Hacking News

Jul 11, 2024NewsroomCyber Espionage / Network Security The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an “advanced and upgraded version” of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has…

Jul 11, 2024The Hacker NewsCompliance / Identity Management Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals…

Jul 11, 2024NewsroomMalware / Threat Intelligence Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense. “The majority of the custom code…

Jul 11, 2024NewsroomCyber Attack / Vulnerability Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese…

Jul 11, 2024NewsroomSoftware Security / Vulnerability GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of…

Jul 10, 2024NewsroomData Breach / Malware A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious…

Jul 10, 2024The Hacker NewsEndpoint Security / Identity Security It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in…

Jul 10, 2024NewsroomEndpoint Security / Vulnerability Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in…

समस्या रैपिड7 के कर्मचारियों की ओर से “2024 हमला खुफिया रिपोर्ट” [1] यह एक अच्छी तरह से शोध की गई, अच्छी तरह से लिखी गई रिपोर्ट है जो सावधानीपूर्वक अध्ययन के योग्य है। कुछ मुख्य बातें ये हैं: 2023 में और 2024 की शुरुआत में व्यापक रूप से शोषण की गई 30 से अधिक नई…

10 जुलाई, 2024न्यूज़रूमसाइबर सुरक्षा / फ़िशिंग हमला गूगल ने बुधवार को घोषणा की कि वह अपने उन्नत सुरक्षा कार्यक्रम में नामांकन के लिए उच्च जोखिम वाले उपयोगकर्ताओं के लिए पासकी उपलब्ध करा रहा है।अनुप्रयोग). ऐप के उत्पाद प्रमुख शुवो चटर्जी ने कहा, “उपयोगकर्ताओं को पारंपरिक रूप से ऐप के लिए एक भौतिक सुरक्षा कुंजी की…