Category: Uncategorized
-
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App [email protected] (The Hacker News)
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to…
-
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft [email protected] (The Hacker News)
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include…
-
Not Your Old ActiveState: Introducing our End-to-End OS Platform [email protected] (The Hacker News)
Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days,…
-
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP [email protected] (The Hacker News)
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a “rogue RDP” technique that was previouslyRead More
-
ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation [email protected] (The Hacker News)
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CKRead More
-
BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products [email protected] (The Hacker News)
BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.Read…
-
INTERPOL Pushes for “Romance Baiting” to Replace “Pig Butchering” in Scam Discourse [email protected] (The Hacker News)
INTERPOL is calling for a linguistic shift that aims to put to an end to the term “pig butchering,” instead advocating for the use of “romance baiting” to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. “The term ‘pig butchering’ dehumanizes and…
-
How to use the Hydra password-cracking tool
Post ContentRead More
-
Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts [email protected] (The Hacker News)
Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what’s the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the…
-
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected [email protected] (The Hacker News)
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023…