Category: Uncategorized
-
SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw Ionut Arghire
SolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability. The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek. Read More
-
From Cybercrime to Terrorism, FBI Director Says America Faces Many Elevated Threats ‘All at Once’ Associated Press
Wray declined to talk about any specific investigation or threat but said investigations into cyberattacks, including against election infrastructure, candidates or campaigns, require help from the private sector. The post From Cybercrime to Terrorism, FBI Director Says America Faces Many Elevated Threats ‘All at Once’ appeared first on SecurityWeek. Read More
-

New macOS Malware “Cthulhu Stealer” Targets Apple Users’ Data [email protected] (The Hacker News)
Cybersecurity researchers have uncovered a new information stealer that’s designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been available under a malware-as-a-service (MaaS) model for $500 a month from late 2023.…
-

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group [email protected] (The Hacker News)
A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021. Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit money laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and…
-
Oil Giant Halliburton Confirms Cyber Incident, Details Scarce SecurityWeek News
US oil giant Halliburton confirmed its computer systems were hit by a cyberattack that affected operations at its Houston offices. The post Oil Giant Halliburton Confirms Cyber Incident, Details Scarce appeared first on SecurityWeek. Read More
-

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide [email protected] (The Hacker News)
Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was released by Shanghai Fudan Microelectronics in 2020. “The FM11RF08S…
-

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk [email protected] (The Hacker News)
SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. “The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing [a] remote unauthenticated user to access internal functionality and modify…
-
GuidePoint talks ransomware negotiations, payment bans
Post ContentRead More
-

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control [email protected] (The Hacker News)
Details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware…
-
China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches Kevin Townsend
Hackers gained access to the switch using valid administrator credentials, and then ‘jailbroke’ from the application level into the OS level. The post China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches appeared first on SecurityWeek. Read More
