Ivanti warns of new actively exploited MobileIron zero-day bug
US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in...
News
Cuba Ransomware Group Steals Credentials Via Veeam Exploit
A notorious Russian-speaking ransomware group has updated its attack tooling to include a Veeam exploit designed to harvest logins, according...
Police Insider Tipped Off Criminal Friend About EncroChat Bust
An intelligence analyst working for police in the North West of England shared information about a major countrywide operation with...
Government Urges More Students to Be Cyber Explorers
The government is urging more schools to enrol their students in a government scheme designed to boost cyber skills, claiming...
Deceptive AI Bots Spread Malware, Raise Security Concerns
Cyber-criminals have been exploiting fraudulent artificial intelligence (AI) bots to attempt and install malicious software under the guise of genuine...
New NCUA Rule Requires Swift Cyber Incident Reporting
Federally insured credit unions have been notified by the National Credit Union Administration (NCUA) of a new regulation set to...
New Chrome Feature Alerts Users About Malicious Extensions
Google has announced an update set to be introduced in Chrome 117. This new feature aims to proactively inform users...
US Space Industry Under Threat from Foreign Cyber Espionage
Foreign intelligence services could use direct and supply chain cyber-attacks to gain access to the US space industry, according to US...
US-CERT Vulnerability Summary for the Week of August 14, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofoldingathome -- client_advanced_controlAn issue was discovered in FoldingAtHome Client Advanced Control GUI...
This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers
Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them...
HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting...
How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes
From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation...
Cuba ransomware uses Veeam exploit against critical U.S. organizations
Image: Midjourney The Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT...
US-CERT Vulnerability Summary for the Week of August 7, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...
Rust devs push back as Serde project ships precompiled binaries
Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. The move has generated a fair...
Hackers use VPN provider’s code certificate to sign malware
The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with...
US-CERT Vulnerability Summary for the Week of August 7, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...
WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams
Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct...
Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according...
New Juniper Junos OS Flaws Expose Devices to Remote Attacks – Patch Now
Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of...
WinRAR flaw lets hackers run programs when you open RAR archives
A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can...
The Week in Ransomware – August 18th 2023 – LockBit on Thin Ice
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's...
Interpol arrests 14 suspected cybercriminals for stealing $40 million
An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation...
Proxyjacking and Cryptomining Campaign Targets GitLab
Security researchers have discovered a new financially motivated cyber-threat campaign designed to make money from cryptomining and proxyjacking while staying...
