Category: Uncategorized
-
New Password Cracking Analysis Targets Bcrypt Eduard Kovacs
Hive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5. The post New Password Cracking Analysis Targets Bcrypt appeared first on SecurityWeek. Read More
-
Prophet Security Emerges From Stealth Mode With $11 Million in Funding Ionut Arghire
Bain Capital Ventures and angel investors invest $11 million in automated alerts analysis startup Prophet Security. The post Prophet Security Emerges From Stealth Mode With $11 Million in Funding appeared first on SecurityWeek. Read More
-

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users [email protected] (The Hacker News)
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users’ keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any securityRead More
-

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners [email protected] (The Hacker News)
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed Read…
-

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers [email protected] (The Hacker News)
A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-originRead More
-
$10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors Ryan Naraine
Four Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies. The post $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors appeared first on SecurityWeek. Read More
-
Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together Associated Press
The judge with Spain’s National Court said there is reason to believe that the new information provided by France can “allow the investigations to advance.” The post Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together appeared first on SecurityWeek. Read More
-

Apache Cordova App Harness Targeted in Dependency Confusion Attack [email protected] (The Hacker News)
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository. This&Read More
-
The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success Kevin Townsend
Mandiant’s M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand. The post The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success appeared first on SecurityWeek. Read More
-
Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations Ionut Arghire
Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations. The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations appeared first on SecurityWeek. Read More
