Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gi...
Read More

Research Discovered 116 Malicious PyPI Packages Downloaded Over 10,000 Times

A cluster of malicious Python projects has been identified in PyPI, the official Python PyPI package repository, which targets both Windows ...
Read More

New Hacker Group Uses SQL Injection to Hack Companies in APAC Region

A new threat actor has been discovered to be using SQL injection attacks to gain unauthorized access to organizations in the APAC region. Th...
Read More

Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1%...
Read More

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as ...
Read More

Reimagining Network Pentesting With Automation

Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders...
Read More

New Dark Web Market OLVX Advertising Variety of Hacking Tools 

Threat actors exploit underground markets by purchasing or selling stolen data, malware, and hacking tools to facilitate cybercrime.  These ...
Read More

Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks

Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widesprea...
Read More

Microsoft Seized Storm-1152 Websites Used to Sell Microsoft Products & Accounts

Hackers sell fake Microsoft products and accounts because it allows them to profit from illicit activities, taking advantage of unsuspecting...
Read More

Beware of Malicious 7ZIP on the Microsoft App Store that Delivers Malware

Hackers target 7ZIP due to its widespread use and popularity, making it a lucrative vector for spreading malware.  Exploiting vulnerabilitie...
Read More

How to Analyze Malware’s Network Traffic in A Sandbox

Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it...
Read More

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency...
Read More

Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator

Ukraine's biggest telecom operator Kyivstar has become the victim of a cyber attack, disrupting customer access to mobile and internet s...
Read More

Unveiling the Cyber Threats to Healthcare: Beyond the Myths

Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EH...
Read More

Lazarus Group’s Operation Blacksmith Attacking Organizations Worldwide

The Lazarus Group is a notorious North Korean state-sponsored hacking organization known for:- They have been implicated in high-profile inc...
Read More

New Editbot Stealer in Action; Stealing Browser Passwords & Cookies

A new malicious campaign, Editbot Stealer, was discovered in which threat actors use WinRAR archive files with minimal detection to perform ...
Read More

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, ...
Read More

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could...
Read More

Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the oppo...
Read More

SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users

Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded...
Read More

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windo...
Read More

Researchers Exploited GOG Galaxy XPC for Privilege Escalation in macOS

A critical privilege escalation vulnerability has been discovered to affect macOS devices, particularly the GOG Galaxy software-installed ma...
Read More

Two Russian Nationals Charged for Hacking Government Accounts

Two Russian citizens have been charged for being involved in a campaign on behalf of the Russian government to breach computer networks in t...
Read More

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with...
Read More

5 Best Ways a Malware Sandbox Can Help Your Company – Threat Analysis Guide 2024

Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked. On a closer look, they offer a...
Read More

Lazarus Group Attacking Crypto Users Via Telegram to Deploy Malware

In a calculated escalation of cyber warfare, the Lazarus Group, a notorious North Korea hacking unit, has pivoted its focus to cryptocurrenc...
Read More

Building a Robust Threat Intelligence with Wazuh

Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthe...
Read More

Governments May Spy on You by Requesting Push Notifications from Apple and Google

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according t...
Read More

New Report: Unveiling the Threat of Malicious Browser Extensions

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the...
Read More

Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks

A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like ...
Read More

Scaling Security Operations with Automation

In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. Howev...
Read More

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerabi...
Read More

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote...
Read More

New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace

A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what...
Read More

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook ema...
Read More

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resultin...
Read More

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn’t h...
Read More

Information Security Magazine

Latest Cyber Hacking News