TheHackerNews

February 3, 2024 Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place between November 14 and 24, 2023, …

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs Read More »

February 3, 2024 An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the “growth, escalation and professionalization of transnational cybercrime.” Involving 60 law Article posted …

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs Read More »

February 3, 2024 Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics. This initiative, coupled with an overhaul of Cloudzy’s cybersecurity strategies, represents a major Article posted …

Cloudzy Elevates Cybersecurity: Integrating Insights from Recorded Future to Revolutionize Cloud Security Read More »

February 2, 2024 The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. “The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible,” web infrastructure and security Article …

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network Read More »

February 2, 2024 Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. “The campaign deploys a benign container generated using the Commando project,” Cado security researchers Nate Bill and Matt Muir said in a new report published today. “The attacker escapes this container and runs multiple payloads on the Article posted by: …

Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign Read More »

February 2, 2024 Cybersecurity researchers have detailed an updated version of the malware HeadCrab that’s known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and …

HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining Read More »

February 2, 2024 The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet, was first disclosed by the …

U.S. Feds Shut Down China-Linked “KV-Botnet” Targeting SOHO Routers Read More »

February 2, 2024 How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how do you know it’s working? And even if you are measuring, faulty reporting …

Why the Right Metrics Matter When it Comes to Vulnerability Management Read More »

February 2, 2024 Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE. “CHAINLINE is a Python web …

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities Read More »

February 2, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. “An attacker with Article posted by: https://thehackernews.com/2024/02/cisa-warns-of-active-exploitation-of.html …

CISA Warns of Active Exploitation of Flaw in Apple iOS and macOS Read More »