Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent
Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions
The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.
The post Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions appeared first on SecurityWeek.
NIST Explains Why It Failed to Clear CVE Backlog
NIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.
The post NIST Explains Why It Failed to Clear CVE Backlog appeared first on SecurityWeek.
Cybereason and Trustwave Announce Merger
Cybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.
The post Cybereason and Trustwave Announce Merger appeared first on SecurityWeek.
TikTok Pixel Privacy Nightmare: A New Case Study
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure
Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices.
The post Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure appeared first on SecurityWeek.
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user’s NTLMv2 hash. It was patched by Microsoft earlier this
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user’s NTLMv2 hash. It was patched by Microsoft earlier this
Hackers use macOS extended file attributes to hide malicious code
Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr. […]
US govt officials’ communications compromised in recent telecom hack
CISA and the FBI confirmed that Chinese hackers compromised the “private communications” of a “limited number” of government officials after breaching multiple U.S. broadband providers. […]