❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayThe Hacker News

Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers

By: Newsroom
26 March 2024 at 16:54
Threat hunters have identified a suspicious package in theΒ NuGet package managerΒ that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question isΒ SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has beenΒ downloadedΒ 

Yesterday β€” 27 March 2024The Hacker News

Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries

By: Newsroom
27 March 2024 at 04:20
Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known asΒ Mustang Panda, which has been recently linked toΒ cyber attacks against MyanmarΒ as well as

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

By: Newsroom
27 March 2024 at 07:56
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger calledΒ Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

By: Newsroom
27 March 2024 at 10:39
Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi

SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals

27 March 2024 at 10:56
As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new report: "Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise" (

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

By: Newsroom
27 March 2024 at 12:54
A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' systems and carry out malicious actions.Β  "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user's knowledge," Guardio

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

By: Newsroom
27 March 2024 at 13:15
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) hasΒ addedΒ a security flaw impacting Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with Site

Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite

By: Newsroom
27 March 2024 at 15:24
Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter

Today β€” 28 March 2024The Hacker News

Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs

By: Newsroom
28 March 2024 at 08:07
In June 2017, aΒ studyΒ of more than 3,000 Massachusetts Institute of Technology (MIT) studentsΒ publishedΒ by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends' email addresses in exchange for free pizza. "Whereas people say they care about privacy, they are willing to relinquish private data quite easily when

New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs

By: Newsroom
28 March 2024 at 14:20
Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR). "This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack

Behind the Scenes: The Art of Safeguarding Non-Human Identities

28 March 2024 at 11:00
In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are not just trends but the new norm. Amidst this backdrop, a critical aspect subtly weaves into the

New Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5

28 March 2024 at 12:43
Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain

❌
❌