‘MagicDot’ Windows Weakness Allows Unprivileged Rootkit Activity
Malformed DOS paths in file-naming nomenclature in Windows could be used to conceal malicious content, files, and processes.
darkreading – Read More
OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining
Microsoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments.
The post OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining appeared first on SecurityWeek.
SecurityWeek – Read More
Novel Android Malware Targets Korean Banking Users
A new banking Trojan is targeting Korean users using obfuscation techniques that target the Android manifest, exploit vulnerabilities and take advantage of weaknesses in how Android apps interpret this file.
Cyware News – Latest Cyber News – Read More
Damn Vulnerable RESTaurant: Open-Source API Service Designed for Learning
Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.
Cyware News – Latest Cyber News – Read More
Hackers Target Middle East Governments with Evasive “CR4T” Backdoor
Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T.
Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed
The Hacker News – Read More
‘Crude’ Ransomware Tools Proliferating on the Dark Web for Cheap, Researchers Find
Researchers at the intelligence unit at the cybersecurity firm Sophos found 19 ransomware varieties being offered for sale or advertised as under development on four forums from June 2023 to February 2024.
Cyware News – Latest Cyber News – Read More
Cyberattack Takes Frontier Communications Offline
The local phone and business communications company said that attackers accessed unspecified PII, after infiltrating its internal networks.
darkreading – Read More
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware
It turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine.
darkreading – Read More
Russian APT Group Thwarted in Attack on US Automotive Manufacturer
The group gained access to the victim network by duping IT employees with high administrative-access privileges.
darkreading – Read More
Brave search engine adds privacy-focused AI – no Google or Bing needed
Accessible in any browser, Brave’s new ‘Answer with AI’ option provides an AI-generated summary – with sources – in response to your requests and searches.
Latest stories for ZDNET in Security – Read More