Cybersecurity News
-
New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack targeting various organizations, unlike typical nation-sponsored attacks. While primarily associated with BeaverTail and InvisibleFerret malware,…
Read More » -
Beware of New Malicious PyPI packages That Steals Login Details
Two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, were recently detected by Fortinet’s AI-driven OSS malware detection system. These packages, spotted on November 16 and November 24, 2024, respectively, represent significant…
Read More » -
Adobe Warns of ColdFusion Vulnerability Allows Attackers Read arbitrary files
Adobe has issued a critical security update for ColdFusion versions 2023 and 2021 to address a major vulnerability that could lead to an arbitrary file system read. The identified vulnerability,…
Read More » -
Araneida Scanner – Hackers Using Modified Version Acunetix Vulnerability Scanner
Threat Analysts have reported alarming findings about the “Araneida Scanner,” a malicious tool allegedly based on a cracked version of Acunetix, a renowned web application vulnerability scanner. The tool has…
Read More » -
IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack
IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system that could potentially lead to denial-of-service (DoS) attacks. The affected kernel extensions—perfstat and TCP/IPmpresent risks…
Read More » -
Indonesia Gov Data Breach – Hackers Leaked 82 GB of Sensitve Data Online
Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian government’s Regional Financial Management Information System (Sistem Informasi Pengelolaan Keuangan Daerah, or SIPKD). This system…
Read More » -
DigiEver IoT Devices Exploited To Deliver Mirai-based Malware
A new Mirai-based botnet, “Hail Cock Botnet,” has been exploiting vulnerable IoT devices, including DigiEver DVRs and TP-Link devices with CVE-2023-1389. The botnet, active since September 2024, leverages a variant…
Read More » -
Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide
The Lazarus Group has recently employed a sophisticated attack, dubbed “Operation DreamJob,” to target employees in critical sectors like nuclear energy, which involves distributing malicious archive files disguised as legitimate…
Read More » -
Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks
A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions of systems to potential remote code execution (RCE) and privilege escalation attacks. The vulnerability, assigned CVE-2024-56334,…
Read More » -
Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications
A seemingly benign health app, “BMI CalculationVsn,” was found on the Amazon App Store, which secretly collected sensitive user data, including installed app package names and incoming SMS messages, posing…
Read More » -
BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques
An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial sample (MD5 14f6c034af7322156e62a6c961106a8c) provided valuable insights into its version and development timeline. A second suspicious…
Read More » -
Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through malicious packages disguised as legitimate tools. The threat actor, “k303903,” compromised hundreds of machines before…
Read More » -
WhatsApp Wins NSO in Pegasus Spyware Hacking Lawsuit After 5 Years
After a prolonged legal battle stretching over five years, WhatsApp has triumphed over NSO Group in a significant lawsuit concerning the use of Pegasus spyware. The verdict, handed down by…
Read More » -
CISA Releases Eight new ICS Advisories to Defend Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight detailed advisories on vulnerabilities affecting Industrial Control Systems (ICS). These vulnerabilities impact critical software and hardware across various industries, posing…
Read More » -
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. This newly uncovered flaw…
Read More » -
NetWalker ransomware Operator Sentenced to 20 Years in Prison
A Romanian man has been sentenced to 20 years in prison for his involvement in the notorious NetWalker ransomware attacks. The sentencing, which took place in the Middle District of…
Read More » -
Windows 11 Vulnerability Lets Attackers Execute Code to Gain Access
Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM level. Security researcher Alex Birnberg showcased…
Read More »