Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor

/in

By Deeba Ahmed

IT professionals are under attack! This article exposes a malicious malvertising campaign targeting IT teams with a novel backdoor named MadMxShell. Learn how attackers use typosquatting and DNS techniques to compromise systems.

This is a post from HackRead.com Read the original post: Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability 

/in

Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400.

The post Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability  appeared first on SecurityWeek.

SecurityWeek – ​Read More

Ukrainian Soldiers’ Apps Increasingly Targeted for Spying, Cyber Agency Warns

/in

The agency is attributing the surge to a group tracked as UAC-0184, which was spotted in February targeting an unnamed Ukrainian entity in Finland. CERT-UA does not attribute UAC-0184’s activity to any specific foreign cyber threat group.

Cyware News – Latest Cyber News – ​Read More

Deciphering the Economics of Software Development: An In-Depth Exploration

/in

By Uzair Amir

The depth of activities within software development ranges from ideation and design to coding, testing, and deployment. The…

This is a post from HackRead.com Read the original post: Deciphering the Economics of Software Development: An In-Depth Exploration

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

/in

Between crossovers – Do threat actors play dirty or desperate?
In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to

The Hacker News – ​Read More

Researchers Find Dozens of Fake E-Zpass Toll Websites After FBI Warning

/in

Researchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”

Cyware News – Latest Cyber News – ​Read More

Report: 51% of Enterprises Experienced a Breach Despite Large Security Stacks

/in

Threat actors are continuing to successfully breach across the entire attack surface. Around 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to a survey by Pentera.

Cyware News – Latest Cyber News – ​Read More

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

/in

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.
“When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path,” SafeBreach security researcher Or Yair said&

The Hacker News – ​Read More

Critical Flaw in the Forminator Plugin Impacts Hundreds of Thousands of WordPress Sites

/in

Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server.

Cyware News – Latest Cyber News – ​Read More

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days

/in

MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.

The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek.

SecurityWeek – ​Read More