From Data Leaks to Multi-Extortion
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark…
Category: TheHackerNews
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
Jan 12, 2024NewsroomVulnerability / Threat Intelligence As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging…
Why Attack Simulation is Key to Avoiding a KO
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of…
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
Jan 12, 2024NewsroomCryptocurrency / Malware Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within…
CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
Jan 12, 2024NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to…
New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms
Jan 11, 2024NewsroomCloud Security / Cyber Attacks A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems…
Threat Actors Increasingly Abusing GitHub for Malicious Purposes
Jan 11, 2024NewsroomCybersecurity / Software Security The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to…
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
Jan 11, 2024NewsroomVulnerability / Cyber Attack Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz…
Atomic Stealer Gets an Upgrade
Jan 11, 2024NewsroomMalvertising / Cyber Attacks Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the…
There is a Ransomware Armageddon Coming for Us All
Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that…
Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software
Jan 11, 2024NewsroomVulnerability / Patch Management Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary…
Mandiant’s X Account Was Hacked Using Brute-Force Attack
Jan 11, 2024NewsroomOnline Security / Cryptocurrency The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,”…