Wed.Mar 06, 2024

article thumbnail

Welcoming the German Government to Have I Been Pwned

Troy Hunt

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department. This access now provides them with complete access to the exposure of their government domains in data breaches.

article thumbnail

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

Security Affairs

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the discovery and infection of hosts running the above services.

Malware 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Remote Desktop Threats & Remediations

Duo's Security Blog

Remote Desktop Protocol (RDP) enables much of today’s hybrid workforce, allowing employees to remotely access desktop computers regardless of their location. Like any remote access tool, however, it is susceptible to security threats, including brute force attacks. Attackers can gain unauthorized access to an RDP connection via several brute force methods, the most common of which is credential spraying.

article thumbnail

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

Security Affairs

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec and Stormous ransomware gang are jointly conducting a ransomware campaign targeting various organizations in multiple countries, Cisco Talos reported. GhostSec is a financially motivated threat actor that is also involved in hacktivism-related operations.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

ITRC Finds Online Job Scams on the Rise

Security Boulevard

The ITRC reported a surge in online job scams targeting unsuspecting job seekers for their personal information. The post ITRC Finds Online Job Scams on the Rise appeared first on Security Boulevard.

Scams 135
article thumbnail

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2023-21237 Android Pixel Information Disclosure Vulnerability CVE-2021-36380 Sunhillo SureLine OS Command Injection Vulnerablity The Android Pixel vulnerability, tracked

Spyware 136

More Trending

article thumbnail

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

Security Affairs

The wide torrent-based accessibility of these leaked victim files ensures the longevity of LockBit 3.0’s harmful impact. While embattled ransomware gang LockBit 3.0 fights for its survival following Operation Cronos , a coordinated takedown of the syndicate’s web infrastructure by global authorities, the availability of victim data leaked by the gang persists via peer-to-peer (P2P) torrent networks.

Risk 134
article thumbnail

New Python-Based Snake Info Stealer Spreading Through Facebook Messages

The Hacker News

Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report.

137
137
article thumbnail

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

WIRED Threat Level

A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hacked—and they want the company to take “immediate action.

Hacking 139
article thumbnail

CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS memory corruption vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23225 Apple iOS and iPadOS Memory Corruption Vulnerability CVE-2024-23296 Apple iOS and iPadOS Memory Corruption Vulnerability This week, Apple released emergency

Spyware 129
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware

Bleeping Computer

Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. [.

Malware 131
article thumbnail

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware

The Hacker News

Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023.

Malware 132
article thumbnail

Hacked WordPress sites use visitors' browsers to hack other sites

Bleeping Computer

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. [.

Hacking 134
article thumbnail

CVE-2023-28578 & CVE-2023-28582: Qualcomm Patches Critical Flaws in Popular Chips

Penetration Testing

US chipmaking giant Qualcomm has released a crucial security bulletin this month, patching 16 vulnerabilities – including two critical flaws (CVE-2023-28578 and CVE-2023-28582)– that leave billions of devices exposed to potential attacks. Two severe... The post CVE-2023-28578 & CVE-2023-28582: Qualcomm Patches Critical Flaws in Popular Chips appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Healthcare Groups Push for Help in Wake of Ransomware Attack on Change

Security Boulevard

Healthcare providers groups are ramping up pressure on the federal government, lawmakers, and UnitedHealth Group to help hospitals, healthcare clinics, and pharmacies that have gone more than two weeks without payments following the devastating ransomware attack on Change Healthcare, a UnitedHealth company. Meanwhile, notorious ransomware-as-a-service (RaaS) group BlackCat – also known as ALPHV – appears.

article thumbnail

Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware

Graham Cluley

Chinese mini PC manufacturer ACEMAGIC has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its products.

Malware 119
article thumbnail

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

The Hacker News

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access.

article thumbnail

CVE-2024-27295: Directus Flaw Opens Door to Account Takeovers

Penetration Testing

A flaw (CVE-2024-27295) was found in Directus, a versatile open-source content management platform favored by developers for its flexibility and customization options. This vulnerability leaves thousands of projects potentially exposed to account hijacking attacks.... The post CVE-2024-27295: Directus Flaw Opens Door to Account Takeovers appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

The Hacker News

The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice.

Scams 121
article thumbnail

How to Use Norton Secure VPN (A Step-by-Step Guide)

Tech Republic Security

Having a hard time getting started with Norton VPN? Learn how to use Norton Secure VPN with our in-depth tutorial.

VPN 133
article thumbnail

Smashing Security podcast #362: Ransomware fraud, pharmacy chaos, and suicide

Graham Cluley

Is there any truth behind the alleged data breach at Fortnite maker Epic Games? Who launched the ransomware attack that caused a fallout at pharmacies? And what’s the latest on the heart-breaking hack of Finnish therapy clinic Vastaamo?

article thumbnail

Sophisticated Linux Malware Campaign Targets Misconfigured Cloud Services

Penetration Testing

Cado Security Labs’ recent discovery exposed a complex malware campaign zeroing in on Linux servers misconfigured with popular cloud services. This campaign highlights the adaptability of malicious actors, who are continuously refining tactics to... The post Sophisticated Linux Malware Campaign Targets Misconfigured Cloud Services appeared first on Penetration Testing.

Malware 112
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS

Malwarebytes

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited. Zero-day vulnerabilities are discovered by attackers before the software company itself – meaning the vendor has ‘zero days’ to fix them. Both the two vulnerabilities allow an attacker to bypass the memory protections that would normally stop someone from running malicious code.

Software 111
article thumbnail

Hackers impersonate U.S. government agencies in BEC attacks

Bleeping Computer

A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. [.

article thumbnail

CVE-2024-27917: Critical Vulnerability in Popular E-Commerce Platform Shopware 6

Penetration Testing

A newly discovered critical vulnerability (CVE-2024-27917) in Shopware 6, a widely used open-source e-commerce platform, could significantly disrupt online stores and compromise the shopping experience for customers. Technical Breakdown: Where the Trouble Lies The... The post CVE-2024-27917: Critical Vulnerability in Popular E-Commerce Platform Shopware 6 appeared first on Penetration Testing.

article thumbnail

Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers

Graham Cluley

Ukraine claims its hackers have gained possession of "the information security and encryption software" used by Russia's Ministry of Defence , as well as secret documents, reports, and instructions exchanged between over 2,000 units of Russia's security services. Read more in my article on the Hot for Security blog.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Best of KB4-CON 2024: The State of Phishing, Hacking and Security Awareness Training

Tech Republic Security

We know what went on at security awareness training vendor KnowBe4’s seventh annual KB4-CON user conference in Florida. From March 4-6, close to 1,700 people heard about cybersecurity matters and the two-edged sword that is artificial intelligence. Let’s face it, AI greatly enhances cybersecurity defenses while simultaneously arming cybercriminals with more potent tools.

article thumbnail

CVE-2024-21320 PoC Published- How Microsoft Themes Can Compromise Your Credentials

Penetration Testing

Akamai security researcher Tomer Peled recently unveiled the technical detail and proof-of-concept (PoC) for a vulnerability within Microsoft Themes (CVE-2024-21320). This vulnerability, with a CVSS score of 6.5, enables attackers to execute authentication coercion... The post CVE-2024-21320 PoC Published- How Microsoft Themes Can Compromise Your Credentials appeared first on Penetration Testing.

article thumbnail

Hospitals Seek Federal Help as Change Healthcare Ransomware Attack Disrupts Payments

SecureWorld News

The unprecedented cyberattack on Change Healthcare, a major revenue cycle management firm, has thrown the U.S. healthcare system into disarray. With payment systems crippled, hospitals are now pleading for federal intervention to avert a financial crisis that could imperil care delivery. The American Hospital Association (AHA) has ramped up pressure on Congress and the White House to take extraordinary measures supporting providers impacted by the ongoing disruptions at the UnitedHealth Group su

article thumbnail

TA4903 – A Cybercriminal Group with a Focus on Financial Gain

Penetration Testing

Financial gain is the core motivation of cybercriminal group TA4903. This group has displayed a consistent pattern of sophisticated phishing tactics in pursuit of sensitive corporate data, often followed by damaging BEC scams. Since... The post TA4903 – A Cybercriminal Group with a Focus on Financial Gain appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.