Security News

Filter by:

Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising

A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. [...]
Bleepingcomputer 19 May 2024 1546 Views

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. [...]
The Hacker News 11 May 2024 14685 Views

Citrix warns admins to manually mitigate PuTTY SSH client bug

Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. [...]
Bleepingcomputer 10 May 2024 1605 Views

New attack leaks VPN traffic using rogue DHCP servers

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. [...]
Bleepingcomputer 8 May 2024 1905 Views

Billions of Android Devices Open to 'Dirty Stream' Attack

Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations.
Dark Reading 3 May 2024 1514 Views

CISA says GitLab account takeover bug is actively exploited in attacks

​CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets. [...]
Bleepingcomputer 2 May 2024 1684 Views

DropBox says hackers stole customer data, auth secrets from eSignature service

Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information. [...]
Bleepingcomputer 2 May 2024 1692 Views

Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft

Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection.
Dark Reading 2 May 2024 1574 Views

Microsoft won't fix Windows 0x80070643 errors, manual fix required

​Microsoft has confirmed that it won't provide an automated fix for a known issue causing 0x80070643 errors when installing recent Windows Recovery Environment (WinRE) updates. [...]
Bleepingcomputer 2 May 2024 1849 Views

New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials

A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed...
The Hacker News 2 May 2024 16731 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY