Elastic Security Labs has uncovered a sophisticated malware campaign, dubbed REF8685, targeting the Iraqi telecommunications sector. The campaign utilizes a novel malware family called SHELBY, which abuses GitHub for command-and-control (C2) operations, data exfiltration, and command retrieval. Novel Malware Family…
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
In a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals sympathetic to Ukraine’s defense efforts. The campaign, believed to be…
5 Chromecast tricks to unlock your TV’s full potential (including a hidden streaming hack)
Google’s trusty casting device has been around for over a decade, and while its days are numbered, it still does more than just stream your favorite shows. This article has been indexed from Latest stories for ZDNET in Security Read…
IT Security News Hourly Summary 2025-03-28 15h : 15 posts
15 posts were published in the last hour 13:35 : [UPDATE] [mittel] Ghostscript: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 13:35 : [UPDATE] [mittel] OpenSSL: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen 13:35 : [UPDATE] [mittel] OpenSSL: Mehrere Schwachstellen 13:34 : 46…
[UPDATE] [mittel] Ghostscript: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Ein Angreifer kann mehrere Schwachstellen in Ghostscript ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Ghostscript: Mehrere Schwachstellen ermöglichen nicht…
[UPDATE] [mittel] OpenSSL: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] OpenSSL: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
[UPDATE] [mittel] OpenSSL: Mehrere Schwachstellen
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen offenzulegen oder Chiffretext über ein Netzwerk wiederherzustellen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories)…
46 New Vulnerabilities in Solar Inverter Systems Allow Attackers to Tamper with Settings
Forescout Vedere Labs has uncovered 46 new vulnerabilities in solar power systems, primarily affecting inverters from three leading manufacturers Sungrow, Growatt, and SMA. These flaws, if exploited, could enable attackers to manipulate inverter settings, disrupt power grids, and compromise user…
SHELBY Malware Steal Data Abusing GitHub for Command-and-control Server
A sophisticated new data theft malware strain dubbed “SHELBY” has emerged in the cybersecurity landscape, targeting primarily financial institutions and healthcare organizations across North America and Europe. The malware employs a multi-stage infection process that begins with phishing emails containing…
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that’s designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. “The purpose of…
FBI Issues new alert over phishing SMS scam targeting highway toll customers
The U.S. Federal Bureau of Investigation (FBI) has issued a nationwide warning about a surge in “smishing” attacks, a form of phishing conducted via SMS messages. These scams are designed to deceive […] Thank you for being a Ghacks reader.…
Microsoft überarbeitet Log-ins und Anmeldungen
Log-ins und Anmeldungen zu Diensten von Microsoft sollen einfacher werden. Zudem peilt das Unternehmen vereinheitlichte Log-ins an. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Microsoft überarbeitet Log-ins und Anmeldungen
The CMMC Compliance Journey
The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the defense supply chain. Still, it is… The post The CMMC Compliance Journey appeared first on Cyber…
DeBackdoor: A Framework for Detecting Backdoor Attacks in Deep Learning Models
Deep learning models, increasingly integral to safety-critical systems like self-driving cars and medical devices, are vulnerable to stealthy backdoor attacks. These attacks involve injecting hidden triggers into models, causing them to misbehave when triggered. Researchers from the Qatar Computing Research…
Backup Data Resiliency: Backups Alone Aren’t Enough
Every year, March 31st marks another World Backup Day—a timely reminder to check if our data protection strategies are truly ready for today’s volatile cyber landscape. It is an illusion to think that cyber attacks on any industry can be…
Mozilla patches Firefox bug ‘exploited in the wild’, similar to bug attacking Chrome
The bug fix comes days after Google fixed a similar vulnerability under attack in its Chrome browser. This article has been indexed from Security News | TechCrunch Read the original article: Mozilla patches Firefox bug ‘exploited in the wild’, similar…
Addressing Federal Cybersecurity Challenges in the Cloud Era
Palo Alto Networks helps U.S. Federal agencies and vendors protect against cyberthreats with FedRAMP High Authorization for network, cloud, and SecOps. The post Addressing Federal Cybersecurity Challenges in the Cloud Era appeared first on Palo Alto Networks Blog. This article…
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
Analysis found that 99% of healthcare organizations are vulnerable to publicly available exploits. The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Cybercriminals Exploit Psychological Vulnerabilities in Ransomware Campaigns
During the decade of 2025, the cybersecurity landscape has drastically changed, with ransomware from a once isolated incident to a full-sized global crisis. No longer confined to isolated incidents, these attacks are now posing a tremendous threat to economies,…
Microsoft 365 wird schneller: Dieser Trick soll Apps wie Word beim Start beschleunigen
Microsoft will seine Office-Anwendungen schneller machen. Der neue „Startup Boost“, der beim Start des Computers automatisch im Hintergrund ausgeführt wird, soll für Word schon ab Mai verfügbar sein. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie…
Wer mit ChatGPT Ghibli-Memes erstellt, beleidigt sich selbst
Die neue Bildgenerierung von GPT-4o will Kunst weiter demokratisieren. Stattdessen wird sie genutzt, um künstlerische Stile zu kopieren, hinter denen jahrzehntelange Arbeit und Erfahrung stecken. Das Ergebnis kann deswegen nur seelenloser Abfall sein, findet unser Autor. Dieser Artikel wurde indexiert…
A Tale of Two Phishing Sites, (Fri, Mar 28th)
In phishing and in malspam, as in any other field, one can see certain trends develop over time. For obvious reasons, most threat actors like to use techniques and approaches that are novel and, thus, more effective. This commonly leads…
Meta Launches Friends Tab, As Zuck Touts “OG Facebook”
Zuckerberg seeks to revive Facebook’s original spirit, as Meta launches Facebook Friends tab, so users only see friends’ status updates This article has been indexed from Silicon UK Read the original article: Meta Launches Friends Tab, As Zuck Touts “OG…
Cardiff’s children’s chief confirms data leak 2 months after cyber risk was ‘escalated’
Department director admits Welsh capital’s council still trying to get heads around threat of dark web leaks Cardiff City Council’s director of children’s services says data was leaked or stolen from the organization, although she did not clarify how or…