Russian APT Fighting Ursa (APT28) used compelling luxury car ads as a phishing lure, distributing HeadLace backdoor malware to diplomatic targets. The post Fighting Ursa Luring Targets With Car for Sale appeared first on Unit 42. This article has been…
Category: EN
Microsoft Patched a Critical Edge Flaw that Led to Arbitrary Code Execution
Microsoft has addressed several critical vulnerabilities in its Chromium-based Edge browser. Users of the affected versions are strongly advised to update to the latest version to mitigate potential security risks. According to the Asec Ahnlab reports, the vulnerabilities were found…
Homebrew Security Audit Finds 25 Vulnerabilities
A security audit sponsored by the Open Tech Fund in August 2023 revealed 25 vulnerabilities in Homebrew. The audit found issues that could have allowed attackers to execute code, modify builds, control CI/CD workflows, and access sensitive data. This article…
Suspects in ‘Russian Coms’ Spoofing Service Arrested in London, as NCA Announces Takedown
The caller ID spoofing service, which was established in 2021, is believed to have caused financial losses in the tens of millions and had around 170,000 victims in Britain. This article has been indexed from Cyware News – Latest Cyber…
Google Chrome Adds App-Bound Encryption to Block Infostealer Malware
Google Chrome has implemented app-bound encryption to enhance cookie protection on Windows and defend against infostealer malware. This new feature encrypts data tied to app identity, similar to macOS’s Keychain, to prevent unauthorized access. This article has been indexed from…
Threat Intelligence: A Blessing and a Curse?
Access to timely and accurate threat intelligence is essential for organizations, but it can be overwhelming to navigate the vast amount of available data and feeds. Balancing comprehensive information with relevance is crucial. This article has been indexed from Cyware…
Gaming Industry Faces 94% Surge in DDoS Attacks
The rise in DDOS attacks against the gaming industry is accompanied by increasing bot activity This article has been indexed from www.infosecurity-magazine.com Read the original article: Gaming Industry Faces 94% Surge in DDoS Attacks
NCSC Unveils Advanced Cyber Defence 2.0 to Combat Evolving Threats
The UK’s NCSC is launching ACD 2.0, an advanced suite of cybersecurity tools and services designed to protect businesses from evolving cyber threats This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Unveils Advanced Cyber Defence 2.0…
Cybersecurity News: Cencora patient breach, OneDrive phishing campaign, Argentina’s crime predictions
In today’s cybersecurity news… Cencora confirms patient data stolen in February cyberattack Following up on cyberattack on pharmaceutical supplier Cencora, the company has now confirmed, in an updated filing to […] The post Cybersecurity News: Cencora patient breach, OneDrive phishing…
Credo AI Raises $21M to Help Enterprises Deploy AI Safely and Responsibly
Credo AI, a startup specializing in artificial intelligence governance software, recently closed a $21 million Series B funding round led by CrimsoNox Capital, Mozilla Ventures, and FPV Ventures. This article has been indexed from Cyware News – Latest Cyber News…
APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strike
A government-affiliated research organization in Taiwan was attacked by APT41 hackers, a notorious Chinese hacking group known for targeting sensitive technologies. The breach, starting in July 2023, was identified by Cisco Talos researchers. This article has been indexed from Cyware…
Malicious Package Hidden in PyPI Discovered
The FortiGuard Labs team has discovered a malicious PyPI package that poses a significant risk to individuals and institutions by potentially leaking credentials and sensitive information. This article has been indexed from Cyware News – Latest Cyber News Read the…
Over 35k Domains Hijacked in ‘Sitting Ducks’ Attacks
Threat actors have hijacked over 35,000 domains in five years because DNS providers fail to properly verify domain ownership. The post Over 35k Domains Hijacked in ‘Sitting Ducks’ Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability
Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas). The vulnerability, CVE-2024-6220, allows unauthenticated threat actors to upload arbitrary files to a vulnerable site, potentially leading to remote code execution and complete site takeover. This…
U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange
In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country. This includes Roman Valerevich Seleznev and Vladislav Klyushin, who are…
Russia, Moldova Targeted by Obscure Hacking Group in New Cyberespionage Campaign
A cyberespionage group known as XDSpy targeted Russia and Moldova with new malware. The group sent phishing emails to Russian targets, including a tech company and an organization in Transnistria. This article has been indexed from Cyware News – Latest…
Securonix unveils Cyber Data Fabric and Noise Canceling SIEM in EON suite
Securonix unveiled two new capabilities within the Securonix EON suite of AI-Reinforced capabilities: Cyber Data Fabric and Noise Canceling SIEM. These innovations bolster the Unified Defense SIEM solution empowering CyberOps teams to better respond to and counter the rise in…
How Cyberthreats Could Disrupt the Olympics
Introduction Cybersecurity experts are on high alert, as the 2024 Olympic Games continue over the coming weeks. Historically, the Olympics have been a prime target for cybercriminals, state-sponsored actors, and hacktivists. The convergence of global attention, vast amounts of sensitive…
Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware
Cybersecurity companies are warning about an uptick in the abuse of Clouflare’s TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a one-time tunnel that acts as a…
Dark web offers botnets as low as $99
For those contemplating launching cyber attacks on their customers, partners, or competitors, the dark web now offers botnets for as little as $99. This article aims to shed light on these alarming developments in the cybercrime world, without endorsing illegal…