Kaspersky's report highlights a steady increase in software vulnerabilities, with a surge in critical ones due to factors like bug bounty programs and complex software. Exploits, especially those available publicly, pose significant threats, and their numbers are rising. Key vulnerabilities in Q1 2024 include those affecting XZ,...
Llama Drama: Critical Flaw in AI Python Package Can Lead to System and Data Compromise (CVE-2024-34359) ( www.securityweek.com )
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets ( www.aquasec.com )
Russian hackers use new Lunar malware to breach a European govt's agencies ( www.bleepingcomputer.com )
Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) ( www.helpnetsecurity.com )
Kimsuky hackers deploy new Linux backdoor in attacks on South Korea ( www.bleepingcomputer.com )
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware ( www.microsoft.com )
Zero-day alert! Apple security updates are out, including 0-day fixes for iOS 16 and macOS 13 ( pducklin.com )
Dangerous Google Chrome Zero-Day Allows Sandbox Escape ( www.darkreading.com )
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack ( www.infosecurity-magazine.com )
Log4Shell shows no sign of fading, spotted in 30% of CVE exploits ( www.helpnetsecurity.com )
Southeast Asian scam syndicates stealing $64 billion annually, researchers find ( therecord.media )
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws ( www.bleepingcomputer.com )
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 ( www.bleepingcomputer.com )
CISA Adds Google Chromium Vulnerability (CVE-2024-4671) to Known Exploited Vulnerabilities Catalog ( www.cisa.gov )
Malicious Go Binary Delivered via Steganography in PyPI ( blog.phylum.io )
Cyberthreat landscape permanently altered by Chinese operations, US officials say ( therecord.media )
Pro-Russia hackers targeted Kosovo government websites ( securityaffairs.com )
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT ( thehackernews.com )
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models ( thehackernews.com )
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus ( www.darkreading.com )
Actor IntelBroker is selling data from Europol in Breachforums ( breachforums.st )
Data offered include Alliance employees, FOUO source code, PDFs, Documents for recon and guidelines.
IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data ( www.hackread.com )
Citrix warns admins to manually mitigate PuTTY SSH client bug ( www.bleepingcomputer.com )
Boeing confirms attempted $200 million ransomware extortion attempt ( cyberscoop.com )
Poland says Russian cyberspies targeted government networks ( www.reuters.com )
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version ( thehackernews.com )
New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data ( thehackernews.com )
Proton VPN TunnelVision support response.
I contacted Proton VPN about the TunnelVision exploit and I got a response. I feel great about it, thank you Proton!...
Zscaler investigating a potential breach ( trust.zscaler.com )
Analyzing the vulnerability landscape in Q1 2024 ( securelist.com )
Kaspersky's report highlights a steady increase in software vulnerabilities, with a surge in critical ones due to factors like bug bounty programs and complex software. Exploits, especially those available publicly, pose significant threats, and their numbers are rising. Key vulnerabilities in Q1 2024 include those affecting XZ,...
zEus Stealer Distributed via Crafted Minecraft Source Pack ( www.fortinet.com )
CHM Malware Stealing User Information Being Distributed in Korea ( asec.ahnlab.com )
Nearly 184,000 MedStar Health patients' personal data possibly breached ( therecord.media )
Security company exposes 1.2M guard and suspect records ( www.theregister.com )
Chinese Hackers Deployed Backdoor Quintet to Down MITRE ( www.darkreading.com )
UK confirms Ministry of Defence payroll data exposed in data breach ( www.bleepingcomputer.com )
Stealing cookies: Researchers describe how to bypass modern authentication ( cyberscoop.com )
China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices ( thehackernews.com )
Citrix Addresses High-Severity NetScaler Servers Flaw ( www.darkreading.com )
NVIDIA patches three ChatRTX security bugs ( www.scmagazine.com )
Deutsche Telekom claimed by LockBit, dozens more ransom victims ( cybernews.com )
CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak ( www.leviathansecurity.com )
Android bug leaks DNS queries even when VPN kill switch is enabled ( www.bleepingcomputer.com )
Iranian hackers pose as journalists to push backdoor malware ( www.bleepingcomputer.com )
Microsoft: Announcing Zero Trust DNS Private Preview ( techcommunity.microsoft.com )
Finland warns of Android malware attacks breaching bank accounts ( www.bleepingcomputer.com )
Germany blames Fancy Bear for 2023 hacking campaign ( www.theregister.com )