Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsMicrosoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly...
Zugriffe: 37

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. "The PDFs...
Zugriffe: 26

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
securitymagazine.comThe Federal Trade Commission (FTC) has banned Texas company InMarket Media from selling precise location data for advertising purposes....
Zugriffe: 28

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsPirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. "These applications are being hosted on Chinese pirating websites in order to gain victims," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. "Once detonated, the malware will download and execute multiple payloads...
Zugriffe: 29

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsIn the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today's interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails are stored and managed.  In...
Zugriffe: 33

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsA malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named "oscompatible," was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included a "few strange binaries," according to software supply chain security firm Phylum, including a single...
Zugriffe: 35

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass...
Zugriffe: 26

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsVulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said, adding the development is a sign that adversaries are...
Zugriffe: 25

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
securitymagazine.comAccording to a recent data privacy report, 43% say their privacy budget is underfunded and 51% of respondents expect a decrease in budget....
Zugriffe: 29

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are...
Zugriffe: 16

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
securitymagazine.comThe Utah State Board of Education has announced additional security measures for public K-12 schools, including gun detection software statewide....
Zugriffe: 19

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsContinuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising TensorFlow's build agents via...
Zugriffe: 13

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsIn today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an...
Zugriffe: 13

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsMultiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to...
Zugriffe: 16

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsHigh-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mint Sandstorm since November 2023. The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the...
Zugriffe: 13

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for...
Zugriffe: 16

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsWing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI...
Zugriffe: 17

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks." A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the malware...
Zugriffe: 18

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsIn the digital age, the battleground for security professionals is not only evolving, it's expanding at an alarming rate. The upcoming webinar, "The Art of Privilege Escalation - How Hackers Become Admins," offers an unmissable opportunity for IT security experts to stay ahead in this relentless cyber war. Privilege escalation - the term might sound benign, but in the hands of a skilled hacker,...
Zugriffe: 17

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
securitymagazine.comIn this edition of Security’s Year in Review from Security magazine, we showcase the top stories and new developments from across the security industry throughout 2023. ...
Zugriffe: 18

Weiter