Infosec News
- Independent Russian news site rides out a week of DDoS incidentstherecord.media Independent Russian news site rides out a week of DDoS incidents
Novaya Gazeta Europe's website was knocked offline at times over several days by floods of junk traffic, making it the latest Russian independent media organization to face such disruption.
- Cups Overflow: When your printer spills more than Inkwww.elastic.co Cups Overflow: When your printer spills more than Ink — Elastic Security Labs
Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and ...
- AwSpy – New Spyware Targets South Korean Android userslabs.k7computing.com AwSpy – New Spyware Targets South Korean Android users
Threat actors are constantly working on different ways to target users across the globe. Spyware has the capability to quietly […]
- Critical Veeam Vulnerability CVE-2024-40711 Exploited by Ransomware Groupsthecyberexpress.com Critical Veeam Vulnerability Targeted By Hackers
The Veeam vulnerability CVE-2024-40711 allows remote code execution. Ransomware gangs exploit this flaw—swift patching and security measures are essential.
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Shortthehackernews.com The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short
Protect against zero-day attacks with NDR's proactive AI-driven detection. Learn how traditional solutions fall short
- Sudanese brothers charged for ‘Anonymous Sudan’ attacks targeting critical infrastructure, government agencies and hospitalstherecord.media Sudanese brothers charged for ‘Anonymous Sudan’ attacks targeting critical infrastructure, government agencies and hospitals
Two Sudanese nationals were indicted on Wednesday in the U.S. for their role in operating the Anonymous Sudan cybercriminal group, which launched hundreds of attacks that knocked critical websites offline.
- A Dive into Earth Baku’s Latest Campaignwww.trendmicro.com A Dive into Earth Baku’s Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell...
- Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risksunit42.paloaltonetworks.com Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks
The Unit 42 Threat Frontier report discusses GenAI's impact on cybersecurity, emphasizing the need for AI-specific defenses and proactive security. The Unit 42 Threat Frontier report discusses GenAI's impact on cybersecurity, emphasizing the need for AI-specific defenses and proactive security.
- Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loaderwww.trustwave.com Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader
Trustwave's Threat Intelligence team has discovered a new malware dubbed Pronsis Loader, with its earliest known variant dating back to November 2023.
- North Korea Hackers Get Cash Fast in Linux Cyber Heistswww.darkreading.com North Korea Hackers Get Cash Fast in Linux Cyber Heists
The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.
- From QR to compromise: The growing “quishing” threatnews.sophos.com From QR to compromise: The growing “quishing” threat
Attackers leverage QR codes in PDF email attachments to spearphish corporate credentials from mobile devices
- Blooms Today - 3,184,010 breached accountshaveibeenpwned.com Have I Been Pwned: Pwned websites
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activitythehackernews.com Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
Cybercriminals abuse EDRSilencer to disable endpoint detection tools, making malicious activity harder to detect.
- More than two dozen countries have used internet outages to sway elections: reporttherecord.media More than two dozen countries have used internet outages to sway elections: report
Forty-three governments worldwide have attacked or killed citizens for their online speech and 25 cut off internet access during election periods, metrics which contributed to an overall decline in internet freedoms in 2024, a new report says.
- Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Mediawww.trustwave.com Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
With the US election on the horizon, it’s a good time to explore the concept of social media weaponization and its use in manipulating public opinion.
- Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abusewww.elastic.co Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs
The REF6138 campaign involved cryptomining, DDoS attacks, and potential money laundering via gambling APIs, highlighting the attackers' use of evolving malware and stealthy communication channels.
- TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patternsthehackernews.com TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns
TrickMo Android malware now steals unlock patterns, PINs, and more, posing a severe threat to mobile banking.
- Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutionswww.trustwave.com Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutions
The 2024 Trustwave Risk Radar Report: Financial Services Sector underscores the escalating threat landscape facing the industry.
- Awaken Likho is awake: new techniques of an APT groupsecurelist.com Analyzing the Awaken Likho APT group implant: new tools and techniques
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
- Storm-0501: Ransomware attacks expanding to hybrid cloud environmentswww.microsoft.com Storm-0501: Ransomware attacks expanding to hybrid cloud environments | Microsoft Security Blog
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, ...
- Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malwareunit42.paloaltonetworks.com Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers. Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers.