North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains

15/01/2025 0 Comments 0 tags

Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

15/01/2025 0 Comments 0 tags

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a

3 Actively Exploited Zero-Day Flaws Patched in Microsoft’s Latest Security Update

15/01/2025 0 Comments 0 tags

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

15/01/2025 0 Comments 0 tags

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

14/01/2025 0 Comments 0 tags

New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

14/01/2025 0 Comments 0 tags

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System

Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware

14/01/2025 0 Comments 0 tags

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia. The

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

14/01/2025 0 Comments 0 tags

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. “The campaign involved unauthorized administrative logins

Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions

14/01/2025 0 Comments 0 tags

The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

14/01/2025 0 Comments 0 tags

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new