19Articles
6Categories
2024-04-06Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
6 AprHackers Exploit Magento Bug to Steal Payment Data from E-commerce WebsitesThreat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elemen…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
6 AprRansomware Attack Via Unpatched Vulnerabilities Are Brutal: New SurveyAdversaries use stolen credentials or exploit software vulnerabilities to gain access for ransomware attacks, which impacts the initial infection method. The study surveyed IT professionals in small and mid-sized businesses hit by ransomware within the last year.  They found…GBHACKERS.COM
6 AprPrice of zero-day exploits rises as companies harden products against hackersTools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like WhatsApp and iMessage, are now worth millions of dollars — and their price has multiplied in the last few years as these products…TECHCRUNCH.COM
6 AprOver 92,000 exposed D-Link NAS devices have a backdoor accountA threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 4[−]
6 Apr57,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breachsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.hackread.com/57000-kaspersky-fan-club-forum-data-breach/HACKREAD.COM
6 AprNew Latrodectus Malware Replaces IcedID in Network BreachesWhile similar to IcedID, Proofpoint researchers confirmed it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations.BLEEPINGCOMPUTER.COM
6 AprNew Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of ShameCybersecurity researchers at Netenrich have uncovered a new ransomware group called Red Ransomware Group (Red CryptoApp). This group operates differently from typical ransomware outfits, adding a twist to their extortion tactics.HACKREAD.COM
6 AprPhishing Attacks Targeting Political Parties, Germany Warns"An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include phishing attacks to publish stolen data or documents," a BSI spokesperson told Information Security Media Group.HEALTHCAREINFOSECURITY.COM
🕵️ THREAT INTELLIGENCE 9[−]
6 AprVisa Warns of New JSOutProx Malware Variant Targeting Financial OrganizationsFirst encountered in December 2019, JsOutProx is a RAT and highly obfuscated JavaScript backdoor that allows its operators to run shell commands, download additional payloads, execute files, capture screenshots, establish persistence, and more.BLEEPINGCOMPUTER.COM
6 AprCritical Bugs Put Hugging Face AI Platform in a 'Pickle'submitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/critical-bugs-hugging-face-ai-platform-pickleDARKREADING.COM
6 AprVietnamese Threat Actor Targeting Financial Data Across AsiaVietnamese financially motivated hackers are targeting businesses across Asia in a campaign to harvest corporate credentials and financial data for resale in online criminal markets.GOVINFOSECURITY.COM
6 AprGalactical Bug Hunting: How we discovered new issues in CD Projekt Red’s Gaming Platformsubmitted by testeronious to security 1 points | 0 comments https://www.anvilsecure.com/blog/galactical-bug-hunting-how-we-discovered-new-issues-in-cd-projekt-reds-gaming-platform.htmlANVILSECURE.COM
6 AprHouse to Take up Bill to Reauthorize Crucial US Spy Program as Expiration Date LoomsSection 702 of the Foreign Intelligence Surveillance Act expires on April 19. The post House to Take up Bill to Reauthorize Crucial US Spy Program as Expiration Date Looms appeared first on SecurityWeek .SECURITYWEEK.COM
6 AprBrowsing in Incognito Mode Doesn’t Protect You as Much as You Might ThinkIncognito modes generally do not prevent the websites you visit from seeing your location, via your IP address, or stop your internet service provider from logging your activities. The post Browsing in Incognito Mode Doesn’t Protect You as Much as You Might Think appeared first o…SECURITYWEEK.COM
6 AprSmall business cyber security guide: What you should prioritize & where you should spend your budget - Click Armorsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://clickarmor.ca/2024/04/small-business-cyber-security-guide-what-you-should-prioritize-where-you-should-spend-your-budget/CLICKARMOR.CA
6 AprSalt Extends Capabilities of Powerful AI Algorithmssubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://salt.security/blog/salt-unveils-enhancements-to-ai-algorithms-for-api-securitySALT.SECURITY
6 AprCisco warns of XSS flaw in end-of-life small business routerssubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://securityaffairs.com/161540/security/cisco-eof-routers-xss.htmlSECURITYAFFAIRS.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
6 AprUS Health Dept warns hospitals of hackers targeting IT help desksThe U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 1[−]
6 AprNew HTTP/2 DoS Attack can Crash Web Servers with a Single TCP ConnectionNewly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.BLEEPINGCOMPUTER.COM