Security News

Filter by:

SAP's First Security Updates for 2023 Resolve Critical Vulnerabilities

SAP this week announced the release of 12 new and updated security notes as part of the January 2023 Security Patch Day, including seven ‘hot news’ notes that address critical-severity vulnerabilities.
The Hacker News 12 Jan 2023 924 Views

Scattered Spider hackers use old Intel driver to bypass security

A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
The Hacker News 12 Jan 2023 1189 Views

Over 1,300 fake AnyDesk sites push Vidar info-stealing malware

A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware. [...]
Bleepingcomputer 11 Jan 2023 1165 Views

Attackers Are Already Exploiting ChatGPT to Write Malicious Code

The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.
Dark Reading 10 Jan 2023 1183 Views

Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL

The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. [...]
Bleepingcomputer 10 Jan 2023 1004 Views

Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects

A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this vulnerability, attackers could achieve remote code execution (RCE) ...
The Hacker News 10 Jan 2023 768 Views

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker ...
The Hacker News 8 Jan 2023 903 Views

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources...
The Hacker News 7 Jan 2023 712 Views

Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls

Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access. [...]
Bleepingcomputer 7 Jan 2023 761 Views

Twitter data dump: 200m+ account database now free to download

No passwords, but plenty of stuff for social engineering and doxxing More than 200 million Twitter users' information is now available for anyone to download for free.…
The Register 6 Jan 2023 6493 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY