The global American health insurance and services corporation UnitedHealth Group has announced that its health IT subsidiary Change Healthcare was the target of a malicious cyberattack. Based on its initial targeted data sampling, the company has discovered files containing personally identifiable information (PII) or protected health information (PHI), which may include a significant … [Read more...]
48 Vulnerabilities Uncovered In AI systems : Surge By 220%
Since the initial disclosure of 15 vulnerabilities in November 2023, a 220% increase in vulnerabilities impacting AI systems has been discovered, bringing the total to 48 vulnerabilities. The world’s first AI/ML bug bounty program, Protect AI, analyzes the whole OSS AI/ML supply chain for significant vulnerabilities. The experts discovered that specific security risks may be exploited … [Read more...]
GPT-4 Is Capable Of Exploiting 87% Of One-Day Vulnerabilities
Large language models (LLMs) have achieved superhuman performance on many benchmarks, leading to a surge of interest in LLM agents capable of taking action, self-reflecting, and reading documents. While these agents have shown potential in areas like software engineering and scientific discovery, their ability in cybersecurity remains largely unexplored. Cybersecurity researchers … [Read more...]
ToddyCat APT Hackers Deploy Multiple Tools to Hijack Network Infrastructure
Advanced Persistent Threat (APT) group known as ToddyCat, new insights have emerged regarding their sophisticated methods of hijacking network infrastructure to steal sensitive data from governmental organizations across the Asia-Pacific region. This group, previously reported on for using data collection and exfiltration tools, … [Read more...]
Lambda Layers Code Execution Flaw Leads To Supply Chain On AI/ML Applications
A new supply-chain vulnerability has been identified in the Lambda Layers of third-party TensorFlow-based Keras models. This vulnerability could allow threat actors to inject arbitrary code into any AI/ML application. Any Lambda Layers that were built before version Keras 2.13 are susceptible to a supply chain attack. A threat actor can create and distribute a trojanized popular model among … [Read more...]
Meet the New Flexible Kapeka Backdoor With Destructive Attacking Capabilities
A new backdoor named “Kapeka” has been identified to be attacking victims in Eastern Europe since mid-2022. Kapeka is a flexible backdoor that acts as an initial stage toolkit for the threat actors. In addition, the backdoor also overlaps with GreyEnergy and Prestige Ransomware attacks, which are linked to a threat group named Sandworm. Sandworm threat actors are well-known Russian … [Read more...]
TransparentTribe Hackers Weaponize Websites & Documents to Attack Indian Orgs
The hacker group known as TransparentTribe, also referred to as APT-36, has intensified its cyber espionage activities. This group, originating from Pakistan, has been actively targeting Indian government organizations, military personnel, and defense contractors with sophisticated cyberattacks aimed at compromising security and gathering sensitive information. TransparentTribe mostly goes … [Read more...]
Hackers Offering Admin Access to 3000 Fortinet SSL-VPN
Hackers are now offering administrative access to over 3000 Fortinet SSL-VPN devices. This breach poses a significant threat to the security of numerous organizations relying on these devices for secure remote access. A tweet from the account DailyDarkWeb, which quickly gained attention in cybersecurity circles, indicates that an unidentified group of hackers has managed to exploit … [Read more...]
Hackers Mimic Road Toll Collection Services to Steal Your Money
The FBI’s Internet Crime Complaint Center (IC3) has warned about a sophisticated smishing scam targeting drivers across multiple states. Since early March 2024, over 2,000 complaints have been filed with the IC3, detailing fraudulent text messages that masquerade as road toll collection services notifications. Victims report receiving text messages that appear to be from their state’s toll … [Read more...]
Citrix UberAgent Vulnerability Allows Attackers To Escalate Privileges
Citrix’s uberAgent, a sophisticated monitoring tool used to enhance performance and security across Citrix platforms, has been identified as having a critical vulnerability. The flaw, tracked under CVE-2024-3902, could allow attackers to escalate their privileges within the system, posing a significant threat to organizations using affected software versions. The vulnerability explicitly … [Read more...]
Most Important Python Security Tools for Ethical Hackers & Penetration Testers 2024
There are a variety of Python security tools are using in the cybersecurity industries and python is one of the widely used programming languages to develop penetration testing tools. For anyone who is involved in vulnerability research, reverse engineering or pen-testing, Cyber Security News suggests trying out mastering in Python For Hacking From Scratch. It has highly practical but it … [Read more...]
MITRE Hacked – Attackers Compromised R&D Networks Using Ivanti Zero-days
The MITRE Corporation, a non-profit organization that runs federally funded research and development centers, has disclosed that a sophisticated cyber attack recently compromised one of its internal research and development networks. MITRE detected the attack on one of its internal R&D networks and took immediate action to contain the incident. The attack was believed to have been … [Read more...]
PoC Exploit Released for Cisco IMC Flaw – Urgent Update Advised
Proof of Concept (PoC) exploit has been released for a critical vulnerability in Cisco’s Integrated Management Controller (IMC). This flaw, identified as CVE-2024-20356, allows for command injection and could enable attackers to gain root access to affected systems. Overview of the Vulnerability The vulnerability resides in the web-based management interface of the Cisco Integrated … [Read more...]
Hackers Posing as LastPass Employee to Steal Master Password & Hijack Accounts
In a sophisticated cyber attack, hackers have been discovered impersonating LastPass employees in an elaborate phishing campaign designed to steal users’ master passwords and hijack their accounts. This alarming development was recently highlighted by LastPass on their official blog, shedding light on the dangers posed by the CryptoChameleon phishing kit. The campaign, initially identified … [Read more...]
New Redline Stealer Variant Leverages Lua Bytecode For Stealthiness
Redline Stealer is a powerful information-stealing malware, and hackers often exploit this stealthy stealer to gain unauthorized access to a victim’s sensitive data. Threat actors can steal many sensitive and valuable data by exploiting the Redline Stealer. Threat actors can use The stolen data later for financial gain or other malicious purposes. Cybersecurity researchers at McAfee … [Read more...]
Cisco IMC Command Injection Vulnerability Under Active Attack
An attacker with read-only or higher privileges on a Cisco Integrated Management Controller (IMC) can exploit a command injection vulnerability (CVE-2024-20295) to gain full control (root access) of the underlying operating system. The vulnerability exists due to insufficient validation of user-supplied input on the IMC CLI and there are no workarounds available, but software updates to … [Read more...]
Cerber Linux Ransomware Exploits Atlassian Servers To Take Full Control
Hackers often use Linux ransomware due to its prevalence in server environments. This type of ransomware offers higher potential payouts from organizations with critical data. Cybersecurity analysts at Cado Security Labs recently analyzed the Linux variant of the Cerber ransomware, which is being deployed on Confluence servers via CVE-2023-22518, after receiving recent reports. Unlike … [Read more...]
“Cybercrime Index” Ranks: Russia, Ukraine, and China at the Top
A new “Cybercrime Index” has been introduced, ranking countries based on the threat level posed by cybercriminals. The Index reveals that many countries, led by Russia, Ukraine, and China, are the primary hubs for cybercriminal activities globally. Key Findings from the Study The World Cybercrime Index, developed through a partnership between the University of Oxford, and UNSW, and … [Read more...]
Chrome Security Update: 23 Vulnerabilities Fixed in Latest Release
Google has announced a comprehensive update to the Chrome and Extended Stable channels. The latest release, version 124.0.6367.60/.61 for Windows and Mac and version 124.0.6367.60 for Linux, addresses 23 security vulnerabilities. This update underscores Google’s ongoing commitment to safeguarding users against the evolving landscape of cyber threats. Version and Platform … [Read more...]
R00TK1T Claims that They have Acquired Confidential Data from Nestle
The hacker group known as R00TK1T has announced that it has successfully entered the systems of Nestle, the world’s largest food and beverage company, and acquired confidential data. The claim was made through a social media post, which has since caught the attention of cybersecurity experts and corporate watchdogs. R00TK1T took to social media to declare their latest cyber conquest. … [Read more...]
- « Previous Page
- 1
- …
- 8
- 9
- 10
- 11
- 12
- …
- 88
- Next Page »