Hackers primarily use ransomware to gain financial gain from their victims by blackmailing them for payments to recover their encrypted files and systems. However, ransomware can also be weaponized as a destructive cyber weapon that creates confusion in critical infrastructures. Megazord ransomware has been actively attacking healthcare and government entities. Megazord Ransomware … [Read more...]
Leicester City Cyber Attack Leads to Street Light Burning All Day & Night
Residents of Leicester have been facing an unusual urban phenomenon: street lights that stay lit day and night. This issue stems from a severe cyber attack that targeted Leicester City Council’s IT systems, leading to a series of disruptions in city services, including street lighting management. The persistent glow of street lights has become a significant concern for the locals. Roger … [Read more...]
Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk
Researchers have uncovered critical security vulnerabilities in several widely used keyboard apps, including those from major tech giants Samsung, OPPO, Vivo, and Xiaomi. These flaws could allow network eavesdroppers to intercept and decipher every keystroke a user makes, exposing sensitive personal and financial information. The Citizen Lab’s comprehensive study focused on the security of … [Read more...]
Hackers Hijacking Antivirus Updates to Deliver GuptiMiner
A sophisticated malware campaign has been compromising the update mechanism of eScan antivirus software to distribute malicious backdoors and cryptocurrency mining software. The campaign, dubbed GuptiMiner, has been linked to a threat actor with potential connections to the notorious Kimsuky group. GuptiMiner leverages a man-in-the-middle attack to exploit vulnerabilities in the update … [Read more...]
Proton Mail Unveils Dark Web Monitoring to Check for Credentials Leaks
Proton Mail has introduced a new feature to enhance the safety of its users’ online identities. The new Dark Web Monitoring tool is designed to alert users about potential credential leaks, ensuring they can take immediate action to protect their accounts. Here’s a detailed look at this innovative feature. Your email address is more than just a communication method; it’s your online … [Read more...]
FBI Director Wray Issues Warning on Chinese Cyber Attacks
Vanderbilt Summit on Modern Conflict and Emerging Threats, FBI Director Christopher Wray highlighted the severe and ongoing cyber threats the Chinese government poses to U.S. national and economic security. Speaking to an audience of experts from various sectors, including national security, cybersecurity, and academia, Director Wray articulated the immediate risks the Chinese government … [Read more...]
Russian Hackers Exploiting Windows Print Spooler Using GooseEgg Tool
Hackers abuse Windows Print Spooler vulnerabilities because it runs with elevated SYSTEM privileges, allowing privilege escalation. Also, exploiting it enables remote code execution and credential theft. Microsoft exposed the Russian threat actor Forest Blizzard (aka APT28, Sednit, Sofacy, and Fancy Bear), who has been using a custom tool called GooseEgg to elevate privileges and steal … [Read more...]
Forminator WordPress Plugin Flaw Exposes Over 50,000 Websites to Cyber Attacks
In a recent cybersecurity revelation, over 50,000 websites using the popular WordPress plugin Forminator are at risk due to multiple critical vulnerabilities. If exploited, these flaws could allow attackers to perform a range of malicious activities, from stealing sensitive data to taking complete control of the affected websites. Forminator is a widely used WordPress plugin designed to … [Read more...]
WordPress Responsive theme Flaw Let Attackers Inject Malicious HTML Scripts
A vulnerability was identified in the WordPress theme, “Responsive,” allowing attackers to inject arbitrary HTML content into websites. This flaw, as CVE-2024-2848, poses a severe risk to website integrity and user safety. CVE-2024-2848 – Arbitrary HTML Content Injection The vulnerability was specifically found in the footer section of the Responsive theme, where attackers could modify … [Read more...]
UnitedHealth Group Ransomware Attack : Hackers Stolen Patients Data
The global American health insurance and services corporation UnitedHealth Group has announced that its health IT subsidiary Change Healthcare was the target of a malicious cyberattack. Based on its initial targeted data sampling, the company has discovered files containing personally identifiable information (PII) or protected health information (PHI), which may include a significant … [Read more...]
48 Vulnerabilities Uncovered In AI systems : Surge By 220%
Since the initial disclosure of 15 vulnerabilities in November 2023, a 220% increase in vulnerabilities impacting AI systems has been discovered, bringing the total to 48 vulnerabilities. The world’s first AI/ML bug bounty program, Protect AI, analyzes the whole OSS AI/ML supply chain for significant vulnerabilities. The experts discovered that specific security risks may be exploited … [Read more...]
GPT-4 Is Capable Of Exploiting 87% Of One-Day Vulnerabilities
Large language models (LLMs) have achieved superhuman performance on many benchmarks, leading to a surge of interest in LLM agents capable of taking action, self-reflecting, and reading documents. While these agents have shown potential in areas like software engineering and scientific discovery, their ability in cybersecurity remains largely unexplored. Cybersecurity researchers … [Read more...]
ToddyCat APT Hackers Deploy Multiple Tools to Hijack Network Infrastructure
Advanced Persistent Threat (APT) group known as ToddyCat, new insights have emerged regarding their sophisticated methods of hijacking network infrastructure to steal sensitive data from governmental organizations across the Asia-Pacific region. This group, previously reported on for using data collection and exfiltration tools, … [Read more...]
Lambda Layers Code Execution Flaw Leads To Supply Chain On AI/ML Applications
A new supply-chain vulnerability has been identified in the Lambda Layers of third-party TensorFlow-based Keras models. This vulnerability could allow threat actors to inject arbitrary code into any AI/ML application. Any Lambda Layers that were built before version Keras 2.13 are susceptible to a supply chain attack. A threat actor can create and distribute a trojanized popular model among … [Read more...]
Meet the New Flexible Kapeka Backdoor With Destructive Attacking Capabilities
A new backdoor named “Kapeka” has been identified to be attacking victims in Eastern Europe since mid-2022. Kapeka is a flexible backdoor that acts as an initial stage toolkit for the threat actors. In addition, the backdoor also overlaps with GreyEnergy and Prestige Ransomware attacks, which are linked to a threat group named Sandworm. Sandworm threat actors are well-known Russian … [Read more...]
TransparentTribe Hackers Weaponize Websites & Documents to Attack Indian Orgs
The hacker group known as TransparentTribe, also referred to as APT-36, has intensified its cyber espionage activities. This group, originating from Pakistan, has been actively targeting Indian government organizations, military personnel, and defense contractors with sophisticated cyberattacks aimed at compromising security and gathering sensitive information. TransparentTribe mostly goes … [Read more...]
Hackers Offering Admin Access to 3000 Fortinet SSL-VPN
Hackers are now offering administrative access to over 3000 Fortinet SSL-VPN devices. This breach poses a significant threat to the security of numerous organizations relying on these devices for secure remote access. A tweet from the account DailyDarkWeb, which quickly gained attention in cybersecurity circles, indicates that an unidentified group of hackers has managed to exploit … [Read more...]
Hackers Mimic Road Toll Collection Services to Steal Your Money
The FBI’s Internet Crime Complaint Center (IC3) has warned about a sophisticated smishing scam targeting drivers across multiple states. Since early March 2024, over 2,000 complaints have been filed with the IC3, detailing fraudulent text messages that masquerade as road toll collection services notifications. Victims report receiving text messages that appear to be from their state’s toll … [Read more...]
Citrix UberAgent Vulnerability Allows Attackers To Escalate Privileges
Citrix’s uberAgent, a sophisticated monitoring tool used to enhance performance and security across Citrix platforms, has been identified as having a critical vulnerability. The flaw, tracked under CVE-2024-3902, could allow attackers to escalate their privileges within the system, posing a significant threat to organizations using affected software versions. The vulnerability explicitly … [Read more...]
Most Important Python Security Tools for Ethical Hackers & Penetration Testers 2024
There are a variety of Python security tools are using in the cybersecurity industries and python is one of the widely used programming languages to develop penetration testing tools. For anyone who is involved in vulnerability research, reverse engineering or pen-testing, Cyber Security News suggests trying out mastering in Python For Hacking From Scratch. It has highly practical but it … [Read more...]
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- 6
- …
- 82
- Next Page »