Critical Misconfiguration in Oracle NetSuite’s SuiteCommerce Platform Exposes Thousands of E-commerce Sites to Data Breach
Security researchers discover a misconfiguration in Oracle NetSuite’s SuiteCommerce platform, allowing unauthorized access to sensitive customer data on thousands of e-commerce sites.
View full story…
ESET Uncovers Sophisticated Mobile Phishing Technique Targeting OTP Bank and TBC Bank Clients
ESET Research reveals a mobile phishing technique using PWAs to target clients of OTP Bank and TBC Bank in the Czech Republic, Hungary, and Georgia.
View full story…
Blind Eagle: APT Group Targeting Latin American Nations Since 2018
Blind Eagle, also known as APT-C-36, is a persistent threat actor targeting entities and individuals in Latin American nations since at least 2018, demonstrating adaptability in operational goals and employing various remote access trojans and techniques for cyber espionage and financial credential theft campaigns.
View full story…
Iranian Actors Orchestrated Cyber-Attacks on US Presidential Campaigns
Recent cyber-attacks on the Presidential campaigns of Donald Trump and Vice President Kamala Harris were confirmed to be orchestrated by Iranian actors, including APT42, as part of a larger effort to undermine confidence in US democratic institutions and influence US foreign policy.
View full story…
Critical Jenkins Security Flaw Exploited in Ransomware Attacks
Threat groups actively exploiting CVE-2024-23897 in Jenkins, leading to ransomware attacks on companies like Brontoo Technology Solutions in India.
View full story…
Critical Privilege Escalation Vulnerability in Microsoft’s Azure Kubernetes Service Exposes Cluster Secrets
Attackers exploit command execution privilege within a pod to access sensitive information in AKS clusters.
View full story…
Symantec’s Threat Hunter Team Identifies New Backdoor Threat Msupedge
Symantec’s Threat Hunter Team, a division of Broadcom, has identified a new backdoor threat called Msupedge that exploits a critical PHP vulnerability for remote code execution and uses DNS traffic for communication with a command-and-control server.
View full story…
Latest Cybernews
Cyber Insurance Uptake Rises as Claims Decrease Among UK Organizations
Databarracks’ annual Data Health Check survey reveals a rise in cyber insurance uptake and a decrease in claims, attributed to successful ransomware recoveries and stricter insurance evaluations.
View full story…
Researchers Uncover New FIN7 Infrastructure Linked to Stark Industries
Cybersecurity researchers identify new infrastructure associated with financially motivated threat actor FIN7, including IP addresses assigned to Post Ltd and SmartApe in Russia and Estonia, as well as Stark Industries Solutions.
View full story…
Cybercriminals Exploit Cloud-Based Tool Xeon Sender for SMS Spam and Phishing Campaigns
Xeon Sender, a cloud-based tool, is being used by cybercriminals to carry out large-scale SMS spam and phishing campaigns.
View full story…
North Korean Hackers Exploit Microsoft Windows Zero-Day Vulnerability
Hackers associated with the North Korean government’s Lazarus APT group leveraged a zero-day exploit in Microsoft Windows to deploy a rootkit on targeted systems, prompting Microsoft to release security updates to address the vulnerability.
View full story…
New UULoader Malware Targets Korean and Chinese Speakers in East Asia
UULoader malware delivers Gh0st RAT and Mimikatz through deceptive installers, posing significant risks to cryptocurrency wallet users and government services in East Asia.
View full story…
Cybercriminals Exploit Popular Software to Distribute FakeBat Malware
Malvertising campaigns distributing FakeBat malware linked to threat actor Eugenfest pose a significant threat to users seeking popular software.
View full story…
Library Injection Vulnerability Discovered in Microsoft Outlook for macOS
A vulnerability in Microsoft Outlook for macOS allows for library injection, potentially leading to unauthorized access to user permissions.
View full story…