FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
☐ ☆ ✇ The Hacker News

Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks

By: The Hacker News — December 1st 2023 at 10:26
The most recent Gcore Radar report and its aftermath have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks reached 800 Gbps, but now, even a peak as high as 1.5+ Tbps is unsurprising. To try and break through Gcore’s defenses, perpetrators made two attempts with two different strategies.
☐ ☆ ✇ The Hacker News

7 Uses for Generative AI to Enhance Security Operations

By: The Hacker News — November 30th 2023 at 11:18
Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence (AI) techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to its ability to generate realistic and diverse outputs. When it comes to security operations, Generative AI can
☐ ☆ ✇ The Hacker News

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

By: Newsroom — November 29th 2023 at 05:07
The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0)
☐ ☆ ✇ The Hacker News

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

By: Newsroom — November 25th 2023 at 05:08
An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack. The web shell, a dynamic-link library (DLL) named “hrserv.dll,” exhibits “sophisticated features such as custom encoding methods for client communication and in-memory execution,” Kaspersky security
☐ ☆ ✇ The Hacker News

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

By: Newsroom — November 23rd 2023 at 12:54
Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage," IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat
☐ ☆ ✇ The Hacker News

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

By: Newsroom — November 17th 2023 at 05:57
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerabilities are as follows - CVE-2023-36584 (CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability CVE-2023-1671 (CVSS score: 9.8) -
☐ ☆ ✇ The Hacker News

Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure

By: Newsroom — November 16th 2023 at 06:06
Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023.  "22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace," Denmark's SektorCERT said [PDF]. "The
☐ ☆ ✇ The Hacker News

New Campaign Targets Middle East Governments with IronWind Malware

By: Newsroom — November 14th 2023 at 10:01
Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas
☐ ☆ ✇ The Hacker News

New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks

By: Newsroom — November 13th 2023 at 04:50
Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of BiBi-Linux Wiper, which has been put to use by a pro-Hamas hacktivist group in the wake of the Israel-Hamas war last month. "The Windows variant [...
☐ ☆ ✇ The Hacker News

Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers

By: Newsroom — November 11th 2023 at 13:33
A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "shift in the persistent actor's tactics." Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a
☐ ☆ ✇ The Hacker News

The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest

By: The Hacker News — November 10th 2023 at 09:00
There is a seemingly never-ending quest to find the right security tools that offer the right capabilities for your organization. SOC teams tend to spend about a third of their day on events that don’t pose any threat to their organization, and this has accelerated the adoption of automated solutions to take the place of (or augment) inefficient and cumbersome SIEMs. With an estimated 80% of
☐ ☆ ✇ The Hacker News

Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers

By: Newsroom — November 10th 2023 at 08:58
Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon's Stroz Friedberg Incident Response Services said in an analysis published
☐ ☆ ✇ The Hacker News

Predictive AI in Cybersecurity: Outcomes Demonstrate All AI is Not Created Equally

By: The Hacker News — November 3rd 2023 at 11:26
Here is what matters most when it comes to artificial intelligence (AI) in cybersecurity: Outcomes.  As the threat landscape evolves and generative AI is added to the toolsets available to defenders and attackers alike, evaluating the relative effectiveness of various AI-based security offerings is increasingly important — and difficult. Asking the right questions can help you spot solutions
☐ ☆ ✇ The Hacker News

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

By: Newsroom — November 2nd 2023 at 04:27
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7 disclosed in a
☐ ☆ ✇ The Hacker News

Trojanized PyCharm Software Version Delivered via Google Search Ads

By: Newsroom — October 31st 2023 at 10:55
A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. "Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python developers, and visible to people doing a Google search for it," Jérôme Segura, director of threat
☐ ☆ ✇ The Hacker News

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

By: Newsroom — October 25th 2023 at 13:20
The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known
☐ ☆ ✇ The Hacker News

Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats?

By: The Hacker News — October 13th 2023 at 11:07
Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies.  Cyble, a renowned cyber threat intelligence company recognized for its research and findings, recently released its 
☐ ☆ ✇ The Hacker News

Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack

By: Newsroom — October 12th 2023 at 10:29
Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant's threat intelligence team is tracking the operator as Storm-1567. The attack leveraged devices that were not onboarded to Microsoft
☐ ☆ ✇ The Hacker News

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

By: The Hacker News — October 2nd 2023 at 11:21
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors, including but not limited to Software, Retail, Hospitality,
☐ ☆ ✇ The Hacker News

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

By: THN — September 18th 2023 at 03:16
The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group,
☐ ☆ ✇ The Hacker News

The Interdependence between Automated Threat Intelligence Collection and Humans

By: The Hacker News — September 15th 2023 at 11:13
The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still
❌