Tag: network security
Oct 02, 2024The Hacker NewsEmail Security / Vulnerability Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor’s Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in its postjournal service that…
Read More
The tech giant is reshuffling employees from its large headquarter campus in San Jose and employees at Splunk’s headquarters in San Francisco. Cisco is also cutting 842 jobs in the Bay Area. Tech behemoth Cisco Systems has plans to shutter several of its offices in San Jose as well as Splunk’s San Francisco headquarters six…
Read More
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what’s called “Seed Phrase Image Recognition.” “This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing…
Read More
Oct 01, 2024The Hacker NewsGenerative AI / Data Protection Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity…
Read More
More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it’s being used by a large number of cybercriminals to conduct credential theft. “For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages,” Palo Alto Networks…
Read More
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to “use Docker Swarm’s orchestration features for command-and-control (C2) purposes,” Datadog researchers Matt Muir and Andy Giron said in an…
Read More
Oct 01, 2024Ravie LakshmananCorporate Security / Financial Fraud The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges…
Read More
Verizon users on Monday woke up to a nationwide outage that the telecom giant said is currently being dealt with. Telecom giant Verizon started the week with a sweeping outage as hundreds of thousands of users reported issues ranging from impacted mobile phones to total service blackouts. Reports of issues started to flood in on…
Read More
Sep 30, 2024Ravie LakshmananCybersecurity / Weekly Recap Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could’ve opened the door to remote attacks. Google’s switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But…
Read More
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new…
Read More