Category: Uncategorized
-

New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia [email protected] (The Hacker News)
In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. “In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: ‘Are Bengal Cats legal in Australia?,’”…
-

The ROI of Security Investments: How Cybersecurity Leaders Prove It [email protected] (The Hacker News)
Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance. Just like you wouldn’t buy a car without knowing it was first put through a crash test, security systems must also be validated to…
-

Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation [email protected] (The Hacker News)
Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published last week. The server-side weaknesses “allow attackers to hijack important servers in theRead More
-

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities [email protected] (The Hacker News)
Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 – AOS-10.4.x.x: 10.4.1.4 and below Instant AOS-8.12.x.x: 8.12.0.2 and below Instant AOS-8.10.x.x:Read More
-

Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware [email protected] (The Hacker News)
Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT “provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer,” Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. “However, threat…
-

Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns [email protected] (The Hacker News)
Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time,…
-

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering [email protected] (The Hacker News)
The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March. The U.S. Department of…
-
Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)
What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account…
-
3 key generative AI data privacy and security concerns
Post ContentRead More
-

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services [email protected] (The Hacker News)
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. “This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures,” CloudSEK said in aRead More
