Cyber researchers discovered on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. The malware was first documented late last month by U.S. and Israeli cybersecurity agencies, describing it as an “exploitation tool for gathering information about an end point and running remote…
CISA recently warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition…
Microsoft observed that a covert Chinese botnet, relying on compromised TP-Link routers, commits stealthy password-spraying attacks, only attempting to access accounts once per day. This malicious operation was discovered in August 2023 and employed an average of 8,000 compromised devices at any given time, according to a new report by Microsoft Threat Intelligence. The botnet…
Fidelity Investments has confirmed that it suffered a major data breach to US authorities. In its filing with the Office of the Maine Attorney General, the US-based asset manager said the incident, which occurred in August, exposed the personal information of more than 77,000 customers. Fidelity Investments added that it had commissioned external security experts…
After a social media post went viral claiming that public transportation body Prasarana was facing a ransomware attack, the firm confirmed that it was facing a cybersecurity issue. In the statement posted on RapidKL’s social media, Prasarana said that it “confirms social media reports regarding a cybersecurity incident involving part of their internal systems.” Without…
The vulnerabilities highlight significant risks for users across various platforms, including Windows, macOS, Linux, iOS, and Android. Zoom Video Communications has disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, potentially allow attackers to escalate privileges on affected systems. The vulnerabilities highlight significant risks…
North Korean hackers have conducted a global cyber espionage campaign in efforts to steal classified military secrets to support Pyongyang’s banned nuclear weapons programme, the United States, Britain and South Korea said in a joint advisory on Thursday. The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, are believed to be part of North Korea’s…
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. “The vulnerabilities we found could have allowed attackers to access customers’ data…
Passwords Leaked: A file with around 10 billion (1,000 crore) passwords was leaked via an online hacking forum, according to a report by Semafor. The compilation, which included old and new password breaches, was posted online on July 4, and is the largest such leak yet, it added. The report noted the risk of credential-stuffing attacks being…
Hackers add more devices to the network of slave digital devices, which would do what hackers want them to do. These networks, called botnets, launch large-scale cyberattacks, including the dreaded Distributed Denial of Services (DDoS). Now Dark web peers are selling botnets at throw-away prices ranging from $99 on the Dark Web, according to cybersecurity…
