Key Takeaways From the British Library Cyberattack

Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks.

darkreading – ​Read More

Recent Zyxel NAS Vulnerability Exploited by Botnet

A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products.

The post Recent Zyxel NAS Vulnerability Exploited by Botnet appeared first on SecurityWeek.

SecurityWeek – ​Read More

SnailLoad Attack can Exploit Remote Network Latency Measurements to Infer User Activity

Unlike previous methods, SnailLoad doesn’t require a person-in-the-middle attack or hacking the target’s Wi-Fi. Instead, it lets a remote attacker infer websites and content viewed by a user without accessing their network traffic directly.

Cyware News – Latest Cyber News – ​Read More

Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets

CoinStats says North Korean hackers drained $2 million in virtual assets from 1,590 cryptocurrency wallets.

The post Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets appeared first on SecurityWeek.

SecurityWeek – ​Read More

Boolka Group’s Modular Trojan BMANAGER Exposed

The Boolka group is responsible for deploying advanced malware and conducting web attacks. They have been exploiting vulnerabilities using SQL injection attacks since 2022, targeting websites in various countries.

Cyware News – Latest Cyber News – ​Read More

New Attack Uses MSC Files and Windows XSS Flaw to Breach Networks

A new command execution technique called “GrimResource” has been discovered that leverages a combination of specially crafted Microsoft Saved Console (MSC) files and an unpatched Windows XSS flaw.

Cyware News – Latest Cyber News – ​Read More

Indonesia Says a Cyberattack Has Compromised Its Data Center but It Won’t Pay the $8 Million Ransom

Indonesia’s national data center has been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.

The post Indonesia Says a Cyberattack Has Compromised Its Data Center but It Won’t Pay the $8 Million Ransom appeared first on SecurityWeek.

SecurityWeek – ​Read More

Hackers Create Rogue Admin Accounts via Backdoored WordPress Plugins

Multiple WordPress plugins have been found to contain a backdoor that injects malicious code. This code allows attackers to create unauthorized administrator accounts, enabling them to perform malicious actions.

Cyware News – Latest Cyber News – ​Read More

Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher

Researcher shows how hackers could use social engineering to deliver ransomware and other malware to Meta’s Quest 3 VR headset.

The post Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher appeared first on SecurityWeek.

SecurityWeek – ​Read More

New Attack Technique Exploits Microsoft Management Console Files

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses.
Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (“sccm-updater.msc”) that was uploaded to the VirusTotal malware

The Hacker News – ​Read More