Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user … [Read more...] about New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
network security
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04
Nov 11, 2024Ravie LakshmananCybersecurity / Hacking News ⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car's tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn't fiction; it's the new cyber reality. Today's attackers have … [Read more...] about THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Nov 09, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. "Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management … [Read more...] about Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
Nov 09, 2024Ravie LakshmananCryptocurrency / Cybercrime The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed … [Read more...] about Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
Learn How Storytelling Can Make Cybersecurity Training Fun and Effective
Nov 08, 2024The Hacker NewsCybersecurity Awareness / Webinar Let's face it—traditional security training can feel as thrilling as reading the fine print on a software update. It's routine, predictable, and, let's be honest, often forgotten the moment it's over. Now, imagine cybersecurity training that's as unforgettable as your favorite show. Remember how "Hamilton" made … [Read more...] about Learn How Storytelling Can Make Cybersecurity Training Fun and Effective
North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS
A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware … [Read more...] about North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS
VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware
Nov 06, 2024Ravie LakshmananSaaS Security / Threat Detection An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker … [Read more...] about VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer … [Read more...] about FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Nov 04, 2024Ravie LakshmananVulnerability / Cyber Threat Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out … [Read more...] about Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Learn Key Identity Security Tactics in This Expert Webinar
Nov 02, 2024The Hacker NewsSaaS Security / Identity Security Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It's a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to … [Read more...] about Learn Key Identity Security Tactics in This Expert Webinar