A zero-day vulnerability in Samsung mobile processors has been abused as part of an exploit chain for arbitrary code execution.
The post Google Warns of Samsung Zero-Day Exploited in the Wild appeared first on SecurityWeek.
CISA and USPIS Release Two Election Mail Security Resources
Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks
Critical and high-severity vulnerabilities that can lead to full device compromise have been found in mbNET.mini and Helmholz industrial routers.
The post Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks appeared first on SecurityWeek.
BlackCat Ransomware Successor Cicada3301 Emerges
The Cicada3301 ransomware shows multiple similarities with BlackCat and is believed to mark the reemergence of the threat.
The post BlackCat Ransomware Successor Cicada3301 Emerges appeared first on SecurityWeek.
A Comprehensive Guide to Finding Service Accounts in Active Directory
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This guide will walk you through how to locate and secure these accounts within Active Directory (AD), and explore how Silverfort’s solutions can help enhance your
Latrodectus Malware Increasingly Used by Cybercriminals
Latrodectus malware has been increasingly used by cybercriminals, with recent campaigns targeting the financial, automotive and healthcare sectors.
The post Latrodectus Malware Increasingly Used by Cybercriminals appeared first on SecurityWeek.
Bumblebee Malware Loader Resurfaces Following Law Enforcement Takedown
New malicious campaign suggests the Bumblebee malware loader might be resurfacing following the May 2024 law enforcement takedown.
The post Bumblebee Malware Loader Resurfaces Following Law Enforcement Takedown appeared first on SecurityWeek.
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns.
Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts.
Tracked under the names BlackWidow, IceNova, Lotus,
Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts.
Tracked under the names BlackWidow, IceNova, Lotus,
Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol.
The packages attempt to “gain SSH access to the victim’s machine by writing the attacker’s SSH public key in the root user’s authorized_keys file,” software supply
The packages attempt to “gain SSH access to the victim’s machine by writing the attacker’s SSH public key in the root user’s authorized_keys file,” software supply
Palo Alto Networks Adds New Capabilities to OT Security Solution
Palo Alto Networks has added new remote access, virtual patching and firewall capabilities to its OT Security solution.
The post Palo Alto Networks Adds New Capabilities to OT Security Solution appeared first on SecurityWeek.