Category: Uncategorized
-

Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group [email protected] (The Hacker News)
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. “An attacker who successfully exploited…
-

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group [email protected] (The Hacker News)
Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity “indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively,” Team Cymru said in a report published this week as part of a joint…
-

OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda [email protected] (The Hacker News)
OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election. “This week we identified and took down a cluster of ChatGPT accounts that were generating content for…
-

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts [email protected] (The Hacker News)
A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. “Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absenceRead More
-

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web [email protected] (The Hacker News)
A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this…
-
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign Ionut Arghire
Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables. The post Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign appeared first on SecurityWeek. Read More
-
In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack SecurityWeek News
Noteworthy stories that might have slipped under the radar: there are 400 CVE Numbering Authorities, crash reports can be a valuable source of information, and Schlatter was hit by a cyberattack. The post In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack appeared first on SecurityWeek. Read More
-

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware [email protected] (The Hacker News)
Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC. The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading theRead More
-
Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security? Jennifer Leggio
Security leaders are facing big decisions about how they use their monetary and people resources to better secure their environments. The post Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security? appeared first on SecurityWeek. Read More
-
User mode vs. kernel mode: OSes explained
Post ContentRead More
