May 25, 2024NewsroomMachine Learning / Data Breach Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed unauthorized access to the AI … [Read more...] about Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data
hacking news
Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
May 24, 2024NewsroomEndpoint Security / Threat Intelligence The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within … [Read more...] about Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
These Fake Antivirus Sites Spreading Android and Windows Malware
May 24, 2024NewsroomMalvertising / Endpoint Security Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory … [Read more...] about These Fake Antivirus Sites Spreading Android and Windows Malware
Chinese Espionage Group Targets Africa & Caribbean Govts
The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. "The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom … [Read more...] about Chinese Espionage Group Targets Africa & Caribbean Govts
Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries
Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News. "The investigation revealed a … [Read more...] about Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries
Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. "On … [Read more...] about Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
May 20, 2024NewsroomCyber Attack / Threat Intelligence An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the moniker Void … [Read more...] about Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam
The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign nationals have been "charged … [Read more...] about Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
May 17, 2024NewsroomCryptojacking / Malware The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively … [Read more...] about Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
80% of Exposures from Misconfigurations, Less Than 1% from CVEs
A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber platform … [Read more...] about 80% of Exposures from Misconfigurations, Less Than 1% from CVEs