Software Productivity Tools Hijacked to Deliver Infostealers
Innocuous little Windows programs were carrying cheap malware for weeks, exposing customers of the India-based software vendor to data theft.
darkreading – Read More
New Android Spyware Steals Data from Gamers and TikTok Users
Transparent Tribe Expands Android Spyware Arsenal: Gamers, Weapons Fans, and TikTok Users Targeted!
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform
Splunk has released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. These vulnerabilities include high-severity flaws such as Remote Code Execution (RCE) and Serialized Session Payload exploits.
Cyware News – Latest Cyber News – Read More
Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus
Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition.
“The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device,” security researcher
The Hacker News – Read More
OVHcloud blames record-breaking DDoS attack on MikroTik botnet
OVHcloud successfully mitigated a record-breaking DDoS attack with a packet rate of 840 million packets per second. The attack originated from compromised MikroTik network devices, which were used to generate high packet rates.
Cyware News – Latest Cyber News – Read More
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors
The international law enforcement operation, Operation Morpheus, led to the takedown of 593 Cobalt Strike servers used by cybercriminals. This action was a collaborative effort involving multiple countries and private partners.
Cyware News – Latest Cyber News – Read More
Cyber Extortion Soars: SMBs Hit Four Times Harder
The Cy-Xplorer 2024 report by Orange Cyberdefense reveals a significant rise in cyber extortion, with 60 ransomware groups affecting 4374 victims from Q1 2023 to Q1 2024. SMBs are targeted 4.2 times more than larger enterprises.
Cyware News – Latest Cyber News – Read More
384,000 sites pull code from sketchy code library recently bought by Chinese firm
Over 384,000 websites, including those of major companies and government entities, are still linking to the polyfill[.]io code library that was recently acquired by a Chinese firm and used to perform a supply chain attack.
Cyware News – Latest Cyber News – Read More
Hackers abused API to verify millions of Authy MFA phone numbers
Twilio has confirmed that an unsecured API endpoint allowed threat actors to access phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
Cyware News – Latest Cyber News – Read More
Infostealer malware logs used to identify child abuse website members
Researchers at Recorded Future’s Insikt Group analyzed infostealer malware logs captured between February 2021 and February 2024. They cross-referenced the credentials with 20 known CSAM domains, identifying 3,324 unique username-password pairs.
Cyware News – Latest Cyber News – Read More