Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability previously exploited as a zero-day. […]
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. […]
Network Threats: A Step-by-Step Attack Demonstration
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy.
Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds.
To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged
To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged
New Brokewell malware takes over Android devices, steals data
Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. […]
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative.
The tech giant said it’s working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.
As part of the
The tech giant said it’s working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.
As part of the
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.
Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).
“
Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).
“
US charges Samourai cryptomixer founders for laundering $100 million
Keonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. […]
Maximum severity Flowmon bug has a public exploit, patch now
Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. […]
ArcaneDoor hackers exploit Cisco zero-days to breach govt networks
Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. […]