The Hacker News

"TAG-100:  New threat actor uses open-source tools for widespread attacks."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 18 July 2024, 1313 UTC.

Content and Source:   https://thehackernews.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 

The Hacker News

192K followers32 articles per week#security#tech
20

MOST POPULAR

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks
6 TTPs
54by info@thehackernews.com (The Hacker News) / 2h
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,
SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
7 TTPs
52by info@thehackernews.com (The Hacker News) / 2h
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers
AppSec Webinar: How to Turn Developers into Security Champions
by info@thehackernews.com (The Hacker News) / 53min
Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs — a way to turn developers from

TODAY

Automated Threats Pose Increasing Risk to the Travel Industry
by info@thehackernews.com (The Hacker News) / 1h
As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023—a significant jump from 37.4% in 2022.

YESTERDAY

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban
32by info@thehackernews.com (The Hacker News) / 5h
Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the
Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager
2 TTPs
40by info@thehackernews.com (The Hacker News) / 6h
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper
North Korean Hackers Update BeaverTail Malware to Target MacOS Users
IoC > 1 domain
52by info@thehackernews.com (The Hacker News) / 20h
15 TTPs
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,
Navigating Insider Risks: Are your Employees Enabling External Threats?
24by info@thehackernews.com (The Hacker News) / 1d
Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks,
FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums
10 TTPs
43by info@thehackernews.com (The Hacker News) / 1d
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a security dodging tool known to be used by ransomware groups like AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been

JUL 16, 2024

China-linked APT17 Targets Italian Companies with 9002 RAT Malware
13 TTPs
52by info@thehackernews.com (The Hacker News) / 1d
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second
Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks
Persistence (Enterprise TA0003)
46by info@thehackernews.com (The Hacker News) / 1d
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP
3 TTPs
51by info@thehackernews.com (The Hacker News) / 1d
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are
'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins
IoC > 2 domains
25by info@thehackernews.com (The Hacker News) / 1d
5 TTPs
Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds. "Konfety represents a new form of
Threat Prevention & Detection in SaaS Environments - 101
34by info@thehackernews.com (The Hacker News) / 2d
Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them. According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and
Malicious npm Packages Found Using Image Files to Hide Backdoor Code
7 TTPs
70by info@thehackernews.com (The Hacker News) / 2d
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They
Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks
10 TTPs
42by info@thehackernews.com (The Hacker News) / 2d
The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access. That's according to independent findings from cybersecurity firms Check Point and Sekoia, which have

JUL 15, 2024

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer
18 TTPs
62by info@thehackernews.com (The Hacker News) / 2d
CVE-2024-38112
An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, the vulnerability – tracked as CVE-2024-38112 – was used as part of a multi-stage attack
Kaspersky Exits U.S. Market Following Commerce Department Ban
38by info@thehackernews.com (The Hacker News) / 2d
Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
2 TTPs
42by info@thehackernews.com (The Hacker News) / 2d
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open
GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks
6 TTPs
39by info@thehackernews.com (The Hacker News) / 2d
Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. "This case was

END OF FEED

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

SecurityWeek Briefing.

Image
"Microsoft offers up to $15,000 in New AI Bug Bounty Program." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 13 October 2023, 2020 UTC.  Content provided by email subscription to "SecurityWeek Briefing." Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGtxdZHmrfcBkMDJSSNTtHlmhQX ("SecurityWeek Briefing"). Please click link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). SecurityWeek News Briefing | Friday, October 13, 2023 CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware Juniper Networks Patches Over 30 Vulnerabilities in Junos OS In Other News : Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure Microsoft Offers Up to $15,000 in New AI Bug Bounty Program Researcher Co
Read more

SecurityWeek Briefing.

Image
"Health Care Solutions giant disrupted by Cyberattack." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 19 October 2023, 2033 UTC.  Content provided by email subscription to "SecurityWeek Briefing." Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGwHLhdlHbpbQJXqhLLSvQbhdnC ("SecurityWeek Briefing"). Please click link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). SecurityWeek News Briefing | Thursday, October 19, 2023 Healthcare Solutions Giant Disrupted by Cyberattack Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program CipherStash Raises $3 Million for Encryption-in-Use Technology US Government Releases Anti-Phishing Guidance Google Play Protect Gets Real-Time Code Scanning Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,00
Read more

Cyber War Newswire

Image
"Fears Russian 'space weapon' could be used for cyberwarfare and sabotage." Views expressed in this cybersecurity and cyberespionage update are those of the reporters and correspondents.  Accessed on 23 May 2024, 2016 UTC. Content and Source:  https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig/Cyber War News-EIN Presswire. Please scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). CYBER WAR NEWS MONITORING Get by    Email    •     RSS Published on  May 22, 2024 Fears Russian 'space weapon' could be used for cyberwarfare and sabotage The US has accused Russia of launching an anti-satellite weapon into space and placing it in the same orbit as an American probe, leading to fears of possible sabotage and cyber warfare. Pentagon spokesman Brigadier General Pat
Read more