Malware Campaign Lures Users With Fake W2 Form

/in

A malicious campaign targeting users searching for W2 forms began on June 21, 2024, with a JavaScript file dropping a Brute Ratel Badger DLL into the user’s AppData. This initiated the installation of a Latrodectus backdoor.

Cyware News – Latest Cyber News – ​Read More

RaspAP Flaw Let Hackers Escalate Privileges with Raspberry Pi Devices

/in

The flaw, identified as CVE-2024-41637, affects RaspAP versions before 3.1.5 and has a severity score of 9.9. The vulnerability stems from improper access controls, enabling attackers to escalate privileges from www-data to root.

Cyware News – Latest Cyber News – ​Read More

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

/in

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script.
“This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems,” Trellix security researcher Rafael Pena said in a Monday analysis.
The cybersecurity

The Hacker News – ​Read More

ZeroTier Raises $13.5 Million in Series A Funding

/in

Virtual networking provider ZeroTier has raised $13.5 million in a Series A funding round led by Battery Ventures.

The post ZeroTier Raises $13.5 Million in Series A Funding appeared first on SecurityWeek.

SecurityWeek – ​Read More

VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access

/in

A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by “several” ransomware groups to gain elevated permissions and deploy file-encrypting malware.
The attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host.
“A

The Hacker News – ​Read More

Hacker Scrapes and Publishes 100,000-Line CrowdStrike IoC List

/in

USDoD hacker scrapes and leaks a 100,000-line Indicator of Compromise (IoC) list from CrowdStrike, revealing detailed threat intelligence…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

This tool tests AI’s resilience to ‘poisoned’ data

/in

A government agency says malicious data could have disastrous results for AI training. Here’s how Dioptra can help.

Latest stories for ZDNET in Security – ​Read More

ManageEngine: Australian SMEs Aim to Reduce IT Costs Amid Growing Technology Complexity

/in

“Digital intensity” caused by multiple cloud environments, application growth and AI is putting pressure on IT leaders in medium-sized businesses to manage costs while modernising their infrastructure.

Security | TechRepublic – ​Read More