Hackers have been using a PHP vulnerability to deploy a stealthy backdoor called Msupedge. This backdoor was recently used in a cyberattack against an unnamed university in Taiwan.
As adversaries increasingly exploit AI, security practitioners must not fall behind. What does it take to unlock the full potential of AI in cybersecurity?
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 11:06:412024-08-21 11:06:41Unlocking the Power of AI in Cybersecurity
A high-severity vulnerability (CVE-2024-38810) has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. The vulnerability impacts Spring Security versions 6.3.0 and 6.3.1.
The abuse of URL rewriting in phishing attacks has emerged as a new trend, allowing threat actors to hide malicious links behind trusted domains of security vendors. Exploiting these features enables bypassing detection mechanisms.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 09:06:412024-08-21 09:06:41Rising Abuse of URL Rewriting in Phishing
The vulnerability, known as CVE-2024-6500, affects the InPost PL and InPost for WooCommerce plugins, allowing attackers to read and delete sensitive files like the wp-config.php configuration file.
Styx Stealer is based on the Phemedrone Stealer and is available for purchase online. It has the ability to steal passwords, cookies, crypto wallet data, and messenger sessions, as well as gather system information.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 09:06:402024-08-21 09:06:40Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware.
The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown.
The attack chains commence with phishing messages with photos of alleged prisoners of war (
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 07:06:342024-08-21 07:06:34CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait
A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks.
The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164,
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 02:06:472024-08-21 02:06:47Singapore updates OT security blueprint to focus on data sharing and cyber resilience
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
New Msupedge Backdoor Targeting Taiwan Employs Stealthy Communications
/in General NewsHackers have been using a PHP vulnerability to deploy a stealthy backdoor called Msupedge. This backdoor was recently used in a cyberattack against an unnamed university in Taiwan.
Cyware News – Latest Cyber News – Read More
Unlocking the Power of AI in Cybersecurity
/in General NewsAs adversaries increasingly exploit AI, security practitioners must not fall behind. What does it take to unlock the full potential of AI in cybersecurity?
The post Unlocking the Power of AI in Cybersecurity appeared first on SecurityWeek.
SecurityWeek – Read More
Spring Security Flaw Leaves Applications Open to Unauthorized Access
/in General NewsA high-severity vulnerability (CVE-2024-38810) has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. The vulnerability impacts Spring Security versions 6.3.0 and 6.3.1.
Cyware News – Latest Cyber News – Read More
Rising Abuse of URL Rewriting in Phishing
/in General NewsThe abuse of URL rewriting in phishing attacks has emerged as a new trend, allowing threat actors to hide malicious links behind trusted domains of security vendors. Exploiting these features enables bypassing detection mechanisms.
Cyware News – Latest Cyber News – Read More
Over 10,000 WordPress Sites at Risk: Critical File Deletion Flaw Found in InPost Plugins
/in General NewsThe vulnerability, known as CVE-2024-6500, affects the InPost PL and InPost for WooCommerce plugins, allowing attackers to read and delete sensitive files like the wp-config.php configuration file.
Cyware News – Latest Cyber News – Read More
Cyberattack Disrupts Microchip Technology Manufacturing Facilities
/in General NewsMicrochip Technology has disclosed a cyberattack impacting operations at some of its manufacturing facilities.
The post Cyberattack Disrupts Microchip Technology Manufacturing Facilities appeared first on SecurityWeek.
SecurityWeek – Read More
Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
/in General NewsStyx Stealer is based on the Phemedrone Stealer and is available for purchase online. It has the ability to steal passwords, cookies, crypto wallet data, and messenger sessions, as well as gather system information.
Cyware News – Latest Cyber News – Read More
CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait
/in General NewsThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware.
The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown.
The attack chains commence with phishing messages with photos of alleged prisoners of war (
The Hacker News – Read More
GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
/in General NewsA maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks.
The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164,
The Hacker News – Read More
Singapore updates OT security blueprint to focus on data sharing and cyber resilience
/in General NewsSingapore’s national operational technology masterplan has been updated to address the ‘increasingly perilous’ cyber threat landscape.
Latest stories for ZDNET in Security – Read More