China’s National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory… Read More "China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns"
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
Oct 15, 2024Ravie LakshmananThreat Detection / Malware Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the… Read More "Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates"
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one… Read More "WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites"
THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7
Oct 14, 2024Ravie LakshmananRecap / Cybersecurity Hey there, it’s your weekly dose of “what the heck is going on in cybersecurity land” – and trust me, you NEED to be in the loop this time. We’ve got everything from zero-day… Read More "THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7"
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. “Attackers can leverage these entry points to execute malicious… Read More "Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems"
5 Steps to Boost Detection and Response in a Multi-Layered Cloud
Oct 14, 2024The Hacker NewsCloud Security / Vulnerability The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on “shift-left” practices—securing code, ensuring… Read More "5 Steps to Boost Detection and Response in a Multi-Layered Cloud"
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
Oct 14, 2024Ravie LakshmananNetwork Security / Vulnerability A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That’s according to findings from Fortinet FortiGuard… Read More "Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration"
Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware
Oct 14, 2024Ravie LakshmananRansomware / Vulnerability Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks… Read More "Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware"
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
Oct 13, 2024Ravie Lakshmanan The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The… Read More "OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf"
FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation
Oct 12, 2024Ravie LakshmananCryptocurrency / Cybercrime The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement… Read More "FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation"