March 14, 2024
Via: The Hacker NewsThe Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues […]
February 14, 2024
Via: The Hacker NewsA newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late […]
February 13, 2024
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), […]
January 31, 2024
Via: TechSpotSecurity analytics firm Mandiant recently uncovered a “never-before-seen” attack chain that used Base 64 encoding on at least two different websites to deliver the second-stage payload of a three-stage malware. The two sites were tech publication Ars Technica and video […]
January 17, 2024
Via: Tom's HardwareA new security vulnerability called LeftoverLocals affects GPUs made by some of the leading names, like AMD, Apple, and Qualcomm. It enables data theft from the GPU’s memory irrespective of the form factor and operating system. The flaw was discovered […]
December 19, 2023
Via: The Hacker NewsThreat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. “Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and […]
December 8, 2023
Via: The Hacker NewsRansomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals […]
December 7, 2023
Via: The Hacker NewsUnderstanding what defines our humanity, recognizing how our qualities can be perceived as vulnerabilities, and comprehending how our minds can be targeted provide the foundation for identifying and responding when we inevitably become the target. The human mind is a […]
November 30, 2023
Via: TechSpotAccording to fraud control platform Arkose Labs, a staggering 73 percent of Internet traffic to websites and apps measured between January 2023 and September 2023 was related to bots performing malicious activities like SMS toll fraud, scraping, and card testing. […]
November 17, 2023
Via: The Hacker NewsThreat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. […]
November 2, 2023
Via: The Hacker NewsCybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. “In both instances, the adversary attempted to deploy ransomware binaries on […]
October 31, 2023
Via: TechSpotThe FTC’s Safeguards Rule mandates that “non-banking” financial institutions must securely manage and store their customers’ information. This requirement applies to organizations such as mortgage brokers, motor vehicle dealers, and payday lenders, necessitating the development, implementation, and maintenance of a […]
October 25, 2023
Via: TechSpotSeptember saw a record number of ransomware operations, as indicated in a recently released report by NCC Group. The company’s latest “monthly cyber threat intelligence report” focuses on emerging developments in the threat landscape, particularly in the realm of ransomware […]
October 24, 2023
Via: The Hacker NewsThe backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. “Investigated network traffic to a compromised device […]
October 16, 2023
Via: The Hacker NewsPro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. “The attack involves the use of malicious archive files that exploit the […]
October 12, 2023
Via: The Hacker NewsCybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site. “Complete with a professional looking opening comment implying it is a caching […]
October 9, 2023
Via: The Hacker NewsSenior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July […]
October 4, 2023
Via: The Hacker NewsMicrosoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance. “The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment,” security researchers […]
September 27, 2023
Via: TheHackersNewsA new malware strain called ZenRAT has emerged in the wild that’s distributed via bogus installation packages of the Bitwarden password manager. “The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web […]
August 15, 2023
Via: MashableDiscord.io, a service that allowed users to create custom links for their Discord channels, is closing down following a large data breach. A hacker stole the data of 760,000 users, per TechRadar, and has posted a sample on Breached Forums […]