Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack

July 1, 2024 at 08:21AM The SecurityWeek Network covers cybersecurity news, webcasts, and virtual events. It includes topics such as malware, cyberwarfare, data breaches, ransomware, and incident response. Additionally, it provides information on security operations, threat intelligence, risk management, and CISO strategy. Furthermore, it focuses on ICS/OT and industrial cybersecurity, as well as cyber insurance … Read more

‘Snowblind’ Tampering Technique May Drive Android Users Adrift

June 26, 2024 at 09:06AM “Snowblind,” a new malware targeting Southeast Asian banking apps, exploits the Linux security feature “seccomp” to isolate applications from detecting tampering, thwarting existing anti-tampering measures. This forces developers and security experts to adapt and find new strategies to counter such attacks, as traditional defense mechanisms become less effective against this … Read more

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

June 26, 2024 at 05:33AM The credit card web skimmer, Caesar Cipher Skimmer, is targeting CMS platforms like WordPress, Magento, and OpenCart. It operates by injecting obfuscated malware into e-commerce sites to steal financial information. The skimmer uses various methods to conceal its activities and can adapt its responses based on the website it infects. … Read more

Malware Sandbox Any.Run Targeted in Phishing Attack

June 25, 2024 at 06:07AM SecurityWeek Network offers cybersecurity news, webcasts, and virtual events. It covers a wide range of topics, including malware, cybercrime, ransomware, vulnerability, threat intelligence, and CISO strategy. It also focuses on industrial cybersecurity and provides updates on cybersecurity funding and M&A activities. It seems like the meeting notes are a list … Read more

Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

June 5, 2024 at 03:09AM TikTok acknowledged a zero-click account takeover campaign by threat actors, impacting high-profile accounts on the platform. The company has taken preventive measures and is working with affected users. Previous security issues were also highlighted, including a flaw enabling data extraction and a one-click exploit. Concerns about TikTok’s Chinese roots further … Read more

Ways iOS Sideloading Can Be More Secure

June 3, 2024 at 05:46PM The European Union’s Digital Markets Act allowed sideloading on iOS devices in Europe, prompting concerns about security. Apple’s notarization process and real-time monitoring aim to mitigate these risks, distinguishing it from Android’s open approach. Nonetheless, Apple’s notarization may not prevent all malicious apps, and the extent of sideloading’s impact on … Read more

PoC Published for Exploited Check Point VPN Vulnerability

June 3, 2024 at 08:45AM SecurityWeek Network provides cybersecurity news, webcasts, and virtual events. Their content covers various topics including malware, cyberwarfare, data breaches, ransomware, and more. Additionally, they focus on areas such as incident response, risk management, and CISO strategy, as well as industrial cybersecurity and funding/M&A in the cybersecurity industry. It seems like … Read more

Snowflake Data Breach Impacts Ticketmaster, Other Organizations

June 3, 2024 at 07:45AM SecurityWeek Network provides cybersecurity news, webcasts, virtual events, and covers various topics including malware, cyberwarfare, data breaches, fraud, ransomware, vulnerabilities, incident response, and more. It also addresses security in areas such as IoT, cloud, mobile, network, and offers insights on risk management, cyber insurance, and CISO strategy, among other subjects. … Read more

AI Voice Generator App Used to Drop Gipy Malware

May 24, 2024 at 01:29PM The Gipy campaign, discovered in 2023, uses an infostealer malware to target users in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI voice changing application. Upon delivery, Gipy enables data theft, cryptocurrency mining, and installation of additional malware. Researchers found various malicious programs being delivered in the … Read more

Microsoft to start killing off VBScript in second half of 2024

May 22, 2024 at 02:35PM Microsoft will deprecate VBScript by 2024, making it an on-demand feature and eventually removing it. Program manager Naveen Shankar said newer scripting languages like JavaScript and PowerShell offer better capabilities for modern web development and automation. VBScript will be gradually phased out, with the final retirement expected around 2027 due … Read more