Malware & Threats

Check Point VPN Attacks Involve Zero-Day Exploited Since April

Check Point, exploited, Featured, Malware & Threats, VPN, vulnerability, Zero-Day /

Check Point VPN Attacks Involve Zero-Day Exploited Since April 2024-05-30 at 12:46 By Eduard Kovacs The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords. The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

Check Point VPN Attacks Involve Zero-Day Exploited Since April Read More »

JAVS Courtroom Audio-Visual Software Installer Serves Backdoor

CVE-2024-4978, ICS/OT, JAVS, Malware & Threats, Rapid7, Vulnerabilities /

JAVS Courtroom Audio-Visual Software Installer Serves Backdoor 2024-05-24 at 16:31 By Ionut Arghire Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover. The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

JAVS Courtroom Audio-Visual Software Installer Serves Backdoor Read More »

Microsoft Quick Assist Tool Abused for Ransomware Delivery

Black Basta, Featured, Malware & Threats, Ransomware /

Microsoft Quick Assist Tool Abused for Ransomware Delivery 2024-05-17 at 14:46 By Ionut Arghire The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment. The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Microsoft Quick Assist Tool Abused for Ransomware Delivery Read More »

New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data

Android trojan, Malware, Malware & Threats /

New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data 2024-05-17 at 14:46 By Ionut Arghire The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages. The post New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data Read More »

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers

AMOS, Fraud & Identity Theft, macOS, Malware & Threats, Recorded Future, Russia /

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers 2024-05-15 at 18:31 By Ionut Arghire Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software. The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers Read More »

400,000 Linux Servers Hit by Ebury Botnet 

botnet, Linux malware, Malware, Malware & Threats /

400,000 Linux Servers Hit by Ebury Botnet  2024-05-15 at 15:01 By Ionut Arghire The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected. The post 400,000 Linux Servers Hit by Ebury Botnet  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

400,000 Linux Servers Hit by Ebury Botnet  Read More »

Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities

CVE-2024-30040, CVE-2024-30044, CVE-2024-30051, Featured, Malware & Threats, Microsoft, Patch Tuesday, Ransomware, Vulnerabilities /

Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities 2024-05-14 at 22:47 By Ryan Naraine Patch Tuesday: Microsoft documents 60 security flaws in multiple software products and flags an actively exploited Windows zero-day for urgent attention. The post Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities Read More »

Adobe Patches Critical Flaws in Reader, Acrobat

Acrobat and Reader, Adobe, Malware & Threats, Patch Tuesday, Vulnerabilities /

Adobe Patches Critical Flaws in Reader, Acrobat 2024-05-14 at 21:01 By Ryan Naraine Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software. The post Adobe Patches Critical Flaws in Reader, Acrobat appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Adobe Patches Critical Flaws in Reader, Acrobat Read More »

Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks

DNS, Malware, Malware & Threats /

Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks 2024-05-14 at 15:31 By Ionut Arghire Threat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures. The post Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks Read More »

Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS

apple, CVE-2024-23296, Malware & Threats, Patch Tuesday, RTKit, Vulnerabilities /

Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS 2024-05-13 at 23:01 By Ryan Naraine Apple documents another zero-day flaw being exploited on older iPhones and documents security problems in macOS, iOS and iPadOS. The post Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS Read More »

US Says North Korean Hackers Exploiting Weak DMARC Settings 

APT, DMARC, email security, Featured, Kimsuky, Malware & Threats, Nation-State, North Korea /

US Says North Korean Hackers Exploiting Weak DMARC Settings  2024-05-03 at 19:16 By Ionut Arghire The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks. The post US Says North Korean Hackers Exploiting Weak DMARC Settings  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

US Says North Korean Hackers Exploiting Weak DMARC Settings  Read More »

Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals

botnet, cybercrime, Featured, Malware & Threats, Russia /

Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals 2024-05-03 at 17:09 By Ionut Arghire A botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers. The post Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals Read More »

Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push

bug bounty program, Google, Google Play, Malware & Threats, Mobile & Wireless, Vulnerabilities /

Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push 2024-05-01 at 18:33 By Ionut Arghire Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program. The post Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push Read More »

Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data 

Cuttlefish, HiatusRAT, Malware & Threats, Nation-State, Network Security, router /

Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data  2024-05-01 at 18:33 By Ryan Naraine Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic. The post Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data  Read More »

Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server

Android, Malware & Threats, Mobile & Wireless /

Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server 2024-05-01 at 15:31 By Ionut Arghire The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal. The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server Read More »

Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover

CVE-2024-28189, CVE-2024-29021, Judge0, Malware & Threats, Vulnerabilities /

Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover 2024-04-30 at 20:46 By Ionut Arghire Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host. The post Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover Read More »

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure

AI, artificial inteligence, Artificial Intelligence, CISA, critical infrastructure, Government, Malware & Threats /

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure 2024-04-29 at 21:02 By Ryan Naraine New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy. The post CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure appeared first on SecurityWeek. This

React to this headline:

Loading spinner

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure Read More »

Google Says it Blocked 2.28 Million Apps from Google Play Store

Android, Google, Google Play, Malware & Threats, Mobile & Wireless /

Google Says it Blocked 2.28 Million Apps from Google Play Store 2024-04-29 at 20:16 By Ionut Arghire In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts. The post Google Says it Blocked 2.28 Million Apps from Google Play Store appeared first on SecurityWeek.

React to this headline:

Loading spinner

Google Says it Blocked 2.28 Million Apps from Google Play Store Read More »

Kaiser Permanente Data Breach Impacts 13.4 Million Patients

Data Breaches, healthcare, Kaiser Permanente, Malware & Threats, Privacy, surveillance /

Kaiser Permanente Data Breach Impacts 13.4 Million Patients 2024-04-29 at 18:31 By Ionut Arghire US healthcare giant is warning millions of current and former patients that their personal information was exposed to third-party advertisers. The post Kaiser Permanente Data Breach Impacts 13.4 Million Patients appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Kaiser Permanente Data Breach Impacts 13.4 Million Patients Read More »

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day

CrushFTP, CVE-2024-4040, Malware & Threats, Vulnerabilities, Zero-Day /

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day 2024-04-26 at 17:16 By Ionut Arghire More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published. The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day Read More »

Scroll to Top