OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
The Hacker News
by
7h ago
Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS ..read more
Visit website
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks
The Hacker News
by
7h ago
The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside ..read more
Visit website
AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs
The Hacker News
by
7h ago
New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in ..read more
Visit website
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
The Hacker News
by
10h ago
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus ..read more
Visit website
Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats
The Hacker News
by
10h ago
In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground ..read more
Visit website
FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations
The Hacker News
by
10h ago
The U.S. Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral from using or disclosing personal data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to third parties for advertising purposes and failed to honor its easy cancellation policies. "Cerebral and ..read more
Visit website
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown
The Hacker News
by
16h ago
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers and enabled them to access victims' private communications, their login credentials, and ..read more
Visit website
Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw
The Hacker News
by
1d ago
A security flaw impacting the Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the Lighttpd maintainers way back in August 2018 with version 1.4.51, the lack of a CVE identifier or an advisory meant that ..read more
Visit website
AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead
The Hacker News
by
1d ago
Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on ..read more
Visit website
Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks
The Hacker News
by
1d ago
The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. "Organizations often store a variety of data in SaaS applications and use services from CSPs," Palo Alto Networks Unit 42 said in a report published last week. "The threat ..read more
Visit website

Follow The Hacker News on FeedSpot

Continue with Google
Continue with Apple
OR