In the second timeline of October 2024 I collected 120 events with a threat landscape dominated by malware… This article has been indexed from HACKMAGEDDON Read the original article: 16-31 October 2024 Cyber Attacks Timeline
Data From 15,000 Fortinet Firewalls Leaked by Hackers
Hackers have leaked 15,000 Fortinet firewall configurations, which were apparently obtained as a result of exploitation of CVE-2022–40684. The post Data From 15,000 Fortinet Firewalls Leaked by Hackers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
A threat actor has leaked configuration files (aka configs) for over 15,000 Fortinet Fortigate firewalls and associated admin and user credentials. The collection has been leaked on Monday and publicized on an underground forum by the threat actor that goes…
Contrast Security AVM identifies application and API vulnerabilities in production
Contrast Security released Application Vulnerability Monitoring (AVM), a new capability of Application Detection and Response (ADR). AVM works within applications to find application and API vulnerabilities in production and correlate those vulnerabilities with attacks. Accurately identifying the issues in production…
First Bitwarden password manager update of 2025 improves password auto-fill
Bitwarden is an open source password management solution that we have mentioned and recommended several times here on this site in the past. The developers have released the first major update of […] Thank you for being a Ghacks reader.…
FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches
The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to develop and implement a comprehensive information security program. This decision comes in response to allegations that the prominent web hosting company has consistently failed to adequately…
New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware
Botnets are the networks of compromised devices that have evolved significantly since the internet’s inception. Threat actors exploit vulnerabilities to control these devices remotely by leveraging them for malicious activities. These activities range from spamming to launching devastating distributed denial-of-service…
AIRASHI Botnet Exploiting 0DAY Vulnerabilities In Large Scale DDoS Attacks
AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024 that leveraged a 0DAY vulnerability on cnPilot routers and used RC4 encryption for sample strings. After a brief pause in September, the botnet reappeared in…
The Truth of the Matter: Scammers Targeting Truth Social Users
Key Data Threat actors immediately target new Truth Social users — Netcraft received more than 30 messages within hours of creating an account. Truth Social’s structure gives threat actors easy access to target groups with more than 100,000 members. Advance…
Google Ads Under Attack: Criminals Exploit Accounts for Profit
The Great Google Ads Heist: Criminals Ransack Advertiser Accounts via Fake Google Ads In a recent cybercrime scheme,… The post Google Ads Under Attack: Criminals Exploit Accounts for Profit appeared first on Hackers Online Club. This article has been indexed…
A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More
US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AI—and takes a swipe at Microsoft’s dominance. This article has been indexed from Security Latest Read the original article:…
Infoseccer: Private security biz let guard down, exposed 120K+ files
Assist Security’s client list includes fashion icons, critical infrastructure orgs A London-based private security company allegedly left more than 120,000 files available online via an unsecured server, an infoseccer told The Register.… This article has been indexed from The Register…
2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records
In 2024 organizations informed the US government about 585 healthcare data breaches affecting a total of nearly 180 million user records. The post 2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records appeared first on SecurityWeek. This…
IT Security News Hourly Summary 2025-01-16 12h : 10 posts
10 posts were published in the last hour 10:34 : Thousands of PHP-based Web Applications Exploited to Deploy Malware 10:34 : New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) 10:12 : Fehlerquelle OAuth: Daten von Mitarbeitern gescheiterter Start-ups gefährdet 10:12…
Thousands of PHP-based Web Applications Exploited to Deploy Malware
A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web applications. A report from Imperva Threat Research has unveiled a sophisticated campaign where malicious actors are exploiting vulnerabilities in these applications to deploy malware, particularly with…
New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability…
Fehlerquelle OAuth: Daten von Mitarbeitern gescheiterter Start-ups gefährdet
Fehlerquelle OAuth – wer seine Domains nicht korrekt schließt, riskiert Datenleck. Spätere Abhilfe gibt es nicht. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Fehlerquelle OAuth: Daten von Mitarbeitern gescheiterter Start-ups gefährdet
Codefinger-Ransomware verschlüsselt Amazon-S3-Buckets
Die Ransomware Codefinger verschlüsselt Daten in Amazon-S3-Buckets. Im Darknet kursieren viele AWS-Zugänge, die Tür und Tor dafür öffnen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Codefinger-Ransomware verschlüsselt Amazon-S3-Buckets
Auch in Deutschland: Teils kritische Rsync-Lücken gefährden Linux-Systeme
Durch Sicherheitslücken in Rsync können Hacker zahlreiche Linux-Server unter ihre Kontrolle bringen. Das Tool ist in der Standardkonfiguration anfällig. (Sicherheitslücke, Server-Applikationen) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Auch in Deutschland: Teils kritische Rsync-Lücken…
[UPDATE] [hoch] Google Chrome: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen, Code zur Ausführung zu bringen und weitere, nicht spezifizierte Auswirkungen herbeizuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst…
[UPDATE] [hoch] Google Chrome und Microsoft Edge: Schwachstelle ermöglicht Codeausführung
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome und Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [hoch] Google Chrome…
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
Introduction In December 2024, during our daily threat hunting routine, we uncovered a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts. These phishing pages have been circulating since at least October 2024, and during that period, we identified potential…
7 ways to get more out of your Bitwarden password manager
Bitwarden is one of the best password managers on the market, but are you using it effectively? Here are a few tips to ensure you are. This article has been indexed from Latest stories for ZDNET in Security Read the…
PlugX malware deleted from thousands of systems by FBI
The FBI has announced it’s deleted PlugX malware from approximately 4,258 US-based computers and networks. This article has been indexed from Malwarebytes Read the original article: PlugX malware deleted from thousands of systems by FBI