Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

Backdoor infecting VPNs used “magic packets” for stealth and security

J-Magic backdoor infected organizations in a wide array of industries. When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by compet

Published: 2025-01-23T23:42:29



Biz & IT Ars Technica

Data breach hitting PowerSchool looks very, very bad

Schools are now notifying families their data has been stolen. Parents, students, teachers, and administrators throughout North America are smarting from what could be the biggest data breach of 2025: an intrusi

Published: 2025-01-23T12:30:57



Biz & IT Ars Technica

The Internet is (once again) awash with IoT botnets delivering record DDoSes

Bigger, badder DDoSes are flooding the Internet. Dismal IoT security is largely to blame. We’re only three weeks into 2025, and it’s already shaping up to be the year of Internet of Things-driven DDoSes. Reports

Published: 2025-01-22T15:10:58



Biz & IT Ars Technica

Microsoft patches Windows to eliminate Secure Boot bypass threat

File that neutered Secure Boot passed Microsoft's internal review process. For the past seven months and likely longer an industry-wide standard that protects Windows devices from firmware infections could be by

Published: 2025-01-16T13:24:17



Biz & IT Ars Technica

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

In-the-wild attacks tamper with built-in security tool providing infection warnings. Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerabilit

Published: 2025-01-09T22:17:26



The Register - Software

Don't want your Kubernetes Windows nodes hijacked? Patch this hole now

SYSTEM-level command injection via API parameter *chef's kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully t

Published: 2025-01-24T15:00:08



The Register - Software

Better power management, security, and scheduling in Linux kernel 6.13

But no changes to bcachefs Linux kernel 6.13 is here, but don't get too excited. It's not a biggie and, given the timing, probably won't appear in many familiar distros.

Published: 2025-01-22T14:45:07



The Verge - Securities

Google is giving IT more control over your Chrome extensions

Sample image of an enterprise organization page for Chrome extensions with recommended add-ons and a link to request others. The aim is to prevent employees from installing potentially harmful browser extensions that pose a security risk as seen in the phishing campaign reported in December that inserted malicious code into multiple Chrome extensions, including ...

Published: 2025-01-23T12:00:00



The Verge - Securities

North Korea linked to crypto heists of over $650 million in 2024 alone

Illustration of a digital coin on fire. Hackers in North Korea stole a total of $659 million in crypto across several heists in 2024, according to a joint statement issued today by the US, Japan, and South Korea. The report specified five such incidents, like the $235 million the...

Published: 2025-01-14T15:54:03



The Verge - Securities

Wyze cameras will use AI to describe what they see

A screenshot of a Wyze Camera recording, with a Descriptive Alert notification about a delivery driver dropping packages onto the doorstep. Wyze’s Descriptive Alerts are available to Cam Unlimited Pro members a new $19.99 per month (or $199.99 per year) subscription that bundles other features like facial recognition, searching videos using descriptive keywords, and simultaneou...

Published: 2025-01-14T12:30:00



The Verge - Securities

FBI hacked thousands of computers to make malware uninstall itself

A laptop surrounded by green and pink message boxes that say “warning.” The FBI hacked about 4,200 computers across the US as part of an operation to find and delete PlugX, a malware used by state-backed hackers in China to steal information from victims, the Department of Justice announced on Tuesday. In an un...

Published: 2025-01-14T11:32:59



The Verge - Securities

A major data broker hack may have leaked precise location info for millions

Art rendering of transparent laptop in front of a wall of surveilling eyes. Last week, major location data broker Gravy Analytics disclosed a data breach that may have resulted in the theft of precise location data for millions of people, reports TechCrunch. That appears to include data from popular mobile games li...

Published: 2025-01-13T11:10:23



The Verge - Securities

PowerSchool data breach leaks info of students and staff at schools across the US

Photo collage of a pixelated student at a desk. Schools across the US and Canada are warning parents that a data breach may have leaked information for students and employees. The K-12 operations platform PowerSchool, which supports over 60 million students and has over 18,000 customers ...

Published: 2025-01-10T10:10:09



BleepingComputer

Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs

Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. [...]

Published: 2025-01-24T10:26:27



BleepingComputer

Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025

The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. [...]

Published: 2025-01-24T08:00:37



BleepingComputer

Hundreds of fake Reddit sites push Lumma Stealer malware

Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. [...]

Published: 2025-01-23T14:05:34



BleepingComputer

QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. [...]

Published: 2025-01-23T13:30:26



BleepingComputer

CISA: Hackers still exploiting older Ivanti bugs to breach networks

CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks. [...]

Published: 2025-01-23T11:51:57



BleepingComputer

SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks. [...]

Published: 2025-01-23T10:45:02



BleepingComputer

Stealthy 'Magic Packet' malware targets Juniper VPN gateways

A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a "magic packet" in the network traffic. [...]

Published: 2025-01-23T10:26:36



BleepingComputer

Tesla EV charger hacked twice on second day of Pwn2Own Tokyo

Security researchers hacked Tesla's Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. [...]

Published: 2025-01-23T10:24:11



Technology

$139 brainwave-hacking earbuds aim to deliver the best sleep you've had

For Me Buds has patented its dynamic binaural beats system that uses each earpiece to coax your brain's activity as you sleep The latest gadget that fuses biotechnology and wellness is about to hit the shelves, in form of a pair of US$139 brainwave-synching earbuds that uses your own body's data to shape your quality of sleep. Whether it's a peaceful night's sleep or helpin...

Published: 2025-01-23T13:13:00



Threat Intelligence

Your Single-Page Applications Are Vulnerable: Here's How to Fix Them

Written by: Steven Karschnia, Truman Brown, Jacob Paullus, Daniel McNamara Executive Summary Due to their client-side nature, single-page applications (SPAs) will typically have multiple access control vulnerabilities By implementing a robust a

Published: 2025-01-15T14:00:00



ProPublica

Following a Series of Government Hacks, Biden Closes Out His Administration With New Cybersecurity Order

by Renee Dudley ProPublica is a nonprofit newsroom that

Published: 2025-01-17T16:25:00



Krebs on Security

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coin...

Published: 2025-01-16T21:18:48



Krebs on Security

Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025...

Published: 2025-01-14T22:50:00



Gizmodo

Reolink Solar-Powered 4K Outdoor Security Camera Slashed to Its Lowest Price Ever

Save 31% on the Reolink 4K solar security camera with auto-tracking for a limited time.... Reolinkcamera

Published: 2025-01-24T14:45:28



The Register - Security

Don't want your Kubernetes Windows nodes hijacked? Patch this hole now

SYSTEM-level command injection via API parameter *chef's kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.

Published: 2025-01-24T15:00:08



The Register - Security

North Korean dev who renamed himself 'Bane' accused of IT worker fraud scheme

5 indicted as FBI warns North Korea dials up aggression, plus Russian devs allegedly get in on the act The US is indicting yet another five suspects it believes were involved in North Korea's long-running, fraudulent remote IT worker scheme including one who changed their last name to "Bane" and scored a gig at a tech biz in San Francisco.

Published: 2025-01-24T13:45:09



The Register - Security

China and friends claim success in push to stamp out tech support cyber-scam slave camps

Paint a target on Myanmar, pledge more info-sharing to get the job done A group established by six Asian nations to fight criminal cyber-scam slave camps that infest the region claims it's made good progress dismantling the operations.

Published: 2025-01-24T05:59:05



The Register - Security

Court rules FISA Section 702 surveillance of US resident was unconstitutional

'Public interest alone does not justify warrantless querying' says judge It was revealed this week a court in New York made a landmark ruling that sided against the warrantless state surveillance of people's private communications in America.

Published: 2025-01-24T04:31:55



The Register - Security

One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers

But we mean, you've had nearly four years to patch One of the critical security flaws exploited by China's Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years - yet despite repeated warnings from law enforcement and private-sector security firms, nearly all public-facing Microsoft Exchange Server instances with this vulnerability remain unpatched.

Published: 2025-01-23T23:30:11



The Register - Security

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

No in-the-wild exploits yet Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.

Published: 2025-01-23T21:00:08



The Register - Security

SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix

Big organizations and governments are main users of these gateways SonicWall is warning customers of a critical vulnerability that was potentially already exploited as a zero-day.

Published: 2025-01-23T16:36:20



The Register - Security

Meta's pay-or-consent model under fire from EU consumer group

Company 'strongly disagrees' with law infringement allegations Meta has again come under fire for its pay-or-consent model in the EU.

Published: 2025-01-23T15:30:07



The Register - Security

FortiGate config leaks: Victims' email addresses published online

Experts warn not to take leaks lightly as years-long compromises could remain undetected Thousands of email addresses included in the Belsen Group's dump of FortiGate configs last week are now available online, revealing which organizations may have been impacted by the 2022 zero-day exploits.

Published: 2025-01-23T14:45:06



The Register - Security

Who is DDoSing you? Rivals, probably, or cheesed-off users

Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps In addition to Chinese spies invading organizations' networks and ransomware crews locking up sensitive files, botnets blasting distributed denial of service (DDoS) attacks can still cause a world of hurt and website downtime and it's quite likely your competitors are to blame.

Published: 2025-01-23T10:19:06



The Register - Security

Biz tax rises, inflation and high interest. Why fewer UK tech firms started in 2024

And the government thinks that AI and taking shackles off big tech will help? God help Britain For the first time since the start of the pandemic, the number of tech firms incorporated in the UK has declined, with a shrinking economy, as well as high inflation and interest rates causing a slump in business confidence.

Published: 2025-01-23T09:30:08



The Register - Security

Asus lets processor security fix slip out early, AMD confirms patch in progress

Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean AMD has confirmed at least some of its microprocessors suffer a microcode-related security vulnerability, the existence of which accidentally emerged this month after a fix for the flaw appeared in a beta BIOS update from PC maker Asus.

Published: 2025-01-23T07:19:08



The Register - Security

Oracle emits 603 patches, names one it wants you to worry about soon

Old flaws that keep causing trouble haunt Big Red Oracle has delivered its regular quarterly collection of patches: 603 in total, 318 for its own products, and another 285 for Linux code it ships.

Published: 2025-01-23T01:06:44



The Register - Security

Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards

And: America 'has never been less secure,' retired rear admiral tells Congress The Trump administration gutted key cybersecurity advisory boards in its first days, as expert witnesses warned Congress of potentially destructive cyberattacks by China.

Published: 2025-01-22T21:30:10



The Register - Security

Supply chain attack hits Chrome extensions, could expose millions

Threat actor exploited phishing and OAuth abuse to inject malicious code Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already.

Published: 2025-01-22T19:45:10



The Register - Security

Give users confidence in your digital infrastructure

Why Digital Trust and crypto-agility are essential to authentication and data security Sponsored Post Research firm IDC estimates that over 53 percent of organizations are now mostly or completely digital native.

Published: 2025-01-22T17:00:09



The Register - Security

Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch

Update addresses boot failures on multi-node systems Microsoft is releasing an out-of-band patch to deal with a problem that prevented some Windows Server 2022 machines from booting.

Published: 2025-01-22T16:17:07



The Register - Security

Silk Road's Dread Pirate Roberts walks free as Trump pardons dark web kingpin

Ross Ulbricht's family are now appealing for donations to support his reintegration into society Silk Road founder Ross Ulbricht is now a free man after US President Donald Trump made good on his promise to issue a federal pardon upon taking office.

Published: 2025-01-22T15:30:11



The Register - Security

Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch

Everyone agrees defense matters. How to do it is up for debate Feature The Trump administration came to office this week without a detailed information security policy, but analysis of cabinet nominees public remarks and expert comments suggest it will make significant changes in the field.

Published: 2025-01-22T13:15:11



The Register - Security

Ransomware scum make it personal for Reg readers by impersonating tech support

That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems Two ransomware campaigns are abusing Microsoft Teams to infect organizations and steal data, and the crooks may have ties to Black Basta and FIN7, according to Sophos.

Published: 2025-01-22T09:29:14



The Register - Security

PowerSchool theft latest: Decades of Canadian student records, data from 40-plus US states feared stolen

Lawsuits pile up after database accessed by miscreants Updated Canada's largest school board has revealed that student records dating back to 1985 may have been accessed by miscreants who compromised software provider PowerSchool.

Published: 2025-01-22T01:02:31



The Register - Security

Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day

Seven days after disclosure and little action taken, data shows Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit.

Published: 2025-01-21T18:45:08



The Register - Security

HPE probes IntelBroker's bold data theft boasts

Incident response protocols engaged following claims of source code burglary Hewlett Packard Enterprise (HPE) is probing assertions made by prolific Big Tech intruder IntelBroker that they broke into the US corporation's systems and accessed source code, among other things.

Published: 2025-01-21T13:19:41



The Register - Security

Banks must keep ahead of risks and reap AI rewards

AI has transformed banking across APAC. But is this transformation secure? Partner Content The banking industry in Asia Pacific (APAC) is thriving, with strong financial performance underpinning its technological ambitions.

Published: 2025-01-21T03:00:14



The Register - Security

Hackers game out infowar against China with the US Navy

Taipei invites infosec bods to come and play on its home turf Picture this: It's 2030 and China's furious with Taiwan after the island applies to the UN to be recognized as an independent state. After deciding on a full military invasion, China attempts to first cripple its rebellious neighbor's critical infrastructure.

Published: 2025-01-20T18:54:09



The Register - Security

How to leave the submarine cable cutters all at sea go Swedish

Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian Opinion "As obsolete as warships in the Baltic" was a great pop lyric in Prefab Sprout's 1985 gem, Faron Young. Great, but ironically obsolete itself. Sweden has just deployed multiple warships in that selfsame sea to guard against the very modern menace of underwater cable cutting.

Published: 2025-01-20T13:33:09



The Register - Security

Ransomware attack forces Brit high school to shut doors

Students have work to complete at home in the meantime A UK high school will have to close for at least two days, today and tomorrow, after becoming the latest public-sector victim of ransomware criminals.

Published: 2025-01-20T12:03:01



The Register - Security

Sage Copilot grounded briefly to fix AI misbehavior

'Minor issue' with showing accounting customers 'unrelated business information' required repairs Sage Group plc has confirmed it temporarily suspended its Sage Copilot, an AI assistant for the UK-based business software maker's accounting tools, this month after it blurted customer information to other users.

Published: 2025-01-20T07:23:14



The Register - Security

Datacus extractus: Harry Potter publisher breached without resorting to magic

PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more Infosec in brief Hogwarts doesn't teach an incantation that could have saved Harry Potter publisher Scholastic from feeling the power of an online magician who made off with millions of customer records - except perhaps the wizardry of multifactor authentication.

Published: 2025-01-20T05:27:06



The Register - Security

When food delivery apps reached Indonesia, everyone put on weight

PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud's K8s go global; Amazon acquires Indian BNPL company Asia In Brief When food delivery superapps started operations in Indonesia, users started putting on weight and that's not an entirely bad thing.

Published: 2025-01-20T03:30:09



The Register - Security

Donald Trump proposes US govt acquire half of TikTok, which thanks him and restores service

The same Florida Man who wanted to ban the app in the first place US president-elect Donald Trump appears to have proposed the government he will soon lead should acquire half of made-in-China social media service TikTok's stateside operations.

Published: 2025-01-20T00:15:13



The Register - Security

OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries

The S in LLM stands for Security OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.

Published: 2025-01-19T19:03:14



The Register - Security

FCC to telcos: By law you must secure your networks from foreign spies. Get on it

Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping Decades-old legislation requiring American telcos to lock down their systems to prevent foreign snoops from intercepting communications isn't mere decoration on the pages of law books it actually means carriers need to secure their networks, the FCC has huffed.

Published: 2025-01-17T22:07:27



The Register - Security

Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Ransomware, AI, secure software, digital IDs there's something for everyone in the presidential directive Analysis Joe Biden, in the final days of his US presidency, issued another cybersecurity order that is nearly as vast in scope as it is late in the game.

Published: 2025-01-17T20:23:12



The Register - Security

Fortinet: FortiGate config leaks are genuine but misleading

Competition hots up with Ivanti over who can have the worst start to a year Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid in 2022.

Published: 2025-01-17T18:32:06



The Register - Security

Clock ticking for TikTok as US Supreme Court upholds ban

With Biden reportedly planning to skirt enforcement and kick the can to Trump, this saga might still not be over Updated The US Supreme Court has upheld a law requiring TikTok to either divest from its Chinese parent ByteDance or face a ban in the United States. The decision eliminates the final legal obstacle to the federal government forcing a shutdown of the platform for US users on January 19.

Published: 2025-01-17T17:15:07



The Register - Security

Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

Turns out tool does both file transfers and security fixes fast Don't panic. Yes, there were a bunch of CVEs, affecting potentially hundreds of thousands of users, found in rsync in early December and made public on Tuesday but a fixed version came out the same day, and was further tweaked for better compatibility the following day.

Published: 2025-01-17T15:49:09



The Register - Security

Medusa ransomware group claims attack on UK's Gateshead Council

Pastes allegedly stolen documents on leak site with 600K demand Another year and yet another UK local authority has been pwned by a ransomware crew. This time it's Gateshead Council in North East England at the hands of the Medusa group.

Published: 2025-01-17T10:30:08



The Register - Security

Microsoft eggheads say AI can never be made secure after testing Redmond's own products

If you want a picture of the future, imagine your infosec team stamping on software forever Microsoft brainiacs who probed the security of more than 100 of the software giant's own generative AI products came away with a sobering message: The models amplify existing security risks and create new ones.

Published: 2025-01-17T07:42:05



The Register - Security

Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling

Some of you have apparently already botched chatbots or allowed shadow AI to creep in Cisco and Nvidia have both recognized that as useful as today's AI may be, the technology can be equally unsafe and/or unreliable and have delivered tools in an attempt to help address those weaknesses.

Published: 2025-01-17T02:30:10



The Register - Security

GM parks claims that driver location data was given to insurers, pushing up premiums

We'll defo ask for permission next time, automaker tells FTC General Motors on Thursday said that it has reached a settlement with the FTC "to address privacy concerns about our now-discontinued Smart Driver program."

Published: 2025-01-17T00:49:27



The Register - Security

Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts

FSB cyberspies venture into a new app for espionage, Microsoft says updated Star Blizzard, a prolific phishing crew backed by the Russian Federal Security Service (FSB), conducted a new campaign aiming to compromise WhatsApp accounts and gain access to their messages and data, according to Microsoft.

Published: 2025-01-16T19:15:14



The Register - Security

Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M

That's in addition to the $4.5M fine paid to three state AGs last year Enzo Biochem has settled a consolidated class-action lawsuit relating to its 2023 ransomware incident for $7.5 million.

Published: 2025-01-16T17:32:19



The Register - Security

Raspberry Pi hands out prizes to all in the RP2350 Hacking Challenge

Power-induced glitches, lasers, and electromagnetic fields are all tools of the trade Raspberry Pi has given out prizes for extracting a secret value from the one-time-programmable (OTP) memory of the Raspberry Pi RP2350 microcontroller awarding a pile of cash to all four entrants.

Published: 2025-01-16T15:15:07



The Register - Security

Infoseccer: Private security biz let guard down, exposed 120K+ files

Assist Security's client list includes fashion icons, critical infrastructure orgs A London-based private security company allegedly left more than 120,000 files available online via an unsecured server, an infoseccer told The Register.

Published: 2025-01-16T10:36:10



The Register - Security

GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches'

Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018, according to the FTC, but the internet giant won't face any immediate consequences for its many alleged acts of omission.

Published: 2025-01-15T23:47:18



The Register - Security

DJI loosens flight restrictions, decides to trust operators to follow FAA rules

Right after one of its drones crashed into an aircraft fighting California wildfires? Great timing Drone maker DJI has decided to scale back its geofencing restrictions, meaning its software won't automatically stop operators from flying into areas flagged as no-fly zones.

Published: 2025-01-15T22:30:07



The Register - Security

China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says

We are only seeing 'the tip of the iceberg,' Easterly warns Beijing's Salt Typhoon cyberspies had been seen in US government networks before telcos discovered the same foreign intruders in their own systems, according to CISA boss Jen Easterly.

Published: 2025-01-15T20:30:11



The Register - Security

Even modest makeup can thwart facial recognition

You may not need to go full Juggalo for the sake of privacy Researchers at cyber-defense contractor PeopleTec have found that facial-recognition algorithms' focus on specific areas of the face opens the door to subtler surveillance avoidance strategies.

Published: 2025-01-15T18:45:11



The Register - Security

Windows Patch Tuesday hits snag with Citrix software, workarounds published

Microsoft starts 2025 as it hopefully doesn't mean to go on Devices that have Citrix's Session Recording software installed are having problems completing this month's Microsoft Patch Tuesday update, which includes important fixes.

Published: 2025-01-15T17:15:14



Security Latest

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories and Subaru employees still can.

Published: 2025-01-23T12:00:00



Security Latest

Under Trump, US Cyberdefense Loses Its Head

Chinese hacks, rampant ransomware, and Donald Trump’s budget cuts all threaten US security. In an exit interview with WIRED, former CISA head Jen Easterly argues for her agency’s survival.

Published: 2025-01-23T11:00:00



Security Latest

Trump Frees Silk Road Creator Ross Ulbricht After 11 Years in Prison

Donald Trump pardoned the creator of the world’s first dark-web drug market, who is now a libertarian cause c l bre in some parts of the crypto community.

Published: 2025-01-22T00:49:46



Security Latest

How to Get Around the US TikTok Ban

TikTok is now unavailable in the United States and getting around the ban isn’t as simple as using a VPN. Here’s what you need to know.

Published: 2025-01-19T05:39:26



Security Latest

US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches

Plus: New details emerge about China’s cyber espionage against the US, the FBI remotely uninstalls malware on 4,200 US devices, and victims of the PowerSchool edtech breach reveal what hackers stole.

Published: 2025-01-18T11:30:00



Security Latest

The FCC’s Jessica Rosenworcel Isn’t Leaving Without a Fight

As the US faces “the worst telecommunications hack in our nation’s history,” by China’s Salt Typhoon hackers, the outgoing FCC chair is determined to bolster network security if it’s the last thing she does.

Published: 2025-01-17T18:48:19



Security Latest

Hackers Likely Stole FBI Call Logs From AT&T That Could Compromise Informants

A breach of AT&T that exposed “nearly all” of the company’s customers may have included records related to confidential FBI sources, potentially explaining the bureau’s new embrace of end-to-end encryption.

Published: 2025-01-17T00:14:45



Security Latest

Biden's Cyber Ambassador Urges Trump Not to Cede Ground to Russia and China in Global Tech Fight

Nathaniel Fick, the ambassador for cyberspace and digital policy, has led US tech diplomacy amid a rising tide of pressure from authoritarian regimes. Will the Trump administration undo that work?

Published: 2025-01-16T11:30:00



Security Latest

GitHub’s Deepfake Porn Crackdown Still Isn’t Working

Over a dozen programs used by creators of nonconsensual explicit images have evaded detection on the developer platform, WIRED has found.

Published: 2025-01-16T11:02:58



Security Latest

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More

US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AI and takes a swipe at Microsoft’s dominance.

Published: 2025-01-16T10:30:00



Security Latest

The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says

Huione Guarantee, a gray market researchers believe is central to the online scam ecosystem, now includes a messaging app, stablecoin, and crypto exchange while facilitating $24 billion in transactions.

Published: 2025-01-14T09:00:00



Security Latest

Inside the Black Box of Predictive Travel Surveillance

Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict who’s safe and who’s a threat.

Published: 2025-01-13T10:00:00



Security Latest

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

Published: 2025-01-10T15:21:46



Security Latest

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

A hack of location data company Gravy Analytics has revealed which apps are knowingly or not being used to collect your information behind the scenes.

Published: 2025-01-09T21:05:24



Security Latest

Rumble Among 15 Targets of Texas Attorney General’s Child Privacy Probe

Texas has become a leading enforcer of internet rules. Its latest probe includes some platforms that privacy experts describe as unusual suspects.

Published: 2025-01-09T21:02:36



Security Latest

How the US TikTok Ban Would Actually Work

The fate of TikTok now rests in the hands of the US Supreme Court. If a law banning the social video app this month is upheld, it won’t disappear from your phone but it will get messy fast.

Published: 2025-01-09T19:46:27



Security Latest

The School Shootings Were Fake. The Terror Was Real

The inside story of the teenager whose “swatting” calls sent armed police racing into hundreds of schools nationwide and the private detective who tracked him down.

Published: 2025-01-09T11:00:00



The Hacker News

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,

Published: 2025-01-24T18:28:00



The Hacker News

2025 State of SaaS Backup and Recovery Report

The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this

Published: 2025-01-24T16:30:00



The Hacker News

DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions. The action targets Jin Sung-Il ( ), Pak

Published: 2025-01-24T15:23:00



The Hacker News

Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the

Published: 2025-01-24T12:50:00



The Hacker News

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be

Published: 2025-01-24T11:09:00



The Hacker News

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News. "Instead these were very well-known issues that we wouldn't expect to see

Published: 2025-01-23T20:43:00



The Hacker News

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fr es, senior threat research engineer at

Published: 2025-01-23T20:30:00



The Hacker News

New Research: The State of Web Exposure 2025

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks download the full report here. New research by web exposure management specialist Reflectiz reveals several

Published: 2025-01-23T20:26:00



The Hacker News

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.  "J-magic campaign marks the rare occasion of malware designed&

Published: 2025-01-23T20:25:00



The Hacker News

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are

Published: 2025-01-23T19:30:00



The Hacker News

How to Eliminate Identity-Based Threats

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of

Published: 2025-01-23T16:50:00



The Hacker News

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the

Published: 2025-01-23T15:54:00



The Hacker News

QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber Intelligence team told The Hacker News. "The BackConnect(s) in use were 'DarkVNC' alongside the IcedID

Published: 2025-01-23T15:13:00



The Hacker News

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This

Published: 2025-01-23T11:51:00



The Hacker News

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory

Published: 2025-01-23T11:30:00



The Hacker News

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th

Published: 2025-01-23T11:05:00



The Hacker News

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some

Published: 2025-01-22T19:23:00



The Hacker News

Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks

As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have

Published: 2025-01-22T16:01:00



The Hacker News

President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison

U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending more than 11 years behind bars. "I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full

Published: 2025-01-22T16:00:00



The Hacker News

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper a

Published: 2025-01-22T14:19:00



The Hacker News

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable

Published: 2025-01-22T12:55:00



The Hacker News

Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated

Published: 2025-01-22T11:49:00



The Hacker News

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh

Published: 2025-01-21T19:30:00



The Hacker News

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "take[s] advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week. "This

Published: 2025-01-21T18:16:00



The Hacker News

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties

A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to

Published: 2025-01-21T16:22:00



The Hacker News

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects

Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest

Published: 2025-01-21T16:00:00



The Hacker News

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing

Published: 2025-01-21T11:15:00



The Hacker News

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to

Published: 2025-01-21T10:57:00



The Hacker News

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said in a study, as part of a collaboration with KU Leuven professor

Published: 2025-01-20T20:38:00



The Hacker News

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the

Published: 2025-01-20T20:23:00



The Hacker News

THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can't be fought with

Published: 2025-01-20T17:32:00



The Hacker News

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting

Published: 2025-01-20T16:40:00



The Hacker News

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing liquidity pool

Published: 2025-01-20T11:15:00



The Hacker News

TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025

Popular video-sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January 19, 2025. "We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the company said in a pop-up message. "We're working to restore our service in the U.S. as soon as possible

Published: 2025-01-19T10:54:00



The Hacker News

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent

Published: 2025-01-18T11:36:00



The Hacker News

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker

Published: 2025-01-17T19:38:00



The Hacker News

Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation

Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis. "These attacks

Published: 2025-01-17T18:36:00



The Hacker News

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,

Published: 2025-01-17T15:51:00



The Hacker News

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting

Published: 2025-01-17T15:37:00



The Hacker News

U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions. "These

Published: 2025-01-17T15:37:00



The Hacker News

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield user data

Published: 2025-01-17T09:44:00



The Hacker News

Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign

The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard's targets are most commonly related to government or diplomacy (both incumbent and former position holders), defense policy or international relations

Published: 2025-01-16T23:42:00



The Hacker News

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It's simply not built for today's fast-paced, hybrid environments. You need a

Published: 2025-01-16T17:55:00



The Hacker News

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as

Published: 2025-01-16T17:00:00



The Hacker News

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new

Published: 2025-01-16T16:53:00



The Hacker News

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a

Published: 2025-01-16T16:50:00



The Hacker News

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf Security said in its Threat Insights Report

Published: 2025-01-16T16:45:00



The Hacker News

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named

Published: 2025-01-16T12:15:00



The Hacker News

Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern instances of absolute path traversal that allow a remote

Published: 2025-01-16T12:09:00



The Hacker News

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages," J r me Segura, senior director of

Published: 2025-01-15T21:18:00



Security Affairs

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is waring customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability is a Pre-authentication deserialization of untrusted data issue in the […]

Published: 2025-01-24T09:36:35



Security Affairs

U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds JQuery vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a JQuery persistent cross-site scripting (XSS) vulnerability, tracked as CVE-2020-11023 (CVSS score: 6.9) to its Known Exploited Vulnerabilities (KEV) catalog. In jQuery 1.0.3 to 3.4.1, using DOM methods with untrusted HTML containing […]

Published: 2025-01-23T23:06:29



Security Affairs

Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500

Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025. During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers have demonstrated 39 unique zero-days. The team SinSinology leads the Master of Pwn chart. Sina […]

Published: 2025-01-23T20:48:17



Security Affairs

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US government’s cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). A CISA and FBI published a joint advisory warning that Chinese hackers […]

Published: 2025-01-23T14:23:33



Security Affairs

Cisco addresses a critical privilege escalation bug in Meeting Management

Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances. Cisco released security updates to fix a critical flaw, tracked as CVE-2025-20156 (CVSS score of 9.9) affecting its Meeting Management. A remote, authenticated attacker can exploit the vulnerability to gain administrator privileges on affected instances. […]

Published: 2025-01-23T08:17:44



Security Affairs

U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator

Donald Trump pardoned Ross Ulbricht, creator of the notorious dark web, drug marketplace Silk Road , after 11 years in prison. Donald Trump pardoned Ross Ulbricht, creator of Silk Road, who was convicted in 2015 for narcotics and money-laundering conspiracy and sentenced to life. In October 2013, the FBI shut down the popular black market Silk […]

Published: 2025-01-23T06:17:43



Security Affairs

Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days

Trend Micro’s Zero Day Initiative (ZDI) announced that $380K was awarded on Day 1 of Pwn2Own Automotive 2025. Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded on Day 1 of Pwn2Own Automotive 2025, a hacking contest that was held in Tokyo. In total, the organizers awarded $382,750 for 16 unique working […]

Published: 2025-01-22T22:01:27



Security Affairs

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024. Threat actors used their own Microsoft 365 tenants and exploited a default Teams setting allowing […]

Published: 2025-01-22T20:48:33



Security Affairs

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

Cloudflare announced that it has blocked a record-breaking 5.6 terabit-per-second (Tbps) distributed denial-of-service (DDoS) attack. Cloudflare announced that during the week of Halloween 2024, it autonomously detected and blocked a 5.6 Terabit per second (Tbps) DDoS attack, which is the largest attack ever reported. The previous largest DDoS attack blocked by Cloudflare occurred in October […]

Published: 2025-01-22T09:33:37



Security Affairs

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411, in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature. Mark of the Web (MotW) is a security […]

Published: 2025-01-22T08:15:46








© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us