TheHackerNews

February 21, 2024 A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including …

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites Read More »

February 21, 2024 ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities, which currently lack CVE identifiers, are listed below – Authentication bypass using an alternate path or channel (CVSS score: 10.0) …

Critical Flaws Found in ConnectWise ScreenConnect Software – Patch Now Read More »

February 21, 2024 Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against …

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative Read More »

February 21, 2024 Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details.An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While …

LockBit Ransomware’s Darknet Domains Seized in Global Law Enforcement Raid Read More »

February 20, 2024 Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of Network Detection and Response (NDR) and how it’s become the most effective technology to detect …

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM) Read More »

February 20, 2024 Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows …

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices Read More »

February 20, 2024 The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide …

Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor Read More »

February 20, 2024 Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the …

Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws Read More »

February 20, 2024 The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. “Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play’s enhanced detection and protection mechanisms,” ThreatFabric said in a report shared with The Hacker …

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries Read More »

February 19, 2024 A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was …

FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty Read More »