A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.
“The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis.
”
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-16 08:06:542024-10-16 08:06:54Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-16 06:06:422024-10-16 06:06:42CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance.
The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0
“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-15 22:08:182024-10-15 22:08:18North Korea Hackers Get Cash Fast in Linux Cyber Heists
In the last fiscal year, 389 U.S.-based healthcare institutions were successfully hit with ransomware, causing “network closures, systems offline, critical medical operations delayed, and appointments rescheduled,” Microsoft said.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-15 21:07:162024-10-15 21:07:16Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-15 21:07:162024-10-15 21:07:16Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says
Anthropic updates its Responsible Scaling Policy, introducing new safety standards and AI capability thresholds to manage risks from powerful AI models like autonomous systems and bioweapons threats.Read More
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-15 20:07:372024-10-15 20:07:37Anthropic just made it harder for AI to go rogue with its updated safety policy
Hong Kong authorities said they arrested more than two dozen people associated with a scam involving “artificially generated photos using AI technology to create attractive individuals.”
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-15 20:07:362024-10-15 20:07:36Hong Kong police bust fraud ring that used face-swapping tech for romance scams
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-15 19:07:442024-10-15 19:07:44Election Day is Close, the Threat of Cyber Disruption is Real
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-15 19:07:442024-10-15 19:07:44Generative AI in Security: Risks and Mitigation Strategies
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack
/in General NewsA new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.
“The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis.
”
The Hacker News – Read More
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain
The Hacker News – Read More
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
/in General NewsGitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance.
The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0
“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing
The Hacker News – Read More
North Korea Hackers Get Cash Fast in Linux Cyber Heists
/in General NewsThe thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.
darkreading – Read More
Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says
/in General NewsIn the last fiscal year, 389 U.S.-based healthcare institutions were successfully hit with ransomware, causing “network closures, systems offline, critical medical operations delayed, and appointments rescheduled,” Microsoft said.
The Record from Recorded Future News – Read More
Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says
/in General NewsThe growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts.
The post Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says appeared first on SecurityWeek.
SecurityWeek – Read More
Anthropic just made it harder for AI to go rogue with its updated safety policy
/in General NewsAnthropic updates its Responsible Scaling Policy, introducing new safety standards and AI capability thresholds to manage risks from powerful AI models like autonomous systems and bioweapons threats.Read More
Security News | VentureBeat – Read More
Hong Kong police bust fraud ring that used face-swapping tech for romance scams
/in General NewsHong Kong authorities said they arrested more than two dozen people associated with a scam involving “artificially generated photos using AI technology to create attractive individuals.”
The Record from Recorded Future News – Read More
Election Day is Close, the Threat of Cyber Disruption is Real
/in General NewsNew threat report shows that the potential for disruption to November’s Election Day is severe, and the threat is real.
The post Election Day is Close, the Threat of Cyber Disruption is Real appeared first on SecurityWeek.
SecurityWeek – Read More
Generative AI in Security: Risks and Mitigation Strategies
/in General NewsMicrosoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.
Security | TechRepublic – Read More