware-update-server-to-exploitation/
-
Update your OpenWrt router! Security issue made supply chain attack possible
by
in SecurityNewsA security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/openwrt-security-update-supply-chain-attack/
-
Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices
A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight.”Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems,” the company’s security research team…
-
QR codes bypass browser isolation for malicious C2 communication
by
in SecurityNewsMandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/qr-codes-bypass-browser-isolation-for-malicious-c2-communication/
-
QNAP High Severity Vulnerabilities Let Remote attackers to Compromise System
by
in SecurityNewsQNAP Systems, Inc. has identified multiple high-severity vulnerabilities in its operating systems, potentially allowing attackers to compromise systems and execute malicious activities. These issues affect several versions of QNAP’s QTS and QuTS hero operating systems. Users are urged to update their devices immediately to mitigate security risks. Below is an overview of the identified vulnerabilities:…
-
Businesses plagued by constant stream of malicious emails
by
in SecurityNews36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails processed through their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/malicious-emails-inboxes/
-
Report Exposes Cybercriminal Exploitation of High-Profile Events
by
in SecurityNewsThreat actors consistently exploit public interest in high-profile events to launch targeted campaigns, leveraging deceptive domains, phishing schemes, and malicious traffic. According to a detailed report by Unit 42, these... First seen on securityonline.info Jump to article: securityonline.info/report-exposes-cybercriminal-exploitation-of-high-profile-events/
-
Supply chain compromise of Ultralytics AI library results in trojanized versions
by
in SecurityNewsAttackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.According to researchers from…
-
EndYear PTO: Days Off and Data Exfiltration with Formbook
The holiday season is a time of joy and relaxation, but it often brings an influx of corporate emails ranging from leave approvals to scheduling paid time off. The Cofense Phishing Defense Center (PDC) has recently intercepted a malicious phishing email masquerading as a legitimate end-of-year leave approval notice. Disguised as a formal HR communication,…
-
New Windows zero-day exposes NTLM credentials, gets unofficial patch
by
in SecurityNewsA new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/
-
Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware
by
in SecurityNewsBlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using spearphishing emails with malicious HTML attachments to deliver GammaLoad malware. To evade detection, BlueAlpha is leveraging Cloudflare Tunnels to conceal their infrastructure and using DNS fast-fluxing for their C2 servers, as this ongoing campaign, active since early 2024, highlights the persistent…
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
Researchers Released hrtng IDA Pro Plugin for Malware Analyst to Make Reverse Engineering Easy
by
in SecurityNewsThe Global Research and Analysis Team (GReAT) has announced the release of hrtng, a cutting-edge plugin for IDA Pro, one of the most prominent tools for reverse engineering. Designed specifically to enhance the efficiency of malware analysis, hrtng provides analysts with powerful features that automate and simplify the otherwise intricate tasks involved in dissecting malicious binaries. The…
-
GenAI makes phishing attacks more believable and cost-effective
GenAI is a powerful tool that can be used by security teams to protect organizations, however, it can also be used by malicious actors, making phishing-related attacks a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/06/genai-phishing-attacks-concerns/