network security

FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

Dec 27, 2024Ravie LakshmananBotnet / DDoS Attack Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten…

CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

Dec 27, 2024Ravie LakshmananVulnerability / Software Security The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution…

Brazilian Hacker Charged for Extorting .2M in Bitcoin After Breaching 300,000 Accounts

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Dec 26, 2024Ravie LakshmananCybercrime / Ransomware A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company’s network in March 2020. Junior Barros De…

Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks

Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances.…

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

Dec 25, 2024Ravie LakshmananServer Security / Vulnerability The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute…

A New C++ Variant of BellaCiao Malware

Dec 25, 2024Ravie LakshmananCyber Attack / Malware The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed…

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised…

North Korean Hackers Pull Off 8M Bitcoin Heist from Crypto Firm DMM Bitcoin

North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

Dec 24, 2024Ravie LakshmananCybercrime / Malware Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. “The theft…

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

Dec 24, 2024Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based…

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Dec 24, 2024Ravie LakshmananVulnerability / Zero Day The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE)…

« Previous
1
…
33
34
35
36
37
…
200
Next »