Global Cyber Security News
Keep up to date with some of the latest news articles in the cyber security landscape, worldwide.
- Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacksby [email protected] (The Hacker News) on April 28, 2024 at 1:52 pm
Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flawby [email protected] (The Hacker News) on April 27, 2024 at 12:47 pm
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with
- Bogus npm Packages Used to Trick Software Developers into Installing Malwareby [email protected] (The Hacker News) on April 27, 2024 at 5:12 am
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked
- Severe Flaws Disclosed in Brocade SANnav SAN Management Softwareby [email protected] (The Hacker News) on April 26, 2024 at 2:03 pm
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,
- 10 Critical Endpoint Security Tips You Should Knowby [email protected] (The Hacker News) on April 26, 2024 at 10:46 am
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
- New 'Brokewell' Android Malware Spread Through Fake Browser Updatesby [email protected] (The Hacker News) on April 26, 2024 at 10:42 am
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,
- Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attackby [email protected] (The Hacker News) on April 26, 2024 at 10:18 am
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in
- Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sitesby [email protected] (The Hacker News) on April 26, 2024 at 5:49 am
Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.92.0. The issue has been resolved in version 3.92.1 released on February 27, 2024,
- North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Luresby [email protected] (The Hacker News) on April 25, 2024 at 4:47 pm
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL
- Network Threats: A Step-by-Step Attack Demonstrationby [email protected] (The Hacker News) on April 25, 2024 at 11:13 am
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
- DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactionsby [email protected] (The Hacker News) on April 25, 2024 at 10:21 am
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged
- Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutinyby [email protected] (The Hacker News) on April 25, 2024 at 6:37 am
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year. As part of the
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionageby [email protected] (The Hacker News) on April 25, 2024 at 5:50 am
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). "UAT4356
- U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacksby [email protected] (The Hacker News) on April 24, 2024 at 1:43 pm
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021. This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
- Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strikeby [email protected] (The Hacker News) on April 24, 2024 at 1:36 pm
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver a malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software. "SSLoad is designed to stealthily infiltrate systems, gather sensitive
- Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Usersby [email protected] (The Hacker News) on April 24, 2024 at 9:36 am
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security
- CISO Perspectives on Complying with Cybersecurity Regulationsby [email protected] (The Hacker News) on April 24, 2024 at 9:24 am
Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and
- eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Minersby [email protected] (The Hacker News) on April 24, 2024 at 7:02 am
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed
- CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealersby [email protected] (The Hacker News) on April 24, 2024 at 4:50 am
A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin
- Apache Cordova App Harness Targeted in Dependency Confusion Attackby [email protected] (The Hacker News) on April 23, 2024 at 2:00 pm
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository. This&