Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT.
“The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure,” Kaspersky ICS CERT said in a Monday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below –
CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-25 05:06:582025-02-25 05:06:58Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-25 00:07:012025-02-25 00:07:01$1.5B Hack of Bybit Might Be the Largest Crypto Heist Ever
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-24 23:07:092025-02-24 23:07:09Zero-Day Bug Pops Up in Parallels Desktop for Mac
This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-24 22:07:072025-02-24 22:07:07Australia Latest Domino to Fall in Gov’t Kaspersky Bans
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-24 21:07:012025-02-24 21:07:01Hackers pose as e-sports gamers online to steal cryptocurrency from Counter-Strike fans
Over the weekend, Elon Musk surveyed his followers on X — the platform he spent $44 billion to buy — asking whether federal employees should be required to send his team an email with a list of five things they accomplished this week. With the yes votes totaling over 70%, Musk followed through. Federal employees […]
A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-24 20:07:032025-02-24 20:07:03Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack
Confirmation by South Korea’s data protection agency that the AI chatbot sent data to TikTok’s Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek’s safety.
A new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services
/in General NewsVarious industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT.
“The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure,” Kaspersky ICS CERT said in a Monday
The Hacker News – Read More
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below –
CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting
The Hacker News – Read More
$1.5B Hack of Bybit Might Be the Largest Crypto Heist Ever
/in General NewsGet details about how this cryptocurrency heist happened, and what Bybit’s CEO has said about it.
Security | TechRepublic – Read More
Zero-Day Bug Pops Up in Parallels Desktop for Mac
/in General NewsA patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight.
darkreading – Read More
Australia Latest Domino to Fall in Gov’t Kaspersky Bans
/in General NewsThis move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.
darkreading – Read More
Hackers pose as e-sports gamers online to steal cryptocurrency from Counter-Strike fans
/in General NewsCybercriminals are exploiting major e-sports tournaments to target players of the popular video game Counter-Strike 2 (CS2), researchers have found.
The Record from Recorded Future News – Read More
DOGE’s HR email is getting the ‘Bee Movie’ spam treatment
/in General NewsOver the weekend, Elon Musk surveyed his followers on X — the platform he spent $44 billion to buy — asking whether federal employees should be required to send his team an email with a list of five things they accomplished this week. With the yes votes totaling over 70%, Musk followed through. Federal employees […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack
/in General NewsA botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
DeepSeek’s ByteDance Data-Sharing Raises Fresh Security Concerns
/in General NewsConfirmation by South Korea’s data protection agency that the AI chatbot sent data to TikTok’s Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek’s safety.
darkreading – Read More
Could the Plot of Netflix’s ‘Zero Day’ Occur IRL?
/in General NewsA new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician.
darkreading – Read More