Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. […]
Dark Partners cybercrime gang fuels large-scale crypto heists
A sprawling network of fake AI, VPN, and crypto software download sites is being used by the “Dark Partner” threat actors to conduct a crypto theft attacks worldwide. […]
Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack
The Czech Republic on Wednesday formally accused a threat actor associated with the People’s Republic of China (PRC) of targeting its Ministry of Foreign Affairs.
In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not
In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not
Czech Government Condemns Chinese Hack on Critical Infrastructure
The Czech government issues a blunt warning to China after APT31 hackers linked to intrusion at critical infrastructure network.
The post Czech Government Condemns Chinese Hack on Critical Infrastructure appeared first on SecurityWeek.
Czechia blames China for Ministry of Foreign Affairs cyberattack
The Czech Republic says the Chinese-backed APT31 hacking group was behind cyberattacks targeting the country’s Ministry of Foreign Affairs and critical infrastructure organizations. […]
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully exploited, could allow websites to access a user’s entire cloud storage content, as opposed to just the files selected for upload via the tool.
“This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
“This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
Cerby Raises $40 Million for Identity Automation Platform
Identity security automation platform Cerby has raised $40 million in Series B funding to scale operations.
The post Cerby Raises $40 Million for Identity Automation Platform appeared first on SecurityWeek.
Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites
Mandiant warns that a Vietnamese hacking group tracked as UNC6032 is distributing malware via fake AI video generator websites.
The post Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites appeared first on SecurityWeek.
Microsoft introduces new Windows backup tool for businesses
Microsoft has introduced Windows Backup for Organizations, a new backup tool for enterprises that simplifies backups and makes the transition to Windows 11 easier. […]
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.
Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.
“Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server
Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.
“Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server