Latest Cybersecurity News and Articles


Hackers Deliver Popular Crypto-Miner Through Malicious Email Auto Replies, Researchers Say

20 September 2024
Hackers are distributing a popular crypto-miner via malicious email auto-replies, as per researchers. They compromised email accounts to send innocent automatic replies with links to crypto-mining malware, specifically XMRig.

UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks

20 September 2024
UNC1860 has been observed using victim networks as staging areas for additional operations, targeting entities in Saudi Arabia and Qatar. They overlap with APT34, assisting in lateral movement within compromised organizations.

FTC investigates video streaming and social media for data collection

20 September 2024
A report found that companies collected and could indefinitely retain troves of data, including information from data brokers, and about both users and non-users of their platforms. 

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

20 September 2024
Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina

Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert

20 September 2024
Acronis Backup Plugins have been affected by a critical security flaw, CVE-2024-8767 (CVSS 9.9). The vulnerability impacts Linux-based plugins for cPanel & WHM, Plesk, and DirectAdmin, potentially leading to data breaches and unauthorized operations.

Experts Warn of China-Linked APT's Raptor Train IoT Botnet

20 September 2024
The attribution of the Raptor Train botnet to a Chinese nation-state actor is based on various factors, including operational timelines, targeting sectors aligned with Chinese interests, and the use of the Chinese language.

Passwordless AND Keyless: The Future of (Privileged) Access Management

20 September 2024
In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what kinds of secrets companies typically manage, including one type they should manage: Passwords [x] TLS certificates [x] Accounts [x] SSH keys ??? The secrets listed above are typically secured with privileged access management (PAM) solutions or similar. Yet, most traditional PAM

CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet FortiClient EMS

20 September 2024
Cybersecurity researchers at Darktrace have discovered cybercriminals exploiting Fortinet’s FortiClient EMS. The attackers targeted a critical vulnerability, CVE-2023-48788, to gain unauthorized access through an SQL injection flaw.

Cybercriminals Exploit CAPTCHA to Deliver Malware: Experts Issue Warning

20 September 2024
These counterfeit CAPTCHA tests prompt users to execute seemingly harmless commands, which actually lead to the installation of the dangerous Lumma Stealer malware on Windows devices.

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

20 September 2024
Unit 42 researchers have discovered an ongoing campaign involving tainted Python packages distributing Linux and macOS backdoors, known as PondRAT, linked to Gleaming Pisces, a North Korean threat actor targeting supply chain vendors.

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

20 September 2024
An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and

Five Eyes cyber leaders provide threat briefing at major US conference

20 September 2024
NCSC CEO discusses how the global threat picture remains unpredictable at Aspen Cyber Summit with fellow cyber security leaders.

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

20 September 2024
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said. The PIN is a six-digit code by default, although it's

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

20 September 2024
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.6 Patch

Security’s Top 5 – July & August 2024

20 September 2024
Security’s Top 5 from Security magazine showcases the top stories and new developments from across the security industry.

This Windows PowerShell Phish Has Scary Potential

19 September 2024
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it's unlikely that many programmers fell for this scam, it's notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Wherever There's Ransomware, There's Service Account Compromise. Are You Protected?

19 September 2024
Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in lateral movement in over 70% of ransomware attacks. However, there’s an alarming disproportion

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

19 September 2024
Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. "Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials," the cybersecurity company said. Targets of the emerging threat include plumbing, HVAC (heating,

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

19 September 2024
A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country," Kaspersky said in a new analysis. "It's likely that the attackers are testing the

Microsoft Confirms CVE-2024-37985 as Zero-Day Bug in Windows

19 September 2024
Microsoft has confirmed CVE-2024-37985 as a zero-day bug in Windows with a CVSS score of 5.9. It is a Windows Kernel information disclosure vulnerability, allowing attackers to access heap memory from a privileged process on a vulnerable server.