A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is interested in. “In 2022, its primary focus was Ukraine, specifically targeting the energy,…
Category: EN
FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now!
Super-admin access vulnerability discovered in FortiOS Security Fabric. Exploitation could lead to widespread network breaches. Update now. Fortinet has… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: FortiOS Vulnerability Allows…
Palo Alto Firewall Flaw Exploited in RA World Ransomware Attacks
A recent ransomware attack leveraging a vulnerability in Palo Alto Networks’ PAN-OS firewall software (CVE-2024-0012) has raised significant concerns within the cybersecurity community. The attack, which targeted a medium-sized software and services company in South Asia in late 2024, is…
30,000 WordPress Sites Exposed to Exploitation via File Upload Vulnerability
A critical security vulnerability in the “Security & Malware scan by CleanTalk” plugin has left over 30,000 WordPress websites exposed to exploitation. The vulnerability, identified as CVE-2024-13365, allows unauthenticated attackers to conduct arbitrary file uploads, potentially leading to remote code execution…
New Phishing Attacks Abuses Webflow CDN & CAPTCHAs to Steal Credit Card details
Netskope Threat Labs has uncovered a sophisticated phishing campaign targeting users across various industries, including technology, manufacturing, and banking. This campaign, active since mid-2024, exploits search engine optimization (SEO) techniques to lure victims into downloading malicious PDFs hosted on the…
Threat Actors in Russia, China, and Iran Targeting Local communities in the U.S
Foreign adversaries, including Russia, China, and Iran, are intensifying their efforts to manipulate public opinion and destabilize local communities across the United States. These campaigns, once primarily focused on national-level politics, have increasingly targeted state and local governments, community groups,…
Barcelona-based spyware startup Variston shuts down, per filing
Variston, a Barcelona-based spyware vendor, has reportedly shut down. Intelligence Online, a trade publication that covers the surveillance and intelligence industry, reports that a legal notice published in Barcelona’s registry on February 10 confirmed that Variston has been liquidated. TechCrunch…
Sophos lays off 6% of workforce following Secureworks acquisition
The layoffs come soon after Sophos completed its $859 million acquisition of Secureworks. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article: Sophos lays off…
Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign
A subgroup of the Russia-linked Seashell Blizzard APT group (aka Sandworm) ran a global multi-year initial access operation called BadPilot. Microsoft shared findings on research on a subgroup of the Russia-linked APT group Seashell Blizzard behind the global BadPilot campaign,…
National Apprenticeship Week: Alternative Routes into Cyber
As National Apprenticeship Week shines a spotlight on career development opportunities, it’s important to acknowledge that traditional apprenticeships aren’t the only route into the cybersecurity industry. With cyber threats growing exponentially, the demand for skilled professionals has never been higher.…
Threat Actors Exploiting DeepSeek’s Popularity To Deploy Malware
The Chinese AI startup DeepSeek has gained significant attention in the global AI market with its open-source inference model, DeepSeek-R1. This model has been touted as a more cost-effective alternative to existing AI solutions, outperforming OpenAI’s GPT-o1. However, this newfound…
Deciphering End User Data Access Patterns is Key to a Strong SaaS Security Posture
It’s all about patterns. Long before cybersecurity was on anyone’s radar, defensive intelligence – like catching an enemy spy in your ranks – was about being able to recognize patterns… The post Deciphering End User Data Access Patterns is Key…
RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting…
Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams
Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you…
Romance Baiting Losses Surge 40% Annually
Ahead of Valentine’s Day, Chainalysis figures reveal 40% increase in losses to pig butchering, or romance baiting, scams This article has been indexed from www.infosecurity-magazine.com Read the original article: Romance Baiting Losses Surge 40% Annually
UK Minister To State CMA Must Be ‘Less Risk Averse’
Labour’s business secretary Jonathan Reynolds to set out ‘strategic steer’ for UK competition regulator, after ousting chairman This article has been indexed from Silicon UK Read the original article: UK Minister To State CMA Must Be ‘Less Risk Averse’
DOGE as a National Cyberattack
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with…
Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems
Russian-backed hackers, specifically the Sandworm APT group (also known as APT44 or UAC-0145), have been using weaponized Microsoft Key Management Service (KMS) activators to infiltrate Windows systems in Ukraine. This campaign, which has been active since late 2023, exploits pirated…
RedNote App Vulnerability Allows Access to User Files on iOS & Android Devices
Critical vulnerabilities were uncovered in the popular Chinese social media app RedNote (also known as XiaoHongShu), which boasts over 300 million active users globally. These security flaws, present in both Android and iOS versions, expose users’ browsing activity, device metadata,…
Windows 11’s New Compression Formats Pose Security Risks with libarchive
Microsoft introduced a major update to Windows 11 (KB5031455), adding native support for 11 new compression formats, including RAR and 7z. This update aimed to enhance user convenience by enabling file management directly within File Explorer. However, the integration of…