Malware & Threats

‘WallEscape’ Linux Vulnerability Leaks User Passwords

CVE-2024-28085, Linux, Malware & Threats, Ubuntu, Vulnerabilities, WallEscape /

‘WallEscape’ Linux Vulnerability Leaks User Passwords 2024-04-01 at 19:31 By Ionut Arghire A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View […]

React to this headline:

Loading spinner

‘WallEscape’ Linux Vulnerability Leaks User Passwords Read More »

In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing

In Other News, Malware & Threats /

In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing 2024-03-29 at 16:46 By SecurityWeek News Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users. The post In Other News: Airline Privacy Review, SEC’s SolarWinds Hack

React to this headline:

Loading spinner

In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing Read More »

Malware Upload Attack Hits PyPI Repository

Checkmarx, Malware & Threats, PyPI, Supply Chain Security /

Malware Upload Attack Hits PyPI Repository 2024-03-28 at 20:31 By Ryan Naraine Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Malware Upload Attack Hits PyPI Repository Read More »

Cyberespionage Campaign Targets Government, Energy Entities in India

APT, Cyberwarfare, India, Malware & Threats, Nation-State, phishing, spear-phishing /

Cyberespionage Campaign Targets Government, Energy Entities in India 2024-03-28 at 17:17 By Ionut Arghire Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Cyberespionage Campaign Targets Government, Energy Entities in India Read More »

VPN Apps on Google Play Turn Android Devices Into Proxies

Android, Google Play, Malware, Malware & Threats /

VPN Apps on Google Play Turn Android Devices Into Proxies 2024-03-27 at 17:01 By Ionut Arghire Human Security identifies 28 VPN applications for Android and an SDK that turn devices into proxies. The post VPN Apps on Google Play Turn Android Devices Into Proxies appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

VPN Apps on Google Play Turn Android Devices Into Proxies Read More »

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

Google TAG, Lockdown Mode, Malware & Threats, Mandiant, Nation-State, Vulnerabilities, Zero-Day /

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working 2024-03-27 at 17:01 By Ryan Naraine Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post Google Report: Despite Surge in Zero-Day Attacks, Exploit

React to this headline:

Loading spinner

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working Read More »

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own

Google Chrome, Malware & Threats, Pwn2Own, Vulnerabilities, Zero-Day /

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own 2024-03-27 at 17:01 By Ionut Arghire Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest. The post Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own Read More »

Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters

AI, Artificial Intelligence, exploited, Featured, Malware & Threats /

Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters 2024-03-27 at 15:01 By Ionut Arghire Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters. The post Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters Read More »

Researchers Discover 40,000-Strong EOL Router, IoT Botnet 

botnet, IoT Security, KV Botnet, Malware & Threats, routers /

Researchers Discover 40,000-Strong EOL Router, IoT Botnet  2024-03-26 at 20:46 By Ryan Naraine Malware hunters sound an alarm after discovering a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities. The post Researchers Discover 40,000-Strong EOL Router, IoT Botnet  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Researchers Discover 40,000-Strong EOL Router, IoT Botnet  Read More »

Suspicious NuGet Package Harvesting Information From Industrial Systems

ICS, ICS malware, Malware, Malware & Threats /

Suspicious NuGet Package Harvesting Information From Industrial Systems 2024-03-26 at 17:01 By Ionut Arghire A suspicious NuGet package likely targets developers working with technology from Chinese firm Bozhon. The post Suspicious NuGet Package Harvesting Information From Industrial Systems appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Suspicious NuGet Package Harvesting Information From Industrial Systems Read More »

Over 100 Organizations Targeted in Recent ‘StrelaStealer’ Attacks

Malware, Malware & Threats /

Over 100 Organizations Targeted in Recent ‘StrelaStealer’ Attacks 2024-03-25 at 16:16 By Ionut Arghire More than 100 organizations in the US and EU have been targeted in recent StrelaStealer infostealer campaigns. The post Over 100 Organizations Targeted in Recent ‘StrelaStealer’ Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Over 100 Organizations Targeted in Recent ‘StrelaStealer’ Attacks Read More »

Top Python Developers Hacked in Sophisticated Supply Chain Attack

Malware & Threats, supply chain /

Top Python Developers Hacked in Sophisticated Supply Chain Attack 2024-03-25 at 14:01 By Ionut Arghire Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. The post Top Python Developers Hacked in Sophisticated Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Top Python Developers Hacked in Sophisticated Supply Chain Attack Read More »

39,000 Websites Infected in ‘Sign1’ Malware Campaign

Malware & Threats, web security /

39,000 Websites Infected in ‘Sign1’ Malware Campaign 2024-03-22 at 16:01 By Ionut Arghire Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains. The post 39,000 Websites Infected in ‘Sign1’ Malware Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

39,000 Websites Infected in ‘Sign1’ Malware Campaign Read More »

Recent TeamCity Vulnerability Exploited in Ransomware Attacks

exploited, Malware & Threats, Ransomware, TeamCity /

Recent TeamCity Vulnerability Exploited in Ransomware Attacks 2024-03-11 at 17:46 By Eduard Kovacs Servers impacted by recently patched TeamCity vulnerability CVE-2024-27198 targeted in ransomware attacks and abused for DDoS. The post Recent TeamCity Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Recent TeamCity Vulnerability Exploited in Ransomware Attacks Read More »

Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities

Linux malware, Malware & Threats /

Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities 2024-03-11 at 14:14 By Ionut Arghire The financially motivated threat actor Magnet Goblin is targeting one-day vulnerabilities to deploy Nerbian malware on Linux systems. The post Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities Read More »

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails

APT, Incident Response, Malware & Threats, Microsoft, Midnight Blizzard, Nation-State, SolarWinds /

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails 2024-03-08 at 21:34 By Ryan Naraine Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails. The post Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive

React to this headline:

Loading spinner

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails Read More »

Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks

China, espionage, Malware, Malware & Threats, Tibet /

Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks 2024-03-08 at 15:02 By Ionut Arghire Chinese APT Evasive Panda compromises a software developer’s supply chain to target Tibetans with malicious downloaders. The post Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks Read More »

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure

exploited, Featured, Malware & Threats, TeamCity /

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure 2024-03-07 at 13:36 By Eduard Kovacs Critical TeamCity authentication bypass vulnerability CVE-2024-27198 exploited in the wild after details were disclosed. The post Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure Read More »

Linux Malware Campaign Targets Misconfigured Cloud Servers

Cloud, Linux malware, Malware & Threats /

Linux Malware Campaign Targets Misconfigured Cloud Servers 2024-03-06 at 18:31 By Ionut Arghire A new malware campaign has been observed targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The post Linux Malware Campaign Targets Misconfigured Cloud Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Linux Malware Campaign Targets Misconfigured Cloud Servers Read More »

US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials

Malware & Threats, Mobile & Wireless, Tracking & Law Enforcement /

US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials 2024-03-05 at 23:01 By Associated Press The Treasury Department sanctioned individuals associated with Intellexa Consortium, maker of the powerful Predator Spyware. The post US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials Read More »

Scroll to Top