The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web …
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon Read More »
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting …
Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution Read More »
Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a …
‘Spider-Man: No Way Home’ Pirated Downloads Contain Crypto-Mining Malware Read More »
Researchers have discovered a new Android banking malware that targets Brazil’s Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. This …
New Android Malware Targeting Brazil’s Itaú Unibanco Bank Customers Read More »
China’s internet regulator, the Ministry of Industry and Information Technology (MIIT), has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report …
China suspends deal with Alibaba for not sharing Log4j 0-day first with the government Read More »
Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain …
Secret Backdoors Found in German-made Auerswald VoIP System Read More »
Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The “vulnerabilities in …
New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G Read More »
A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a “classic APT-type operation.” This attack could have …
Experts Discover Backdoor Deployed on the U.S. Federal Agency’s Network Read More »
A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users’ contact lists to an attacker-controlled server and signs up users to …
Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store Read More »
Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device’s Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip. The novel attacks work against …
Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips Read More »
A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky “fileless” techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers …
New Fileless Malware Uses Windows Registry as Storage to Evade Detection Read More »
Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install …
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges Read More »