Remcos RAT Spreading Through Adult Games in New Attack Wave

/in

Remcos RAT is being distributed in South Korea disguised as adult-themed games via webhards, highlighting the deceptive tactics used by threat actors to propagate malware.

Cyware News – Latest Cyber News – ​Read More

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

/in

GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container.
The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same day, in addition to rotating all potentially exposed credentials out of an

The Hacker News – ​Read More

Windows SmartScreen Bug Abused to Deploy Phemedrone Stealer

/in
Despite being patched in November 2023, the CVE-2023-36025 Windows SmartScreen bypass vulnerability is still being exploited by malware distributors. The latest threat delivered through this vulnerability is a variant of the Phemedrone Stealer. To mitigate such threats, it’s crucial for users and organizations to regularly update their software and educate themselves about safe online practices.

Cyware News – Latest Cyber News – ​Read More

Tokyo startup Sakana AI lands $30M to forge new path with compact AI models

/in

Sakana AI, a Tokyo-based startup founded by former Google researchers, raises $30 million to develop smaller, efficient AI models inspired by natural swarm intelligence.Read More

Security News | VentureBeat – ​Read More

Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet

/in

Anyone who hasn’t mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.

darkreading – ​Read More

Effective Incident Response Relies on Internal and External Partnerships

/in

Dark Reading Research finds increased collaboration between security incident responders and groups within the HR, legal, and communications functions.

darkreading – ​Read More

Snyk Acquires Helios for Runtime Visibility

/in

Developer-security company Snyk acquired Helois, a startup specializing in capturing security-relevant data from live applications.

darkreading – ​Read More

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

/in

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild.
The flaws are listed below –

CVE-2023-6548 (CVSS score: 5.5) – Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management

The Hacker News – ​Read More