Tag: malicious
-
What boards want and don’t want to hear from cybersecurity leaders
by
in SecurityNews
Tags: access, business, ciso, compliance, control, cyber, cybersecurity, email, malicious, metric, phishing, risk, security-incident, skills, strategy, technology, threat, training, update“It’s only when you report to someone not involved in technology that you realize you’re talking in jargon or not close to talking the language of the business,” says Bennett. Decoding what the board wants from security leaders: Cybersecurity leaders need regular contact with boards to foster familiarity and understanding. Without this, a lack of…
-
Ransomware bei einem Einrichtungshaus-Kette in Griechenland
by
in SecurityNewsAnnouncement about a malicious external action against the digital and electronic systems of Fourlis Group First seen on fourlis.gr Jump to article: www.fourlis.gr/Files/IR/Press%20Releases/en/2024/FOURLIS%20GROUP_PRESS%20RELEASE_20241202.pdf
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack organizations in Russia Atomic…
-
Threat Actors Manipulate Search Results to Lure Users to Malicious Websites
by
in SecurityNewsCybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search engine results, pushing malicious websites to the top where unsuspecting users are likely to click. In recent years, this tactic, often known as SEO poisoning or black hat SEO, has seen cybercriminals hijack the reputation of legitimate websites to promote…
-
Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications
by
in SecurityNewsThe emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns. In this blog we address FAQs about MCP. Background Tenable Research has compiled this blog…
-
npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers
by
in SecurityNewsReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching. First seen on hackread.com Jump to article: hackread.com/npm-malware-atomic-exodus-wallets-hijack-crypto/
-
Open Source Poisoned Patches Infect Local Software
by
in SecurityNewsMalicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering patches for locally installed programs. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/open-source-poisoned-patches-infect-local-software
-
Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms
Sapphire Werewolf has introduced a potent new weapon into its cyber arsenal, unveiling the latest iteration of the Amethyst stealer in a calculated phishing attack against an energy firm. According to the Report, the operation cunningly disguises a malicious payload as a mundane HR memo. The threat actor begins its attack with a fraudulent email,…
-
Malicious ‘mParivahan’ App Circulates on WhatsApp, Skimming Sensitive Mobile Data
by
in SecurityNewsA new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing what they believe is the official app. Infection Vector and Deceptive Tactics The malware spreads…
-
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet
by
in SecurityNewsLaw enforcement agencies in multiple countries have announced the arrests of users of the malicious Smokeloader botnet. The post Europol Targets Customers of Smokeloader Pay-Per-Install Botnet appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/europol-targets-customers-of-smokeloader-pay-per-install-botnet/
-
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
by
in SecurityNewsThreat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack.The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to…
-
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-attack-western-military-mission-using-malicious-drive/
-
Domain Reputation Update Oct 2024 Mar 2025
by
in SecurityNewsNew domains are up 7.39%, with 2.9 million malicious domains detected. Chinese gambling sites dominate the Top 20 TLDs, while .top remains a hotspot for abuse – this time with a spike in toll road scams. Read the full report here. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/domain-reputation-update-oct-2024-mar-2025/
-
SonicWall Patches Multiple Vulnerabilities in NetExtender Windows Client
by
in SecurityNewsSonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client. These vulnerabilities, identified via several Common Vulnerabilities and Exposures (CVEs), could allow malicious actors to exploit privilege management flaws, trigger local privilege escalation, or manipulate file paths. Users are urged to update their software immediately to mitigate potential risks. Overview…
-
Why Codefinger represents a new stage in the evolution of ransomware
by
in SecurityNews
Tags: access, advisory, attack, backup, best-practice, breach, business, cisco, cloud, computer, credentials, cybersecurity, data, defense, exploit, malicious, network, password, ransom, ransomware, risk, strategy, technology, threat, vmwareA new type of ransomware attack: The fundamentals of the Codefinger attack are the same as those in most ransomware attacks: The bad guys encrypted victims’ data and demanded payment to restore it.However, several aspects of the breach make it stand out from most other ransomware incidents:Attack vector: In traditional ransomware attacks, the attack vector…
-
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
by
in SecurityNewsThe Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first…
-
‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely
by
in SecurityNewsA sophisticated new red team technique dubbed >>RemoteMonologue
-
Malicious code execution possible with patched WhatsApp flaw
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/malicious-code-execution-possible-with-patched-whatsapp-flaw
-
China-Linked Hackers Continue Harassing Ethnic Groups With Spyware
Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/china-continues-harassing-ethnic-groups-spyware
-
Whatsapp plugs bug allowing RCE with spoofed filenames
by
in SecurityNewsWhatsapp makes for a popular attack vector: Whatsapp has been frequently targeted in the past for its popularity as an encrypted chatting platform. With over 10 billion downloads on Google Play Store alone, the platform makes for a lucrative target for threat actors.A similar security oversight was reported in July 2024 to be affecting the…
-
Rogue RDP: Abusing RDP for File Theft and Espionage
by
in SecurityNewsA recent report by Google Threat Intelligence Group (GTIG) has shed light on a sophisticated phishing campaign targeting European government and military organizations. This campaign, attributed to a suspected Russia-nexus espionage actor tracked as UNC5837, employed a novel technique leveraging the Remote Desktop Protocol (RDP) for malicious purposes. Unlike typical RDP attacks that focus on…
-
AI agents raise stakes in identity and access management
IT vendors roll out fresh tools to take on identity and access management for AI agents as enterprises deploy them internally and battle malicious ones externally. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366622025/AI-agents-raise-stakes-in-identity-and-access-management
-
New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control
by
in SecurityNewsGreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders (DVRs). The surge in malicious activity, peaking on April 3, 2025, with over 2,500 unique IP addresses, suggests a new variant of the notorious Mirai botnet is at play, exploiting an information disclosure vulnerability to seize administrative control over these…
-
Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet
by
in SecurityNewsXanthorox AI, a darknet-exclusive tool, uses five custom models to launch advanced, autonomous cyberattacks, ushering in a new AI threat era. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/xanthorox-ai/
-
WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files
If you use WhatsApp Desktop on Windows, listen up! A flaw in WhatsApp for Windows (CVE-2025-30401) let attackers disguise malicious files as safe ones. Update to version 2.2450.6 or later to stay secure. First seen on hackread.com Jump to article: hackread.com/whatsapp-windows-flaw-hackers-sneak-malicious-files/