Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
securitymagazine.comEmerging technologies, new attack vectors and even geopolitical crises shape the day-to-day evolution of the chief information security officer’s job....
Zugriffe: 21

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
securitymagazine.comAttacks related to Domain Name System (DNS) infrastructure have been on the rise and most organizations aren’t prepared for the onslaught. ...
Zugriffe: 23

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsMeta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated...
Zugriffe: 26

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsIn the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario. It's...
Zugriffe: 29

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsCisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF...
Zugriffe: 28

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThreat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed "large company" to connect to their infrastructure. While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage, the development marks the first QEMU that has been...
Zugriffe: 25

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete...
Zugriffe: 24

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThreat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a&...
Zugriffe: 27

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end goal of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor. The findings come from ESET,...
Zugriffe: 21

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsIn today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.  Not...
Zugriffe: 34

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential...
Zugriffe: 27

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsFacebook messages are being used by threat actors to distribute a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report. Details about the...
Zugriffe: 27

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThreat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows...
Zugriffe: 24

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThreat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and...
Zugriffe: 23

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There...
Zugriffe: 27

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsAn in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks.  Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, and compliance issues. You Can’t Protect What You Can’t See Today’s websites are connected...
Zugriffe: 24

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsEvery Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it’s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint...
Zugriffe: 23

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy experts in the country. “The proliferation of commercial spyware poses distinct and growing...
Zugriffe: 26

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsVMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB controller. They carry a CVSS score of 9.3 for Workstation and Fusion, and 8.4 for ESXi systems. "A...
Zugriffe: 28

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News. “GhostLocker and...
Zugriffe: 26

Weiter