Veeam releases patches for two vulnerabilities in Service Provider Console, including a critical-severity remote code execution bug.
The post Veeam Warns of Critical Vulnerability in Service Provider Console appeared first on SecurityWeek.
New DroidBot Android banking malware spreads across Europe
A new Android banking malware named ‘DroidBot’ attempts to steal credentials for over 77 cryptocurrency exchanges and banking apps in the UK, Italy, France, Spain, and Portugal. […]
Solana Web3.js library backdoored to steal secret, private keys
The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets. […]
Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities
The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022.
The activity, first observed in December 2022, is the latest instance of the nation-state adversary “embedding
The activity, first observed in December 2022, is the latest instance of the nation-state adversary “embedding
Russian hackers hijack Pakistani hackers’ servers for their own attacks
The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156’s infrastructure to launch their own covert attacks on already compromised networks. […]
Spy v Spy: Russian APT Turla Caught Stealing from Pakistani APT
Russia’s Turla hackers hijacked 33 command servers operated by Pakistani hackers who had themselves breached Afghanistan and Indian targets.
The post Spy v Spy: Russian APT Turla Caught Stealing from Pakistani APT appeared first on SecurityWeek.
Largest German Crime Marketplace Taken Down, Administrator Arrested
Crimenetwork, the largest German-speaking online crime marketplace, has been shut down and one of its admins has been arrested.
The post Largest German Crime Marketplace Taken Down, Administrator Arrested appeared first on SecurityWeek.
Japan warns of IO-Data zero-day router flaws exploited in attacks
Japan’s CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. […]
Six password takeaways from the updated NIST cybersecurity framework
Updated NIST guidelines reject outdated password security practices in favor of more effective protections. Learn from Specops Software about 6 takeaways from NIST’s new guidance that help create strong password policies. […]
Tuskira Scores $28.5M for AI-Powered Security Mesh
Tuskira is working on an AI-powered security mesh promising to integrate fragmented security tools and mitigate risk exposure in real time.
The post Tuskira Scores $28.5M for AI-Powered Security Mesh appeared first on SecurityWeek.