FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network
Feb 01, 2024NewsroomCyber Attack / Botnet The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant…
Category: TheHackerNews
Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign
Feb 01, 2024NewsroomCryptojacking / Linux Security Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. “The…
U.S. Feds Shut Down China-Linked “KV-Botnet” Targeting SOHO Routers
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked…
HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining
Feb 01, 2024NewsroomCryptocurrency / Botnet Cybersecurity researchers have detailed an updated version of the malware HeadCrab that’s known to target Redis database servers across the…
New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
Feb 01, 2024NewsroomNetwork Security / Malware Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other…
CISA Warns of Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS
Feb 01, 2024NewsroomVulnerability / Software Update The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS,…
RunC Flaws Enable Container Escapes, Granting Attackers Host Access
Jan 31, 2024NewsroomSoftware Security / Linux Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors…
Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
Jan 31, 2024NewsroomVulnerability / Zero Day Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which…
Understanding New SaaS Cybersecurity Rules
The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements…
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
Jan 31, 2024NewsroomCyber Crime / Hacking News Cybersecurity researchers are calling attention to the “democratization” of the phishing ecosystem owing to the emergence of Telegram…
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
Jan 31, 2024NewsroomCryptocurrency / Cybersecurity A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target…
Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware
Jan 31, 2024NewsroomCyber Attack / Network Security A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have…