VulnCheck warns of widespread exploitation of a year-and-a-half-old ProjectSend vulnerability for which multiple public exploits exist.
The post ProjectSend Vulnerability Exploited in the Wild appeared first on SecurityWeek.
APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.
That’s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024.
“In this attack,
That’s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024.
“In this attack,
Bipartisan Legislation Seeks Stronger Healthcare Cybersecurity
US senators introduce new legislation to protect health data and strengthen the cybersecurity of the country’s healthcare sector.
The post Bipartisan Legislation Seeks Stronger Healthcare Cybersecurity appeared first on SecurityWeek.
New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products
Palo Alto Networks and SonicWall VPNs affected by vulnerabilities allowing remote code execution and privilege escalation.
The post New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products appeared first on SecurityWeek.
Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets
The Russia-linked RomCom APT has been observed chaining two zero-days in Firefox and Windows for backdoor delivery.
The post Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets appeared first on SecurityWeek.
INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent.
Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email
Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email
Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet.
“This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a
“This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a
New NachoVPN attack uses rogue VPN servers to install malicious updates
A set of vulnerabilities dubbed “NachoVPN” allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. […]
Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa
Operation Serengeti targeted criminal suspects in Africa behind ransomware, business email compromise, digital extortion and scams.
The post Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa appeared first on SecurityWeek.
NordVPN Black Friday Deal: Save up to 74% on yearly subscriptions
Want the best VPN with a 74% discount? The NordVPN Black Friday deal is live and runs until December 10. This is the perfect chance to lock in a 2-year plan for the low cost of $2.99 per month, with an extra 3 months for free. […]