brangberg – Page 881

North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware

Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret.
The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,

Atlassian Patches Critical Vulnerabilities in Confluence, Crowd

Atlassian has released patches for 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira.

The post Atlassian Patches Critical Vulnerabilities in Confluence, Crowd appeared first on SecurityWeek.

CISA, FBI Warn of China-Linked Ghost Ransomware Attacks

CISA and the FBI warn organizations of attacks employing the Ghost (Cring) ransomware, operated by Chinese hackers.

The post CISA, FBI Warn of China-Linked Ghost Ransomware Attacks appeared first on SecurityWeek.

Microsoft testing fix for Windows 11 bug breaking SSH connections

Microsoft is not testing a fix for a longstanding known issue that is breaking SSH connections on some Windows 11 22H2 and 23H2 systems. […]

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities

Proof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.

The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek.

Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw

PCI DSS 4.0 Mandates DMARC By 31st March 2025

The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary

China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

US Military Health Provider HNFS Pays $11M in Settlement Over Cybersecurity Failures

US military health benefits program administrator HNFS to pay $11 million in settlement over its false claims of cybersecurity compliance.

The post US Military Health Provider HNFS Pays $11M in Settlement Over Cybersecurity Failures appeared first on SecurityWeek.

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.
“The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation,” the AhnLab SEcurity Intelligence Center (ASEC)

Author: brangberg