Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. […]
DDoS attacks reportedly behind DayZ and Arma network outages
An ongoing distributed denial of service (DDoS) attack targets Bohemia Interactive’s infrastructure, preventing players of DayZ and Arma Reforger from playing the games online. […]
British engineering firm IMI discloses breach, shares no details
British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the company’s systems. […]
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.
The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China.
“This actor has increasingly targeted key roles
The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China.
“This actor has increasingly targeted key roles
Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023.
The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%.
“The number of ransomware events increased into H2, but on-chain payments declined,
The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%.
“The number of ransomware events increased into H2, but on-chain payments declined,
Astra, Invary Raise Millions for AI-Powered Pentesting, Runtime Security
Astra Security and Invary have received new funding to fuel development of their vulnerability scanning and runtime security solutions.
The post Astra, Invary Raise Millions for AI-Powered Pentesting, Runtime Security appeared first on SecurityWeek.
Hacker Who Targeted NATO, US Army Arrested in Spain
Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.
The post Hacker Who Targeted NATO, US Army Arrested in Spain appeared first on SecurityWeek.
Five Eyes Agencies Release Guidance on Securing Edge Devices
Five Eyes cybersecurity agencies have released guidance on securing edge devices against increasing threats.
The post Five Eyes Agencies Release Guidance on Securing Edge Devices appeared first on SecurityWeek.
Security Teams Pay the Price: The Unfair Reality of Cyber Incidents
The blame of security incidents may be shared—but the burden of response always falls on the security team. Here’s how to prepare for the inevitable.
The post Security Teams Pay the Price: The Unfair Reality of Cyber Incidents appeared first on SecurityWeek.
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple’s and Google’s respective app stores to steal victims’ mnemonic phrases associated with cryptocurrency wallets.
The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,
The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,