Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within...
News
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its...
Bitwarden Adds Passkey Support To Log Into Web Password Vaults
The open-source Bitwarden password manager has announced that all users can now log into their web vaults using a passkey...
Halara Probes Breach After Hacker Leaks Data For 950 000 People
Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked...
Framework Discloses Data Breach After Accountant Gets Phished
Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group,...
New Balada Injector Campaign Infects 6 700 WordPress Sites
A little over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin have been infected with the...
Finland Warns Of Akira Ransomware Wiping Nas And Tape Backup Devices
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups....
Microsoft Shares Script To Update Windows 10 Winre With Bitlocker Fixes
Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666,...
Over 150k WordPress Sites At Takeover Risk Via Vulnerable Plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take...
1.3 Million FNF Customers’ Data Potentially Exposed in Ransomware Attack
Fidelity National Financial (FNF) has revealed that around 1.3 million customers’ data may have been exposed during a ransomware attack...
NCSC Publishes Practical Security Guidance For SMBs
A leading UK security agency has today published a new guide for small and medium-sized businesses (SMBs) designed to help...
Two Ivanti Zero-Days Actively Exploited in the Wild
Ivanti customers have been urged to follow the security vendor’s suggested workaround after it confirmed that two zero-day vulnerabilities in...
Mandiant’s X Account Was Hacked in Brute-Force Password Attack
Cyber threat intelligence giant Mandiant has shared the results of its investigation on its recent X account hijacking following a...
Threat Actors Increasingly Abusing GitHub for Malicious Purposes
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host...
New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and...
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source...
Atomic Stealer Distributed To Mac Users Via Fake Browser Updates
Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious...
Credit Card Skimming On The Rise For The Holiday Shopping Season
As we head into shopping season, customers aren’t the only ones getting excited. More online shopping means more opportunities for...
Ransomware Review November 2023
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on...
Associated Press Espn Cbs Among Top Sites Serving Fake Virus Alerts
ScamClub is a threat actor who’s been involved in malvertising activities since 2018. Chances are you probably ran into one...
Pikabot Distributed Via Malicious Ads
During this past year, we have seen an increase in the use of malicious ads (malvertising) and specifically those via...
Atomic Stealer Rings In The New Year With Updated Version
Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users....
New Metastealer Malvertising Campaigns
MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have...
Malvertisers Zoom In On Cryptocurrencies And Initial Access
During the past month, we have observed an increase in the number of malicious ads on Google searches for “Zoom”,...
