CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the…
Category: EN
Latrodectus Malware Increasingly Used by Cybercriminals
Latrodectus malware has been increasingly used by cybercriminals, with recent campaigns targeting the financial, automotive and healthcare sectors. The post Latrodectus Malware Increasingly Used by Cybercriminals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by zbl…
Phishing Attack Impacts Over 92,000 Transak Users
A phishing attack targeting Transak employees led to a data breach, compromising the information of 92,554 users This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Attack Impacts Over 92,000 Transak Users
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. This article has been indexed from Cisco Talos Blog Read the original article: Threat actor abuses Gophish to deliver new PowerRAT…
Astaroth Banking Malware Runs Actively Targets Users In Brazil
The notorious banking trojan, known as the Astaroth malware, has resurfaced in recent campaigns, particularly… Astaroth Banking Malware Runs Actively Targets Users In Brazil on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article…
Sophos Expands Cybersecurity With $860m Secureworks Purchase
Second time Secureworks is acquired, after UK’s Sophos says it will buy the US cybersecurity firm for $859m (£662m) in cash This article has been indexed from Silicon UK Read the original article: Sophos Expands Cybersecurity With $860m Secureworks Purchase
Best practices on securing your AI deployment
As organizations embrace generative AI, there are a host of benefits that they are expecting from these projects—from efficiency and productivity gains to improved speed of business to more innovation in products and services. However, one factor that forms a…
What Is Secure Access Service Edge?
There has been plenty of hype around secure access service edge. Some even say it is replacing legacy network and security architectures. Drew Robb, writing for TechRepublic Premium, lays out what it is, how it fits within the security and…
Bumblebee Malware Loader Resurfaces Following Law Enforcement Takedown
New malicious campaign suggests the Bumblebee malware loader might be resurfacing following the May 2024 law enforcement takedown. The post Bumblebee Malware Loader Resurfaces Following Law Enforcement Takedown appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to “gain…
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along…
Meta to Fight Celeb-Bait Scams with Facial Recognition
Meta is testing facial recognition technology to tackle celeb-bait ad scams and enable the recovery of compromised accounts This article has been indexed from www.infosecurity-magazine.com Read the original article: Meta to Fight Celeb-Bait Scams with Facial Recognition
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts. This article has been indexed from Trend Micro Research,…
The Past, Present, and Future of File Integrity Monitoring
Also known as change monitoring, File Integrity Monitoring ( FIM) solutions monitor and detect file changes that could indicate a cyberattack. They determine if and when files change, who changed them, and what can be done to restore files if…
Palo Alto Networks extends security into harsh industrial environments
The convergence of IT and operational technology (OT) and the digital transformation of OT have created new opportunities for innovation and efficiency in critical Industrial Automation and Control Systems. However, these advancements also broaden the potential attack surface, making it…
U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog.…
Palo Alto Networks Adds New Capabilities to OT Security Solution
Palo Alto Networks has added new remote access, virtual patching and firewall capabilities to its OT Security solution. The post Palo Alto Networks Adds New Capabilities to OT Security Solution appeared first on SecurityWeek. This article has been indexed from…
Ivanti Neurons for App Control strengthens endpoint security
Ivanti introduced Ivanti Neurons for App Control, which safeguards devices from unauthorized applications. In addition, Ivanti released new analytics in the Ivanti Neurons platform and new features for Ivanti Neurons for Patch Management to enhance security and ensure compliance. With…
Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and…