Redmond’s AI Red Team says human involvement remains irreplaceable in addressing nuanced risks.
The post AI Won’t Take This Job: Microsoft Says Human Ingenuity Crucial to Red-Teaming appeared first on SecurityWeek.
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. […]
Hackers exploit critical Aviatrix Controller RCE flaw in attacks
Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. […]
UK domain registry Nominet confirms breach via Ivanti zero-day
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. […]
Ransomware abuses Amazon AWS feature to encrypt S3 buckets
A new ransomware campaign encrypts Amazon S3 buckets using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. […]
Infostealer Masquerades as PoC Code Targeting Recent LDAP Vulnerability
A fake proof-of-concept (PoC) exploit for a recent LDAP vulnerability distributes information stealer malware.
The post Infostealer Masquerades as PoC Code Targeting Recent LDAP Vulnerability appeared first on SecurityWeek.
US Charges 3 Russians for Operating Cryptocurrency Mixers Used by Cybercriminals
The US Justice Department has announced charges against three Russians for operating the Blender and Sinbad cryptocurrency mixers.
The post US Charges 3 Russians for Operating Cryptocurrency Mixers Used by Cybercriminals appeared first on SecurityWeek.
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners.
Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in
Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in
Emerging FunkSec Ransomware Developed Using AI
Developed with the help of AI, the emerging FunkSec ransomware claimed over 80 victims in December 2024.
The post Emerging FunkSec Ransomware Developed Using AI appeared first on SecurityWeek.
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure.
Let’s turn awareness into action and keep one step ahead
Let’s turn awareness into action and keep one step ahead