Collaborate Disseminate
Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks.
The post Iranian Hackers Targeting Iraqi Government: Security Firm appeared first on SecurityWeek.
Continue reading Iranian Hackers Targeting Iraqi Government: Security Firm
Noise generated by the pixels on a screen can be leveraged to exfiltrate data from air-gapped computers in what is called a PIXHELL attack.
The post PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens appeared first on SecurityWeek.
Continue reading PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens
A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks.
The post Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks appeared first on SecurityWeek.
Continue reading Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks
Google TAG publishes evidence showing identical or striking similarities between exploits used by Russia’s APT29 and commercial spyware vendors.
The post Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa appeared f… Continue reading Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa
The Iran-linked state-sponsored hacker group tracked as Peach Sandstorm has started using a new backdoor in attacks aimed at the US and UAE.
The post Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE appeared first on SecurityWeek.
Continue reading Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE
Threat actors delivered malware via instant messaging applications, including a malicious Pidgin plugin and an unofficial Signal fork.
The post Malware Delivered via Malicious Pidgin Plugin, Signal Fork appeared first on SecurityWeek.
Continue reading Malware Delivered via Malicious Pidgin Plugin, Signal Fork
Noteworthy stories that might have slipped under the radar: FAA improving cyber rules for airplanes, NGate Android malware used to steal cash from ATMs, abusing Slack AI to steal data.
The post In Other News: FAA Improving Cyber Rules, Android Malware … Continue reading In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI
More than two years after the Log4j crisis, organizations are still being hit by crypto-currency miners and backdoor scripts.
The post Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware appeared first on SecurityWeek.
Continue reading Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware
Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables.
The post Cloud Misconfigurations Expose 110,000 Domains to Extorti… Continue reading Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign
Noteworthy stories that might have slipped under the radar: there are 400 CVE Numbering Authorities, crash reports can be a valuable source of information, and Schlatter was hit by a cyberattack.
The post In Other News: 400 CNAs, Crash Reports, Schlatt… Continue reading In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack