15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

/in

A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck.
The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36.
The severity of the shortcoming is lower due to the fact that it only works

The Hacker News – ​Read More

North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign

/in

North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie.
Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into

The Hacker News – ​Read More

Cyberhaven says it was hacked to publish a malicious update to its Chrome extension

/in

The data-loss startup says it was targeted as part of a “wider campaign to target Chrome extension developers.”

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Deepfakes, Quantum Attacks Loom Over APAC in 2025

/in

Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing “harvest now, decrypt later” attacks for various malicious use cases.

darkreading – ​Read More

Hackers Are Hot for Water Utilities

/in

The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here’s how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities.

darkreading – ​Read More

Record-breaking ransoms and breaches: A timeline of ransomware in 2024

/in

From LoanDepot to Evolve Bank and Blue Yonder, these ransomware attacks affect tens of millions of people.

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Defining & Defying Cybersecurity Staff Burnout

/in

Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.

darkreading – ​Read More

The Paper Passport Is Dying

/in

Smartphones and face recognition are being combined to create new digital travel documents. The paper passport’s days are numbered—despite new privacy risks.

Security Latest – ​Read More

Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

/in

The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting “several dozen users” in 2024.
“Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code,” Kaspersky researcher Oleg

The Hacker News – ​Read More

FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

/in

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN.
“These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings

The Hacker News – ​Read More