New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

/in

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads.
Included among the tools deployed is a remote access tool that’s capable of downloading and executing more malicious programs as well as a utility to propagate the malware via SSH, cloud analytics platform Datadog

The Hacker News – ​Read More

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

/in

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution.
The list of vulnerabilities is as follows –

CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) – Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could

The Hacker News – ​Read More

Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach

/in

Blackbaud was ordered to pay $6.75 million to the California Attorney General’s Office over the 2020 data breach.

The post Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach appeared first on SecurityWeek.

SecurityWeek – ​Read More

Singapore Police Extradites Malaysians Linked to Android Malware Fraud

/in

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023.
The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing

The Hacker News – ​Read More

Anthropic’s red team methods are a needed step to close AI security gaps

/in

Anthropics’ four red team methods add to the industry’s growing base of frameworks, which suggests the need for greater standardization.Read More

Security News | VentureBeat – ​Read More

Bug Bounty Programs, Hacking Contests Power China’s Cyber Offense

/in

With the requirement that all vulnerabilities first get reported to the Chinese government, once-private vulnerability research has become a goldmine for China’s offensive cybersecurity programs.

darkreading – ​Read More

Some Skills Should Not Be Ceded to AI

/in

AI tools keep trying to take away all the fun jobs. Here are just a few of the reasons for cybersecurity folks (and others) to skip the writing cheats.

darkreading – ​Read More

Apple embraces open-source AI with 20 Core ML models on Hugging Face platform

/in

Apple releases 20 new Core ML models and 4 datasets on Hugging Face, empowering developers to create intelligent, privacy-focused apps with cutting-edge on-device AI capabilities.Read More

Security News | VentureBeat – ​Read More

Scattered Spider Boss Cuffed in Spain Boarding a Flight to Italy

/in

Accused of hacking into more than 45 companies in the US, a 22-year-old British man was arrested by Spanish police and found to be in control of more than $27 million in Bitcoin.

darkreading – ​Read More

Emojis Control the Malware in Discord Spy Campaign

/in

Pakistani hackers are spying (▀̿Ĺ̯▀̿ ̿) on the highly sensitive organizations in India by using emojis (Ծ_Ծ) as malicious commands (⚆ᗝ⚆) and the old Dirty Pipe Linux flaw.

darkreading – ​Read More