The suspicious ad for Slack appeared legitimate but was likely malicious. Clicking on it would initially redirect to slack.com. However, after several days, it started redirecting to a click tracker, showing signs of a potentially malicious campaign.
Cyware News – Latest Cyber News – Read More
Deniss Zolotarjovs was charged in a US court for extorting victims and laundering cryptocurrency as part of the Karakurt cyber extortion group.
The post Russian Member of Karakurt Cyber Extortion Gang Charged in US appeared first on SecurityWeek.
SecurityWeek – Read More
A PoC exploit has been released for a critical vulnerability (CVE-2024-41992) found in the Arcadyan FMIMG51AX000J model, as well as other devices using the same firmware version.
Cyware News – Latest Cyber News – Read More
Audit finds weaknesses in FBI’s inventory management and disposition procedures for drives containing sensitive information.
The post FBI Fails to Secure Sensitive Storage Media Destined for Destruction, Audit Reveals appeared first on SecurityWeek.
SecurityWeek – Read More
This latest Log4j exploitation-based attack uses obfuscated LDAP requests to evade detection and executes malicious scripts, establishing persistence and exfiltrating data through encrypted channels.
Cyware News – Latest Cyber News – Read More
The Telegram channel and website Deep State uses public data and insider intelligence to power its live tracker of Ukraine’s ever-shifting front line.
Security Latest – Read More
In these file-sharing phishing attacks, cybercriminals impersonate colleagues or trusted services to trick targets into clicking on malicious links that can lead to data theft or malware infection.
Cyware News – Latest Cyber News – Read More
Researchers from Quarkslab found a hardware backdoor in the FM11RF08S RFID cards manufactured by Shanghai Fudan Microelectronics, enabling attackers to compromise user-defined keys within minutes.
Cyware News – Latest Cyber News – Read More
SolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability.
The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
GitHub disclosed three security vulnerabilities in GitHub Enterprise Server (GHES), including CVE-2024-6800, CVE-2024-6337, and CVE-2024-7711. The most severe, CVE-2024-6800, allowed attackers to forge a SAML response, granting site admin privileges.
Cyware News – Latest Cyber News – Read More