Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks

17/04/2024 0 Comments 0 tags

A previously undocumented “flexible” backdoor called Kapeka has been “sporadically” observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

17/04/2024 0 Comments 0 tags

Cybersecurity researchers have discovered a new campaign that’s exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

17/04/2024 0 Comments 0 tags

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence

GenAI: A New Headache for SaaS Security Teams

17/04/2024 0 Comments 0 tags

The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

17/04/2024 0 Comments 0 tags

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March

FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations

16/04/2024 0 Comments 0 tags

The U.S. Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral from using or disclosing personal data for advertising purposes. It has also been fined more than $7

Identity in the Shadows: Shedding Light on Cybersecurity’s Unseen Threats

16/04/2024 0 Comments 0 tags

In today’s rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

16/04/2024 0 Comments 0 tags

The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

16/04/2024 0 Comments 0 tags

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

16/04/2024 0 Comments 0 tags

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake