North Korea-linked APT Citrine Sleet Exploit Chrome Zero-Day to Deliver FudModule Rootkit

A North Korean APT used a Google Chrome zero-day flaw, CVE-2024-7971, to deploy the FudModule rootkit. Microsoft researchers linked these attacks to Citrine Sleet (AppleJeus, Labyrinth Chollima, UNC4736, or Hidden Cobra) with medium confidence.

Cyware News – Latest Cyber News – ​Read More

Roblox Developers Under Attack by New Malicious NPM Campaign

Roblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar.

Cyware News – Latest Cyber News – ​Read More

Novel Attack on Windows Spotted in Chinese Phishing Campaign

The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary “runonce.exe,” giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.

Cyware News – Latest Cyber News – ​Read More

Secrets Exposed: Why Your CISO Should Worry About Slack

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day?
A Single Secret Can Wreak Havoc
Imagine this: It’s a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is

The Hacker News – ​Read More

Chrome 128 Updates Patch High-Severity Vulnerabilities

Google has released two Chrome 128 updates to address six high-severity vulnerabilities reported by external researchers.

The post Chrome 128 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.

SecurityWeek – ​Read More

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.
“If successful, the adversary could gain any privileges already granted to the affected

The Hacker News – ​Read More

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt

A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer.
Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.
He was

The Hacker News – ​Read More

Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network

Hacker ‘HikkI-Chan’ leaks personal data of over 390 million VK users on Breach Forums, including city, country, full…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Cybersecurity Tips For Businesses Using Remote Workers 

Remote work offers benefits like reduced costs and wider recruitment but also increases cybersecurity risks. To protect your…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Tracelo Location Tracker Data Breach: 1.4 Million Users’ Data Dumped Online

Tracelo, a smartphone geolocation tracker service, was breached on September 1, 2024, exposing data from both its customers…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More