Cybersecurity News
Jul 25th, 2024 - A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely, without any user interaction, and even the attack complexity is low. "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing ... [Read More]
Source: helpnetsecurity.com
Jul 25th, 2024 - Widely played Telegram -based mobile game Hamster Kombat has been exploited by threat actors to facilitate various malware attacks, reports The Record , a news site by cybersecurity firm Recorded Future. Most pressing of the threats exploiting Hamster Kombat involved the utilization of a spoofed version of the game to deploy the Ratel payload that enabled stealthy exfiltration of notifications and bank account proceeds among Android users, according to a report from ESET. Windows ... [Read More]
Source: scmagazine.com
Jul 24th, 2024 - Researchers from security operations company Ontinue AG today are warning of a new PlugX Remote Access Trojan campaign that is targeting Steam users. PlugX is a RAT malware family that has been around since 2008 and is used as a backdoor to control a victim's machine. Once an infection takes place, a hacker can remotely execute several types of comments on the affected system. Though initially delivered through phishing emails and deceptive files, a new variant that first emerged in ... [Read More]
Source: siliconangle.com
Jul 24th, 2024 - Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware. In most cases, the malware are infostealers, such as RedLine, Lumma Stealer, Rhadamanthys, RisePro, and ... [Read More]
Source: bleepingcomputer.com
Jul 24th, 2024 - Cybercriminals are stepping up efforts to bypass a critical component in Microsoft Defender in order to covertly install malware. The team at Fortinet said it spotted multiple in-the-wild attacks on CVE-2024-21412. The vulnerability, classified as a security bypass error, allows an attacker to utilize embedded URLs in .lnk files without triggering the SmartScreen component. Though Microsoft patched the vulnerability in February, enough Windows systems remain unpatched as to make targeting the ... [Read More]
Source: scmagazine.com
Jul 24th, 2024 - Organizations have been warned by CrowdStrike about the proliferation of a phony recovery manual for Windows devices impacted by the massive global IT outage resulting from a faulty update of its Falcon platform that has been used to spread the novel Daolpu information-stealing malware BleepingComputer reports. Attackers leveraged phishing emails with a malicious Word attachment having the same text as Microsoft's support bulletin regarding its Recovery Tool for outage-hit devices ... [Read More]
Source: msspalert.com
Jul 24th, 2024 - Exim is a widely used, open-source mail transfer agent (MTA) for Unix and Unix-like operating systems. A critical vulnerability has been discovered in Exim that could allow attackers to bypass security filters and deliver executable attachments directly to user inboxes. Successful exploitation could lead to compromised systems, data breaches , and a range of other security threats if users open these attachments. Understanding the Exim Vulnerability (CVE-2024-39929) The ... [Read More]
Source: securityboulevard.com
Jul 23rd, 2024 - Hackread Telegram for Android users have been urged to immediately update the instant messaging app following the exploitation of the zero-day flaw dubbed "EvilVideo," which enabled the concealment and distribution of malware in the form of video files. Attackers behind the exploit may have leveraged Telegram API to create a payload masquerading as a 30-second video, which when clicked triggers a message suggesting the use of another player that includes an "Open" button that facilitates ... [Read More]
Source: msspalert.com
Jul 22nd, 2024 - Researchers at ESET s.r.o. today shared details of a now-patched vulnerability that was being used to target Telegram for Android users via malicious videos. The exploit, dubbed "EvilVideo," could have allowed attackers to share malicious Android payloads via Telegram channels, groups and chats, with the malicious files presenting as multimedia, particularly video files, to users. The researchers first discovered an example of the exploit for sale at an unspecified price in an unnamed ... [Read More]
Source: siliconangle.com
Jul 18th, 2024 - An unpatched vulnerability in the way Windows handles installer files could put systems at risk of attack. Researcher Adrian Denkiewicz reported how the installation process in Windows 11 could be gamed to allow an attacker to elevate privileges and possibly take over a vulnerable system. The problem, said Denkiewicz, stems from the way Windows handles permissions for installer (.msi) files. Without appropriate checks, installers are able to execute actions that would otherwise be forbidden ... [Read More]
Source: scmagazine.com
Jul 25th, 2024 - A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely, without any user interaction, and even the attack complexity is low. "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing ... [Read More]
Source: helpnetsecurity.com
Jul 25th, 2024 - Widely played Telegram -based mobile game Hamster Kombat has been exploited by threat actors to facilitate various malware attacks, reports The Record , a news site by cybersecurity firm Recorded Future. Most pressing of the threats exploiting Hamster Kombat involved the utilization of a spoofed version of the game to deploy the Ratel payload that enabled stealthy exfiltration of notifications and bank account proceeds among Android users, according to a report from ESET. Windows ... [Read More]
Source: scmagazine.com
Jul 24th, 2024 - Researchers from security operations company Ontinue AG today are warning of a new PlugX Remote Access Trojan campaign that is targeting Steam users. PlugX is a RAT malware family that has been around since 2008 and is used as a backdoor to control a victim's machine. Once an infection takes place, a hacker can remotely execute several types of comments on the affected system. Though initially delivered through phishing emails and deceptive files, a new variant that first emerged in ... [Read More]
Source: siliconangle.com
Jul 24th, 2024 - Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware. In most cases, the malware are infostealers, such as RedLine, Lumma Stealer, Rhadamanthys, RisePro, and ... [Read More]
Source: bleepingcomputer.com
Jul 24th, 2024 - Cybercriminals are stepping up efforts to bypass a critical component in Microsoft Defender in order to covertly install malware. The team at Fortinet said it spotted multiple in-the-wild attacks on CVE-2024-21412. The vulnerability, classified as a security bypass error, allows an attacker to utilize embedded URLs in .lnk files without triggering the SmartScreen component. Though Microsoft patched the vulnerability in February, enough Windows systems remain unpatched as to make targeting the ... [Read More]
Source: scmagazine.com
Jul 24th, 2024 - Organizations have been warned by CrowdStrike about the proliferation of a phony recovery manual for Windows devices impacted by the massive global IT outage resulting from a faulty update of its Falcon platform that has been used to spread the novel Daolpu information-stealing malware BleepingComputer reports. Attackers leveraged phishing emails with a malicious Word attachment having the same text as Microsoft's support bulletin regarding its Recovery Tool for outage-hit devices ... [Read More]
Source: msspalert.com
Jul 24th, 2024 - Exim is a widely used, open-source mail transfer agent (MTA) for Unix and Unix-like operating systems. A critical vulnerability has been discovered in Exim that could allow attackers to bypass security filters and deliver executable attachments directly to user inboxes. Successful exploitation could lead to compromised systems, data breaches , and a range of other security threats if users open these attachments. Understanding the Exim Vulnerability (CVE-2024-39929) The ... [Read More]
Source: securityboulevard.com
Jul 23rd, 2024 - Hackread Telegram for Android users have been urged to immediately update the instant messaging app following the exploitation of the zero-day flaw dubbed "EvilVideo," which enabled the concealment and distribution of malware in the form of video files. Attackers behind the exploit may have leveraged Telegram API to create a payload masquerading as a 30-second video, which when clicked triggers a message suggesting the use of another player that includes an "Open" button that facilitates ... [Read More]
Source: msspalert.com
Jul 22nd, 2024 - Researchers at ESET s.r.o. today shared details of a now-patched vulnerability that was being used to target Telegram for Android users via malicious videos. The exploit, dubbed "EvilVideo," could have allowed attackers to share malicious Android payloads via Telegram channels, groups and chats, with the malicious files presenting as multimedia, particularly video files, to users. The researchers first discovered an example of the exploit for sale at an unspecified price in an unnamed ... [Read More]
Source: siliconangle.com
Jul 18th, 2024 - An unpatched vulnerability in the way Windows handles installer files could put systems at risk of attack. Researcher Adrian Denkiewicz reported how the installation process in Windows 11 could be gamed to allow an attacker to elevate privileges and possibly take over a vulnerable system. The problem, said Denkiewicz, stems from the way Windows handles permissions for installer (.msi) files. Without appropriate checks, installers are able to execute actions that would otherwise be forbidden ... [Read More]
Source: scmagazine.com
You May Also Like…
BofA and AMEX Breaches Reinforce the Importance of Attack Surface Monitoring in Vendor Risk Management
The recent third-party breaches involving Bank of America and American Express highlight a disturbing trend: even the most sophisticated and regulated companies in the financial services sector are...
Derrick Lowe, Chief Security Officer of Orlando Health, Joins ProcessBolt’s Board of Directors
ProcessBolt is pleased to announce that Derrick Lowe, CSO of Orlando Health and one of Becker Hospital Review’s 60 “CISOs to Know” for 2023, is joining ProcessBolt’s board of directors.
Understanding the Change Healthcare Breach
The Change Healthcare breach represents a pivotal moment in healthcare cybersecurity, with its extensive effects felt across hospitals and health systems nationwide. Orchestrated by the...