Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer…
Category: EN
Global Governments Address Ransomware Threat with New Guidelines
In response to the recent publication of the Counter Ransomware Initiative (CRI), members of the initiative have provided new guidance to organizations so they can consider other possibilities before paying cyber criminals a ransom. The new guidelines aim to…
Law Enforcement From Thirty Nine Nations Team Up to Tackle Ransomware Attacks
Ransomware continues to pose significant issues for businesses and organisations around the world, and with attacks on the rise, the UK and 38 other nations have joined forces with international cyber insurance authorities to create new guidelines aimed at…
Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress LiteSpeed Cache…
It’s Time to Sound the Alarm on SMB Cyber Threats
There’s an unnerving secret many of us in cybersecurity have noticed. And if you think your company is “too small” to be worried about a potential attack, think again. As… The post It’s Time to Sound the Alarm on SMB…
Learning from the NASCIO Annual Conference 2024
The National Association of State CIOs (NASCIO) held its annual conference in New Orleans, La., this past week. Here are some of the highlights, along with some thoughts about what the future holds for state CIOs. The post Learning from…
Google Pixel 9 supports new security features to mitigate baseband attacks
Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE,…
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The…
Switch – 5,397 breached accounts
In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant. This article…
ARTEMIS: Adaptive Bitrate Ladder Optimization for Live Video Streaming
Authors/Presenters:Farzad Tashtarian, Abdelhak Bentaleb, Hadi Amirpour, Sergey Gorinsky, Junchen Jiang, Hermann Hellwagner, Christian Timmerer Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24) content,…
Session Hijacking Surges: Attackers Exploit MFA Gaps with Modern Tactics
As multi-factor authentication (MFA) becomes more common, attackers are increasingly resorting to session hijacking. Evidence from 2023 shows this trend: Microsoft detected 147,000 token replay attacks, marking a 111% increase year-over-year. Google reports that attacks on session cookies now…
AI-Powered Malware Targets Crypto Wallets with Image Scans
A new variant of the Rhadamanthys information stealer malware has been identified, which now poses a further threat to cryptocurrency users by adding AI to seed phrase recognition. The bad guys behind the malware were not enough in themselves,…
Inside the Dark Web: How Andariel Targets U.S. Organizations
The Andariel hacking group, a notorious entity linked to North Korea, has recently shifted its focus towards financially motivated attacks on U.S. organizations. This pivot, observed in August 2024, marks a significant change in the group’s operational strategy, raising concerns…
Phantom Domains: The New Threat to Enterprise Cybersecurity
A recent study presented at the 2024 Web Conference has identified a rising cybersecurity risk known as “phantom domains.” These phantom domains result from unregistered or placeholder dot-com links that hackers can hijack, turning them into dangerous attack vectors. …
Complicated Passwords Make Users Less Secure, Security Experts Claim
Using a variety of character types in your passwords and changing them on a regular basis are no longer considered best practices for password management. This is according to new standards published by the United States National Institute of…
Red Hat Insights provides analytics for the IBM X-Force Cloud Threat Report
IBM recently released their 2024 X-Force Cloud Threat Landscape Report.According to IBM, this report “provides a global cross-industry perspective on how threat actors are compromising cloud environments, the malicious activities they’re conducting once inside compromised networks and the impact it’s…
WordPress LiteSpeed Cache plugin flaw could allow site takeover
A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers…
DrayTek Patches 14 Vulnerabilities, Including Critical Buffer Overflow Flaws
DrayTek recently patched 14 vulnerabilities in 24 router models, including a critical buffer overflow flaw that could allow remote code execution (RCE) or denial of service (DoS). The vulnerabilities, identified by Forescout Research’s Vedere Labs and described in their…
Stealthy Malware Has Infected Thousands of Linux Systems for Years
Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities. This article has been indexed from Security Latest Read the original article: Stealthy Malware Has Infected Thousands of Linux Systems for Years
PyPI Hosts Malicious Tools Targeting Crypto Wallets
During an investigation conducted recently, it was discovered that several malicious packages masquerading as services for recovering cryptocurrency wallets were found in the Python Package Index repository, revealing that they were spying on sensitive personal information and helping to…