4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new…
Category: TheHackerNews
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
Jan 14, 2025Ravie LakshmananVulnerability / Network Security Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management…
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
Jan 14, 2025Ravie LakshmananCryptocurrency / Online Scam The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion…
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
Jan 14, 2025Ravie LakshmananVulnerability / Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote…
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
Jan 13, 2025Ravie LakshmananVulnerability / Cloud Security A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation…
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
Jan 13, 2025Ravie LakshmananMalware / Domain Security No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking…
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a…
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Jan 11, 2025Ravie LakshmananAI Security / Cybersecurity Microsoft has revealed that it’s pursuing legal action against a “foreign-based threat–actor group” for operating a hacking-as-a-service infrastructure…
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
Jan 11, 2025Ravie LakshmananFinancial Crime / Cryptocurrency The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating…
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Jan 10, 2025Ravie LakshmananArtificial Intelligence / Cybercrime Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang…
A Practical Guide for MSPs
Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers…
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
Jan 10, 2025Ravie LakshmananCryptomining / Malware Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner…