Latest Cybersecurity News and Articles
18 April 2024
Richard Horne appointed new CEO of the National Cyber Security Centre and GCHQ Board member.
18 April 2024
In a report today, Mandiant says that Sandworm relied on three main hacktivist-branded Telegram channels named XakNet Team, CyberArmyofRussia_Reborn, and Solntsepek, all operating in parallel and independently of one another.
18 April 2024
The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States.
18 April 2024
Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack
Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use
18 April 2024
Hackers who appear to be Chinese are exploiting vulnerabilities in the OpenMetadata platform running as workloads on Kubernetes clusters to download cryptomining software, warns Microsoft.
18 April 2024
Armis has purchased a security prioritization and remediation vendor led by a Goldman Sachs veteran to more effectively address vulnerabilities and misconfigurations with AI and automation.
18 April 2024
Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations.
Detecting Threats in PDFs
PDF files are frequently exploited by threat actors to
18 April 2024
A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure.
The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis.
18 April 2024
As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world.
Described as one of the largest Phishing-as-a-Service (PhaaS) providers, LabHost offered phishing pages targeting banks, high-profile organizations, and other service
18 April 2024
Since September 2022, anyone has been able to use the LockBit version 3.0 - aka Black - builder thanks to a key developer leaking it after he fell out with group leader LockBitSupp.
18 April 2024
A group of 50 cybersecurity professionals signed an open letter that was sent on April 12 to the US Secretary of Commerce, Gina Raimondo, and several members of the US Congress.
18 April 2024
The hit comes from direct response efforts like recovering Change’s clearinghouse platform and paying higher medical costs after its insurance arm suspended some utilization management processes, in addition to the loss of Change’s revenue.
18 April 2024
A local, authenticated attacker can exploit the vulnerability, tracked as CVE-2024-20295, to conduct command injection attacks on the underlying operating system and elevate privileges to root.
18 April 2024
In its first annual report, the Food and Agriculture-Information Sharing and Analysis Center (Food and Ag-ISAC) said the industry was the seventh most targeted sector in the country, behind manufacturing, financial services, and others.
18 April 2024
Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.
18 April 2024
Cisco Talos described the brute-forcing attempts as using both generic and valid usernames for specific organizations, with the attacks indiscriminately targeting a wide range of sectors across geographies.
18 April 2024
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity.
That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024.
OpenMetadata is an open-source platform that operates as a
18 April 2024
A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell.
"The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby
17 April 2024
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution.
17 April 2024
A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022.
The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka APT44 or