Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

/in

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.
“The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis.

The Hacker News – ​Read More

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain

The Hacker News – ​Read More

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

/in

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance.
The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0
“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing

The Hacker News – ​Read More

North Korea Hackers Get Cash Fast in Linux Cyber Heists

/in

The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.

darkreading – ​Read More

Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says

/in

In the last fiscal year, 389 U.S.-based healthcare institutions were successfully hit with ransomware, causing “network closures, systems offline, critical medical operations delayed, and appointments rescheduled,” Microsoft said.

The Record from Recorded Future News – ​Read More

Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says

/in

The growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts.

The post Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says appeared first on SecurityWeek.

SecurityWeek – ​Read More

Anthropic just made it harder for AI to go rogue with its updated safety policy

/in

Anthropic updates its Responsible Scaling Policy, introducing new safety standards and AI capability thresholds to manage risks from powerful AI models like autonomous systems and bioweapons threats.Read More

Security News | VentureBeat – ​Read More

Hong Kong police bust fraud ring that used face-swapping tech for romance scams

/in

Hong Kong authorities said they arrested more than two dozen people associated with a scam involving “artificially generated photos using AI technology to create attractive individuals.”

The Record from Recorded Future News – ​Read More

Election Day is Close, the Threat of Cyber Disruption is Real

/in

New threat report shows that the potential for disruption to November’s Election Day is severe, and the threat is real.

The post Election Day is Close, the Threat of Cyber Disruption is Real appeared first on SecurityWeek.

SecurityWeek – ​Read More

Generative AI in Security: Risks and Mitigation Strategies

/in

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Security | TechRepublic – ​Read More