Category: TheHackerNews

Android Spyware
12
Dec
2024

Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States

Dec 12, 2024Ravie LakshmananMobile Security / Cyber Espionage The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to…

Share: X : Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet StatesFacebook : Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet StatesLinkedin : Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet StatesReddit : Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet StatesTelegram : Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet StatesWhatsApp : Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet StatesEmail : Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States
296,000 Prometheus
12
Dec
2024

Credentials and API Keys Leaking Online

Dec 12, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and…

Share: X : Credentials and API Keys Leaking OnlineFacebook : Credentials and API Keys Leaking OnlineLinkedin : Credentials and API Keys Leaking OnlineReddit : Credentials and API Keys Leaking OnlineTelegram : Credentials and API Keys Leaking OnlineWhatsApp : Credentials and API Keys Leaking OnlineEmail : Credentials and API Keys Leaking Online
TCC Bypass in iOS and macOS
12
Dec
2024

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

Dec 12, 2024Ravie LakshmananVulnerability / Device Security Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS…

Share: X : Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSFacebook : Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSLinkedin : Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSReddit : Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSTelegram : Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSWhatsApp : Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSEmail : Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
WordPress Hunk Companion Plugin
12
Dec
2024

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Dec 12, 2024Ravie LakshmananWebsite Security / Vulnerability Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for…

Share: X : WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsFacebook : WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsLinkedin : WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsReddit : WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsTelegram : WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsWhatsApp : WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsEmail : WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
DDoS Attack
12
Dec
2024

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

Dec 12, 2024Ravie LakshmananCyber Crime / DDoS Attack A global law enforcement operation has failed 27 stresser services that were…

Share: X : Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins ArrestedFacebook : Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins ArrestedLinkedin : Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins ArrestedReddit : Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins ArrestedTelegram : Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins ArrestedWhatsApp : Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins ArrestedEmail : Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested
Amadey Malware-as-a-Service
11
Dec
2024

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

Dec 11, 2024Ravie LakshmananMalware / Cyber Espionage The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware…

Share: X : Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-ServiceFacebook : Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-ServiceLinkedin : Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-ServiceReddit : Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-ServiceTelegram : Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-ServiceWhatsApp : Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-ServiceEmail : Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
Windows UI Framework
11
Dec
2024

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

Dec 11, 2024Ravie LakshmananMalware / Endpoint Security A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA)…

Share: X : New Malware Technique Could Exploit Windows UI Framework to Evade EDR ToolsFacebook : New Malware Technique Could Exploit Windows UI Framework to Evade EDR ToolsLinkedin : New Malware Technique Could Exploit Windows UI Framework to Evade EDR ToolsReddit : New Malware Technique Could Exploit Windows UI Framework to Evade EDR ToolsTelegram : New Malware Technique Could Exploit Windows UI Framework to Evade EDR ToolsWhatsApp : New Malware Technique Could Exploit Windows UI Framework to Evade EDR ToolsEmail : New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
ZLoader Malware
11
Dec
2024

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Dec 11, 2024Ravie LakshmananRansomware / Malware Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a…

Share: X : ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 CommsFacebook : ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 CommsLinkedin : ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 CommsReddit : ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 CommsTelegram : ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 CommsWhatsApp : ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 CommsEmail : ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms
Brute-Force Attempts
11
Dec
2024

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Dec 11, 2024Ravie LakshmananVulnerability / Authentication Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation…

Share: X : Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without AlertsFacebook : Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without AlertsLinkedin : Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without AlertsReddit : Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without AlertsTelegram : Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without AlertsWhatsApp : Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without AlertsEmail : Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Espionage Tactics of Chinese Hackers
11
Dec
2024

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

Dec 11, 2024Ravie LakshmananCyber Espionage / Cyber Attack A suspected China-based threat actor has been linked to a series of…

Share: X : Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast AsiaFacebook : Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast AsiaLinkedin : Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast AsiaReddit : Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast AsiaTelegram : Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast AsiaWhatsApp : Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast AsiaEmail : Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
11
Dec
2024

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Cybersecurity researchers have discovered a novel surveillance program that’s suspected to be used by Chinese police departments as a lawful…

Share: X : Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017Facebook : Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017Linkedin : Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017Reddit : Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017Telegram : Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017WhatsApp : Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017Email : Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
Actively Exploited CLFS Vulnerability
11
Dec
2024

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its…

Share: X : Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS VulnerabilityFacebook : Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS VulnerabilityLinkedin : Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS VulnerabilityReddit : Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS VulnerabilityTelegram : Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS VulnerabilityWhatsApp : Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS VulnerabilityEmail : Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability