Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks

/in

Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.

The post Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks appeared first on SecurityWeek.

SecurityWeek – ​Read More

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

/in

Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild.
The two high-severity vulnerabilities are listed below –

CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure
CVE-2024-53197 (CVSS score: 7.8) – A privilege escalation flaw in the USB sub-component of Kernel

The Hacker News – ​Read More

Neptune RAT Variant Spreads via YouTube to Steal Windows Passwords

/in

A new Neptune RAT variant is being shared via YouTube and Telegram, targeting Windows users to steal passwords and deliver additional malware components.

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

$115 million just poured into this startup that makes engineering 1,000x faster — and Bezos, Altman, and Nvidia are all betting on its success

/in

Credit: VentureBeat made with Midjourney

Rescale secures $115 million in Series D funding to accelerate AI physics technology that speeds up engineering simulations by 1000x, backed by tech luminaries including Bezos and Altman.Read More

Security News | VentureBeat – ​Read More

Google’s Sec-Gemini v1 Takes on Hackers & Outperforms Rivals by 11%

/in

Sec-Gemini v1 has access to real-time cybersecurity data from trusted sources including Google Threat Intelligence, Mandiant’s attack reports, and the Open Source Vulnerabilities database.

Security | TechRepublic – ​Read More

ToddyCat APT Targets ESET Bug to Load Silent Malware

/in

Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems.

darkreading – ​Read More

NIST to Implement ‘Deferred’ Status to Dated Vulnerabilities

/in

The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD).

darkreading – ​Read More

PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry

/in

As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.

The post PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry appeared first on SecurityWeek.

SecurityWeek – ​Read More

Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams

/in

A federal judge approved the immediate deregistration of 93 of the companies in an order on March 21. Two others will be wound up over time because they have “meaningful” assets.

The Record from Recorded Future News – ​Read More

Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign

/in

Two other employees at the St. Petersburg-based hosting provider Azea Group were arrested. The company has alleged links to state-sponsored disinformation campaigns and cybercriminal infrastructure.

The Record from Recorded Future News – ​Read More