Category: Uncategorized
-
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration [email protected] (The Hacker News)
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. “TheRead…
-
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals [email protected] (The Hacker News)
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures. “A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor…
-
MITRE Adds Mitigations to EMB3D Threat Model Ionut Arghire
MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices. The post MITRE Adds Mitigations to EMB3D Threat Model appeared first on SecurityWeek. Read More
-
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities [email protected] (The Hacker News)
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. “These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a…
-
US, Allies Release Guidance on Securing OT Environments Ionut Arghire
New guidance provides information on how to create and maintain a secure operational technology (OT) environment. The post US, Allies Release Guidance on Securing OT Environments appeared first on SecurityWeek. Read More
-
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI Ionut Arghire
Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI. The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek. Read More
-
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit [email protected] (The Hacker News)
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The…
-
Harmonic Raises $17.5M to Defend Against AI Data Harvesting Ryan Naraine
Harmonic has raised a total of $26 million to develop a new approach to data protection using pre-trained, specialized language models. The post Harmonic Raises $17.5M to Defend Against AI Data Harvesting appeared first on SecurityWeek. Read More
-
Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps Eduard Kovacs
Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps. The post Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps appeared first on SecurityWeek. Read More
-
5 Must-Have Tools for Effective Dynamic Malware Analysis [email protected] (The Hacker News)
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1.…