A New APT Hacker Group Spying On Hotels and Governments Worldwide
By: Ravie Lakshmanan
A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law...
Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers
By: Ravie Lakshmanan
More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm,...
Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
By: Ravie Lakshmanan
An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains...
US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs
By: Ravie Lakshmanan
The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part...
Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks
By: Ravie Lakshmanan
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt...
Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide
By: Ravie Lakshmanan
Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that's actively set its sights on government, telecommunications, information...
Experts Link Sidewalk Malware Attacks to Grayfly Chinese Hacker Group
By: Ravie Lakshmanan
A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation...
New 0-Day Attack Targeting Windows Users With Microsoft Office Documents
By: Ravie Lakshmanan
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.
Tracked as...
Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
By: Ravie Lakshmanan
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a...
FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor
By: Ravie Lakshmanan
A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a...
