Latest Cybersecurity News and Articles

---

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. "The Rust standard library did not properly escape

---

April’s Patch Tuesday Brings Record Number of Fixes

If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software.

---

51% of check fraud victims had been targeted two or more times

Almost a third of Americans surveyed (31%) admitted to either not following best practices to avoid check fraud or being unsure whether they do so. 

---

Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region

The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice. The email header has an email address format that uses the domain ‘temporary[.]link’.

---

10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet

A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation

---

Microsoft Two-Step Phishing Campaign Targets LinkedIn Users

A new LinkedIn threat combines breached users’ accounts and an evasive 2-step phishing attack. A recent Python-based infostealer called Snake targets Facebook users with malicious messages.

---

Hackers Targeting Human Rights Activists in Morocco and Western Sahara

Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the name Starry Addax, describing it as primarily singling out activists associated with

---

US Health Deptarment Warns Hospitals of Hackers Targeting IT Help Desks

The U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.

---

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024. The

---

CL0P's Ransomware Rampage - Security Measures for 2024

2023 CL0P Growth  Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the ‘CryptoMix’ ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the

---

Hackers Deploy Crypto Drainers on Thousands of WordPress Sites

According to cybersecurity researcher MalwareHunterTeam, the threat actors have now begun monetizing the pool of compromised WordPress sites to display pop-ups promoting fake NFT offers and crypto discounts.

---

Patches for CVE-2024-1086 for CloudLinux 6h, 7 Users on KernelCare Live

The KernelCare team is working on deploying a live patch for CVE-2024-1086 for CloudLinux users. A patch has already been released for CloudLinux 6h and CloudLinux 7, and users can manually update without a live patch.

---

Cybercriminal Adoption of Browser Fingerprinting

Numerous pieces of data can be collected as a part of fingerprinting, including Time zone, Language settings, IP address, Cookie settings, Screen resolution, Browser privacy, and User-agent string.

---

Automating Pikabot’s String Deobfuscation

Previous versions of Pikabot used advanced string encryption techniques, which have been replaced with simpler algorithms. Previously, the strings were encrypted using a combination of AES-CBC and RC4 algorithms.

---

ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.

---

Malware-Initiated Vulnerability Scanning is on the Rise

Threat actors have been using scanning methods to pinpoint vulnerabilities in networks or systems for a very long time. Some scanning attacks originate from benign networks likely driven by malware on infected machines.

---

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet

---

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in

---

William Wragg resigns from two Commons roles after divulging MPs’ phone numbers

Tory MP resigns committee roles after apology for role in parliamentary sexting scandalThe Conservative MP who divulged colleagues’ personal phone numbers to someone he met on a dating app as part of a parliamentary sexting scandal has stepped down from two Commons roles, it has been reported.William Wragg has resigned as chair of the Commons’ public administration and constitutional affairs committee and also quit his post as the vice-chair of the 1922 Committee of Conservative backbenchers after admitting to giving the information to a man he met, according to reports. Continue reading...

---

Escalation of Fake E-Shop Campaign Threatens Banking Security in Multiple Regions

The threat actor behind the fake e-shop campaign leverages tools such as the open-source string obfuscator “Paranoid” and the Janus WebRTC module, showcasing a deep understanding of technological intricacies to evade detection and amplify impact.