Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

/in

Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners.
Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as

The Hacker News – ​Read More

European Commission takes aim at end-to-end encryption and proposes Europol become an EU FBI

/in

The Commission said it would create roadmaps regarding both the “lawful and effective access to data for law enforcement” and on encryption.

The Record from Recorded Future News – ​Read More

5 tools I trust to keep my online conversations private and anonymous

/in

Privacy matters. These apps and services help you communicate without putting your identity or data at risk from prying eyes.

Latest stories for ZDNET in Security – ​Read More

Genetic sharing site openSNP to shut down, citing concerns of data privacy and ‘rise in authoritarian governments’

/in

The open source repository of genetic data will delete its banks of data on April 30, its co-founder confirms.

Security News | TechCrunch – ​Read More

Russia tightens cybersecurity measures as financial fraud hits record high

/in

Vladimir Putin signed a law on Monday that prohibits state institutions, banks and others from using foreign messaging apps when communicating with customers.

The Record from Recorded Future News – ​Read More

Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals

/in

GreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances.

The post Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals appeared first on SecurityWeek.

SecurityWeek – ​Read More

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

/in

A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android.
Lucid’s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms.
“Its scalable,

The Hacker News – ​Read More

UK sets out new cyber reporting requirements for critical infrastructure

/in

The belated reworking of the country’s cybersecurity regulations comes three years after the previous government had prematurely described those laws as “updated” while failing to actually introduce the legislation.

The Record from Recorded Future News – ​Read More

Windows 11 PC won’t boot? Microsoft’s new tool tries to fix it before you even panic – here’s how

/in

Now available to Windows Insiders, Windows 11 is getting a secret weapon for boot failures called Quick Machine Recovery – and it works automatically.

Latest stories for ZDNET in Security – ​Read More

Google ‘ImageRunner’ Bug Enabled Privilege Escalation

/in

Tenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat actor to escalate privileges.

darkreading – ​Read More