Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. […]
New Linux malware Hadooken targets Oracle WebLogic servers
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named “Hadooken, which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. […]
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Kawasaki Motors Europe has announced that it’s recovering from a cyberattack that disrupted service disruptions as the RansomHub ransomware gang threatens to leak stolen data. […]
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard.
The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
“A novel attack that can infer eye-related biometrics from the avatar image to
The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
“A novel attack that can infer eye-related biometrics from the avatar image to
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL).
“The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the U.K. National Crime Agency (NCA) said.
The teenager, who’s from Walsall, is said to have been
“The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the U.K. National Crime Agency (NCA) said.
The teenager, who’s from Walsall, is said to have been
In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit
Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.
The post In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit appeared first on SecurityWeek.
Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks
Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.
The post Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks appeared first on SecurityWeek.
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims’ banking credentials.
“The mechanisms include using malformed ZIP files in combination with JSONPacker,” Cleafy security researchers Michele Roviello and Alessandro Strino said. “In addition,
“The mechanisms include using malformed ZIP files in combination with JSONPacker,” Cleafy security researchers Michele Roviello and Alessandro Strino said. “In addition,
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.
However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to
However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to
New ‘Hadooken’ Linux Malware Targets WebLogic Servers
The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.
The post New ‘Hadooken’ Linux Malware Targets WebLogic Servers appeared first on SecurityWeek.