A new variant of the notorious Adload malware has been discovered to bypass the latest updates to Apple’s built-in antivirus, XProtect. Despite Apple’s efforts to fortify its defenses with a significant update to its malware signature list, Adload’s authors have swiftly adapted, rendering these new measures ineffective against the latest iterations of the malware. Apple’s Massive Adload … [Read more...]
World Password Day 2024: Create Strong Passwords & Stay Safe Online
Today is an important day for online security as it marks World Password Day. This serves as a reminder to prioritize the use of strong and secure passwords to protect our online accounts and personal information from potential cyber threats. With the constant evolution of cyber threats, it is more important than ever to secure online accounts with strong passwords. This year’s theme … [Read more...]
Beware! Threat Actors Selling RDP Access on Hacker Forums
Cybersecurity communities are on high alert as threat actors have begun selling Remote Desktop Protocol (RDP) access on underground hacker forums. This alarming trend poses significant risks to individual and organizational cybersecurity, potentially allowing unauthorized access to sensitive information and critical systems. According to a recent tweet from Dark Web Informer, threat actors … [Read more...]
Critical MailCleaner Vulnerabilities Let Attackers Execute arbitrary command
Critical vulnerabilities in MailCleaner versions before 2023.03.14 allow remote attackers to take complete control of the appliance through malicious emails, administrator interaction with attacker sites or links, and exploitation of SOAP endpoints, which compromises the confidentiality and integrity of the MailCleaner system and any emails processed by it. Additionally, authenticated … [Read more...]
Dropbox Sign Hacked: Attackers Stolen API Keys, MFA, & Hashed Passwords
Dropbox disclosed a significant security breach affecting its electronic signature service, Dropbox Sign (formerly known as HelloSign). The incident, which came to light on April 24, involved unauthorized access to the Dropbox Sign production environment, exposing sensitive customer information. Dropbox’s security team was alerted to the breach on April 24 after detecting unauthorized access … [Read more...]
Top 8 SSPM Tools to Secure Your SaaS Stack in 2024
Introduction The explosion of cloud-based applications, or SaaS (Software-as-a-Service), has transformed the way businesses operate. From marketing automation to project management, these tools offer incredible functionality and flexibility. However, with this increased reliance on SaaS comes a new set of security challenges. Unlike traditional on-premise software, organizations don’t have … [Read more...]
Hackers Infiltrated 9-days Within UnitedHealth Network Before Ransomware Attack
Andrew Witty, CEO of UnitedHealth Group, detailed a sophisticated ransomware attack on Change Healthcare, a key component of the UnitedHealth network. The cybercriminals, identifying themselves as ALPHV or BlackCat, infiltrated Change Healthcare’s information technology environments, marking a significant cybersecurity breach within the healthcare sector. The cyberattack, which unfolded on … [Read more...]
Malware Cuckoo – Previously Unknown Infosteler Spyware Steals Data From MacOS
Security researchers have uncovered a previously undetected malware threat for macOS that exhibits characteristics of both an infostealer and spyware. Dubbed “Cuckoo” after the brood parasitic bird, this malicious code infiltrates systems and steals resources for its own gain. The malware was first spotted on April 24th, 2024 in a Mach-O binary file disguised as “DumpMediaSpotifyMusicConverter” … [Read more...]
Postman API Testing Platform Flaw Exposes Sensitive Credentials
Truffle Security Co. has recently discovered a major vulnerability in Postman, the widely used API testing platform. This flaw exposed over 4,000 active credentials, creating serious security concerns for the impacted individuals or organizations. This vulnerability has positioned Postman as one of the largest public sources of leaked secrets, affecting many SaaS and cloud … [Read more...]
Millions of Docker Hub Repositories Found Pushing Malware for Over 5 Years
It has been found that almost one-fifth of the repositories on Docker Hub, a popular platform for developers to store and share containerized applications, have been exploited to spread malicious software and phishing scams. This is a concerning discovery for users who rely on Docker Hub to access and distribute secure software. This discovery, made by the vigilant security research team at … [Read more...]
Investigating Two TeamCity Authentication Bypass Vulnerabilities
Vulnerability exploits are the third most common way that cybercriminals gain access to target organizations, surpassed only by credential stealing and phishing in 2023. Once illicit access is achieved, intruders can launch ransomware attacks, exfiltrate sensitive data for sale in darknet forums or execute account takeovers, among an extensive array of other options to inflict damage. I … [Read more...]
Threat Actors Claiming of 0-Day Vulnerability in Zyxel VPN Device
Threat actors have claimed to have discovered a 0-day vulnerability in Zyxel VPN devices. This revelation was made public through a tweet by the cybersecurity monitoring group MonThreat, which has been closely tracking and reporting on various cyber threats. 🚨 Alleged 0-Day Vulnerability in Zyxel VPNA threat actor has announced the sale of the 0day exploit on a #Zyxel (legacy) VPN … [Read more...]
Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication
Hackers exploit DNS vulnerabilities to redirect users to malicious websites, launch distributed denial-of-service (DDoS) attacks by overwhelming DNS servers, and manipulate domain resolutions to intercept traffic for surveillance or data theft purposes. Infoblox researchers recently revealed “Muddling Meerkat,” a highly sophisticated likely Chinese state actor able to manipulate China’s Great … [Read more...]
Pathfinder – New Attack Steals Sensitive Data From Modern Processors
Microarchitectural side-channel attacks misuse shared processor state to transmit information between security domains. Although they can be used in isolation, they are frequently employed as building blocks for more sophisticated attacks such as Spectre, which uses side channels to achieve controlled speculative execution and data exfiltration. The following cybersecurity … [Read more...]
Beware of New Android Trojan That Executes Malicious Commands on Your Phone
Cybersecurity researchers at XLab have uncovered a new Android malware strain called “Wpeeper.” This sophisticated backdoor Trojan has been designed to infiltrate Android systems and execute a wide range of malicious commands, posing a significant threat to unsuspecting users. Wpeeper’s distribution strategy is particularly cunning. The malware is being distributed through repackaged … [Read more...]
Authorities Seized Platform Used For Paid DDoS
On April 17, 2024, a joint effort between the Dresden Public Prosecutor’s Office and the Cybercrime Competence Center of the Saxony State Criminal Police Office, in collaboration with a U.S. investigative agency, won significantly in the ongoing battle against cybercrime. The operation, aptly named “PowerOFF,” successfully dismantled a criminal online platform in Germany and … [Read more...]
Ex-Infosec Designer Sentenced to Over 21 Years in Prison
Jareh Sebastian Dalke, 32, of Colorado Springs, was sentenced today to 262 months in prison for attempted espionage in connection with his efforts to transmit classified National Defense Information (NDI) to an agent of the Russian Federation. According to the US Department of Justice, Dalke pleaded guilty in 2023 to six counts of attempting to transmit classified NDI to a foreign agent. … [Read more...]
Safari is Not So Private! Safari Flaw Exposing EU iPhone Users to Trackers
A significant security flaw has been identified in Apple’s Safari browser that could potentially expose iPhone users in the European Union to unauthorized tracking. This vulnerability stems from a new feature introduced in iOS 17.4, designed to facilitate the installation of apps from alternative marketplaces directly via Safari. Background of the Flaw The issue was first reported by … [Read more...]
New U.K. Law Bans Default Passwords Like ‘1234’ On Smart Devices
The UK government has introduced a new law to improve the security of smart devices. This law mandates that all smart devices sold in the country must not have weak, default passwords such as ‘1234’. This new law’s primary objective is to protect consumers from cyber threats that exploit basic security vulnerabilities in smart devices such as smartwatches, fitness trackers, home assistants, … [Read more...]
Linux Kernel Vulnerability (CVE-2024-26925) Let Hackers Access Unauthorized Data
In a significant update from the Linux kernel’s security team, a critical vulnerability identified as CVE-2024-26925 has been addressed to bolster the security of systems worldwide. The flaw was found in the netfilter subsystem, specifically within the nf_tables component, which is crucial for packet filtering and classification. Description of the Vulnerability The vulnerability stemmed … [Read more...]
- « Previous Page
- 1
- …
- 4
- 5
- 6
- 7
- 8
- …
- 88
- Next Page »