Jun 07, 2024The Hacker NewsCyber Hygiene / Webinar 2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of these attacks could have been … [Read more...] about Learn How to Simplify Your Security Efforts
software vulnerability
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Jun 06, 2024NewsroomBotnet / DDoS Attack The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. "Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize … [Read more...] about Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Chinese State-Backed Cyber Espionage Targets Southeast Asian Government
Jun 05, 2024NewsroomCyber Espionage / Threat Intelligence An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese … [Read more...] about Chinese State-Backed Cyber Espionage Targets Southeast Asian Government
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
Jun 04, 2024NewsroomCyber Attack / Malware Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called … [Read more...] about Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
Jun 03, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for gulp and gulp plugins." It … [Read more...] about Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Jun 01, 2024NewsroomAI-as-a-Service / Data Breach Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for users to create, host, and … [Read more...] about AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
May 31, 2024NewsroomNetwork Security / Cyber Attack More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023, and impacted a single … [Read more...] about Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat … [Read more...] about Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine
May 30, 2024NewsroomCyber Attack / Malware Cloudflare on Thursday said it took steps to disrupt a month-long phishing campaign orchestrated by a Russia-aligned threat actor called FlyingYeti targeting Ukraine. "The FlyingYeti campaign capitalized on anxiety over the potential loss of access to housing and utilities by enticing targets to open malicious files via debt-themed … [Read more...] about FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine
Check Point Warns of Zero-Day Attacks on its VPN Gateway Products
May 29, 2024NewsroomEnterprise Security / Vulnerability Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. "The vulnerability … [Read more...] about Check Point Warns of Zero-Day Attacks on its VPN Gateway Products