Cybersecurity News
May 6th, 2024 - Android devices on the latest version of the operating system were discovered to be impacted by a vulnerability that exposes DNS queries upon switching VPN servers despite the activation of the "Always-on VPN" functionality while blocking connections that do not have VPN, according to . Such a security flaw, which stems from the utilization of apps directly communicating with the getaddrinfo C function, enables DNS traffic leaks in the event of an active VPN without any DNS server or issues ... [Read More]
Source: scmagazine.com
May 6th, 2024 - TunnelVision vulnerability has existed since 2002 and may already be known to attackers. Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet ... [Read More]
Source: arstechnica.com
May 3rd, 2024 - Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of Data Members of an Iranian state hacking group have been observed posing as journalists and event organizers from The Washington Post, The Economist and other major news outlets as part of an effort to harvest credentials and hack into global cloud networks. Mandiant on Wednesday published a report on APT42, an Iranian threat actor that uses "enhanced social engineering schemes to gain access to victim networks, ... [Read More]
Source: govinfosecurity.com
May 3rd, 2024 - A new threat at a vast scale has just been revealed, and it impacts multiple Android apps with hundreds of millions of installs—here's what you need to know... Microsoft has discovered a serious new security vulnerability that impacts popular Android apps and puts billions of devices at risk. "The implications of this vulnerability pattern" its report warns, "include arbitrary code execution and token theft, depending on an application's implementation." The vulnerability relates to ... [Read More]
Source: forbes.com
May 2nd, 2024 - Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket, Alibaba Cloud and other cloud-based services. "With the stolen key material, the actor not only retrieves cloud resources associated with the targeted entity but gains a foothold into that cloud ecosystem, " Black Lotus Labs researchers noted. "To exfiltrate data, the threat actor first creates ... [Read More]
Source: helpnetsecurity.com
May 2nd, 2024 - Deserialization Vulnerability Allows for Remote Code Execution A high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who said they uncovered a deserialization flaw. CVE-2024-27322 . Kasimir Schulz, principal security researcher at HiddenLayer - which published Monday research detailing the vulnerability, told Information Security Media Group that no attacks have been reported and researchers were able to "catch up before anyone can ... [Read More]
Source: bankinfosecurity.com
May 1st, 2024 - US CISA Orders Federal Agencies to Apply January Patch The U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that the open-core company patched in January. The Cybersecurity and Infrastructure Security Agency on Wednesday added the vulnerability, tracked as , to its running list of hacker exploits. CISA gave federal agencies three weeks to ensure they've applied a patch and advised all GitLab customers to ensure they're ... [Read More]
Source: healthcareinfosecurity.com
Apr 29th, 2024 - As per recent media reports , certain government networks in Ukraine have been infected with the Offlrouter malware since 2015. The Offlrouter malware Ukraine has managed to escape detection for nearly a decade now. However, VBA macro malware has recently come under the radar of Cisco Talos. In the article, we will dive into the details of the Offlrouter malware Ukraine and what the threat implies for cybersecurity practices. Offlrouter Malware Ukraine: Initial Discovery Based on ... [Read More]
Source: securityboulevard.com
Apr 29th, 2024 - North Korean Prediliction for Elaborate Social Engineering Attacks Strikes Again Likely North Korean threat actors are using fake job interviews to trick software developers into downloading disguised Python backdoors as part of an ongoing espionage campaign. The attackers construct fake job interview scenarios designed to appear legitimate and enticing to developers seeking employment opportunities. Once a victim has been lured in, the attackers instruct them to download seemingly harmless ... [Read More]
Source: healthcareinfosecurity.com
Apr 29th, 2024 - Identity and access management service provider Okta warned of what it described as an "unprecedented" surge in credential-stuffing attacks against online services. In an April 27 advisory , Okta said the increase in credential-stuffing attacks its threat researchers observed over the past month was facilitated by the broad availability of residential proxy services, "combo lists" of previously stolen credentials, and scripting tools. In a "small percentage" of cases, the attacks it observed ... [Read More]
Source: scmagazine.com
May 6th, 2024 - Android devices on the latest version of the operating system were discovered to be impacted by a vulnerability that exposes DNS queries upon switching VPN servers despite the activation of the "Always-on VPN" functionality while blocking connections that do not have VPN, according to . Such a security flaw, which stems from the utilization of apps directly communicating with the getaddrinfo C function, enables DNS traffic leaks in the event of an active VPN without any DNS server or issues ... [Read More]
Source: scmagazine.com
May 6th, 2024 - TunnelVision vulnerability has existed since 2002 and may already be known to attackers. Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet ... [Read More]
Source: arstechnica.com
May 3rd, 2024 - Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of Data Members of an Iranian state hacking group have been observed posing as journalists and event organizers from The Washington Post, The Economist and other major news outlets as part of an effort to harvest credentials and hack into global cloud networks. Mandiant on Wednesday published a report on APT42, an Iranian threat actor that uses "enhanced social engineering schemes to gain access to victim networks, ... [Read More]
Source: govinfosecurity.com
May 3rd, 2024 - A new threat at a vast scale has just been revealed, and it impacts multiple Android apps with hundreds of millions of installs—here's what you need to know... Microsoft has discovered a serious new security vulnerability that impacts popular Android apps and puts billions of devices at risk. "The implications of this vulnerability pattern" its report warns, "include arbitrary code execution and token theft, depending on an application's implementation." The vulnerability relates to ... [Read More]
Source: forbes.com
May 2nd, 2024 - Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket, Alibaba Cloud and other cloud-based services. "With the stolen key material, the actor not only retrieves cloud resources associated with the targeted entity but gains a foothold into that cloud ecosystem, " Black Lotus Labs researchers noted. "To exfiltrate data, the threat actor first creates ... [Read More]
Source: helpnetsecurity.com
May 2nd, 2024 - Deserialization Vulnerability Allows for Remote Code Execution A high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who said they uncovered a deserialization flaw. CVE-2024-27322 . Kasimir Schulz, principal security researcher at HiddenLayer - which published Monday research detailing the vulnerability, told Information Security Media Group that no attacks have been reported and researchers were able to "catch up before anyone can ... [Read More]
Source: bankinfosecurity.com
May 1st, 2024 - US CISA Orders Federal Agencies to Apply January Patch The U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that the open-core company patched in January. The Cybersecurity and Infrastructure Security Agency on Wednesday added the vulnerability, tracked as , to its running list of hacker exploits. CISA gave federal agencies three weeks to ensure they've applied a patch and advised all GitLab customers to ensure they're ... [Read More]
Source: healthcareinfosecurity.com
Apr 29th, 2024 - As per recent media reports , certain government networks in Ukraine have been infected with the Offlrouter malware since 2015. The Offlrouter malware Ukraine has managed to escape detection for nearly a decade now. However, VBA macro malware has recently come under the radar of Cisco Talos. In the article, we will dive into the details of the Offlrouter malware Ukraine and what the threat implies for cybersecurity practices. Offlrouter Malware Ukraine: Initial Discovery Based on ... [Read More]
Source: securityboulevard.com
Apr 29th, 2024 - North Korean Prediliction for Elaborate Social Engineering Attacks Strikes Again Likely North Korean threat actors are using fake job interviews to trick software developers into downloading disguised Python backdoors as part of an ongoing espionage campaign. The attackers construct fake job interview scenarios designed to appear legitimate and enticing to developers seeking employment opportunities. Once a victim has been lured in, the attackers instruct them to download seemingly harmless ... [Read More]
Source: healthcareinfosecurity.com
Apr 29th, 2024 - Identity and access management service provider Okta warned of what it described as an "unprecedented" surge in credential-stuffing attacks against online services. In an April 27 advisory , Okta said the increase in credential-stuffing attacks its threat researchers observed over the past month was facilitated by the broad availability of residential proxy services, "combo lists" of previously stolen credentials, and scripting tools. In a "small percentage" of cases, the attacks it observed ... [Read More]
Source: scmagazine.com
You May Also Like…
Understanding the Change Healthcare Breach
The Change Healthcare breach represents a pivotal moment in healthcare cybersecurity, with its extensive effects felt across hospitals and health systems nationwide. Orchestrated by the...
Proposed $1.4B to Help Hospitals Improve Their Cybersecurity
Biden’s 2025 Proposed $7.3 trillion Budget: $1.4B to Help Hospitals Improve Their Cybersecurity President Biden recently unveiled the draft 2025 budget, which allocates $1.3B in funding for...
50 Companies that will be Hacked in 2024
Introduction ProcessBolt ThreatScape is an attack surface monitoring tool that uses publicly available information to analyze the strength of an organization’s information security program....