News

0 Comments
Nov 11, 2023NewsroomThreat Intelligence / Cybercrime A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a “shift in the persistent actor’s tactics.” Sapphire Sleet, also called
0 Comments
Nov 10, 2023NewsroomCyber Warfare / Network Security The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google’s Mandiant, which described the hack as a “multi-event cyber attack” leveraging a novel technique for impacting industrial control systems (ICS).
0 Comments
Nov 09, 2023NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be
0 Comments
Nov 08, 2023The Hacker NewsWebinar / SaaS Security SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization’s SaaS app stack and
0 Comments
Nov 07, 2023NewsroomVulnerability / Malware The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also
0 Comments
Nov 06, 2023NewsroomCyber Attack / Online Security Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June
0 Comments
Nov 03, 2023NewsroomCloud Security / Linux The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a “new experimental campaign” designed to breach cloud environments. “Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials
0 Comments
Nov 02, 2023The Hacker NewsSaaS Security / Software This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model Securing employees’ SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches
0 Comments
Oct 31, 2023NewsroomNational Security / Cyber Threat Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an “unacceptable level of risk to privacy and security.” “The Government of Canada is committed to keeping government information and networks secure,” the Canadian government said. “We regularly
0 Comments
Oct 30, 2023NewsroomKubernetes / Server Security Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows – CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain
0 Comments
Oct 27, 2023NewsroomCyber Attack / Malware The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and
0 Comments
Oct 28, 2023NewsroomPrivacy / Data Security New findings have shed light on what’s said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. “The attacker has issued several new TLS certificates using
0 Comments
Oct 27, 2023NewsroomNetwork Security / Vulnerability F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. “This vulnerability
0 Comments
Oct 25, 2023NewsroomThreat Intelligence / Vulnerability The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims’ accounts. “Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube,” ESET security researcher Matthieu Faou said
0 Comments
Oct 25, 2023NewsroomExploit / Vulnerability Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. “An
0 Comments
Oct 24, 2023NewsroomCyber Attack / Password Management Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed. “We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either
0 Comments
Oct 21, 2023NewsroomData Breach / Cyber Attack Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” David Bradbury,
0 Comments
Oct 17, 2023NewsroomCyber Attack / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that threat actors “interfered” with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to service interruptions for customers. The
0 Comments
Oct 16, 2023NewsroomBlockchain / Malware Threat actors have been observed serving malicious code by utilizing Binance’s Smart Chain (BSC) contracts in what has been described as the “next level of bulletproof hosting.” The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs. The novel twist marks the latest iteration in an ongoing
0 Comments
Oct 14, 2023NewsroomAuthentication / Endpoint Security Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. “The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on