Over 600,000 SOHO routers belonging to a single ISP and infected with the Chalubo trojan were rendered inoperable.
The post Mysterious Threat Actor Used Chalubo Malware to Brick 600,000 Routers appeared first on SecurityWeek.
Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites.
The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek.
The TrickBot botnet and other malware droppers have been targeted by international law enforcement in Operation Endgame.
The post TrickBot and Other Malware Droppers Disrupted by Law Enforcement appeared first on SecurityWeek.
Okta raises the alarm on credential stuffing attacks targeting endpoints used for cross-origin authentication.
The post Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication appeared first on SecurityWeek.
The US announced that the 911 S5 (Cloud Router) botnet, likely the worldβs largest, has been dismantled and its administrator arrested.
The post Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested appeared first on SecurityWeek.
The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.
The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek.
Views: 0Source: www.securityweek.com β Author: Ionut Arghire Thousands of computers are at risk of complete takeover after hackers added a backdoor to the installer for the Justice AV Solutions (JAVS) Viewer software, Rapid7 warned in an advisory. According to Rapid7, the hackers injected a backdoor in the JAVS Viewer v8.3.7 installer that is being distributed [β¦]
La entrada JAVS Courtroom Audio-Visual Software Installer Serves Backdoor β Source: www.securityweek.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover.
The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek.
The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages.
The post New βAntidotβ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data appeared first on SecurityWeek.
The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.
The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek.
Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.
The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek.
The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.
The post 400,000 Linux Servers Hit by Ebury BotnetΒ appeared first on SecurityWeek.
Patch Tuesday: Microsoft documents 60 security flaws in multiple software products and flags an actively exploited Windows zero-day for urgent attention.
The post Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities appeared first on SecurityWeek.
Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.
The post Adobe Patches Critical Flaws in Reader, Acrobat appeared first on SecurityWeek.
Threat actors are using DNS tunneling to track victimsβ interaction with spam and to scan network infrastructures.
The post Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks appeared first on SecurityWeek.
Apple documents another zero-day flaw being exploited on older iPhones and documents security problems in macOS, iOS and iPadOS.
The post Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS appeared first on SecurityWeek.
The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks.
The post US Says North Korean Hackers Exploiting Weak DMARC SettingsΒ appeared first on SecurityWeek.
A botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers.
The post Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals appeared first on SecurityWeek.
Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program.
The post Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push appeared first on SecurityWeek.
Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic.
The post Cuttlefish Malware Targets Routers, Harvests Cloud Authentication DataΒ appeared first on SecurityWeek.
The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal.
The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek.
Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.
The post Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover appeared first on SecurityWeek.
Login