Bolster, creator of the CheckPhish phishing tracker, raises $14M led by Microsoft’s M12
Bolster, creator of the CheckPhish phishing tracker, raises $14M led by Microsoft’s M12 Go to Source A dodgy email containing a link that looks “legit” but is actually malicious remains one of the most dangerous, yet successful,...
Microsoft and Google’s new AI sales pitches: We’re your last line of defense against your scatterbrained self
Microsoft and Google’s new AI sales pitches: We’re your last line of defense against your scatterbrained self Go to Source Google and Microsoft have spent the last few weeks unspooling enormous ambitions for artificial intelligence,...
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks Go to Source An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting...
Linux Fu: The Root Cause
There was a time when real system administrators just logged into Unix systems as root. But as we all know — with great power comes great responsibility. It’s too easy to do terrible things when you are really just trying to do normal work, and, on top of that,...
Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involves...
A new EPA cyberattack alert urges U.S. water systems to upgrade security immediately
Cyberattacks against water utilities across the country are becoming more frequent and more severe, the Environmental Protection Agency warned Monday as it issued an enforcement alert urging water systems to take immediate actions to protect the nation’s drinking...
SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure
The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered...
Here are all of the just-announced Copilot+ PCs with Snapdragon X Chips
Here are all of the just-announced Copilot+ PCs with Snapdragon X Chips Go to Source We knew more computers were coming that would feature a native version of Microsoft’s AI Copilot toolset, but we didn’t quite know how many were set...
Brands from Burger King to Coke to Lockheed Martin are leaning in on scholarships to capture Gen Z
Brands from Burger King to Coke to Lockheed Martin are leaning in on scholarships to capture Gen Z Go to Source You may not have given it much thought, but the next time you buy an Impossible Whopper meal, you may be helping a local...
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal
Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting...
Antivirus Policy
Antivirus software is critical to ensure information security of organizational networks and resources. By establishing an antivirus policy, organizations can quickly identify and address malware and virus threats, as well as detect and appropriately respond to...
Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware
A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like...
Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns
Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection...
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide Go to Source The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law...
This Week in Security: The Time Kernel.org Was Backdoored and Other Stories
Researchers at Eset have published a huge report on the Ebury malware/botnet (pdf), and one of the high profile targets of this campaign was part of the kernel.org infrastructure. So on one hand, this isn’t new news, as the initial infection happened back in 2011, and...
Getting Started With Linux: Your Gateway to the Open-Source Realm
The current situation of the OS realm Being spied on is the worst thing that can happen to someone on the internet. Conglomerates like Microsoft and Apple do provide a polished operating system but that’s closed-source. So nobody knows what lies behind the curtains...
Are all Linux vendor kernels insecure? A new study says yes, but there’s a fix
All vendor kernels are plagued with security vulnerabilities, according to a CIQ whitepaper. Will the Linux community ever accept upstream stable kernels?
Microsoft PC Manager app bizarrely suggests Bing as a Windows fix-all
Microsoft PC Manager app bizarrely suggests Bing as a Windows fix-all Go to Source Bug or feature? Users looking for Windows repair tips via the Microsoft PC Manager app may be recommended to switch Edge's default search engine back...
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign
The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. "The threat actor created a Facebook account with a fake identity...
Android 15 Brings Improved Fraud and Malware Protections
Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings. The post Android 15 Brings Improved Fraud and Malware Protections appeared first on SecurityWeek.
CSI Linux: Linux Distribution for Cyber and OSINT Investigation
CSI Linux: Linux Distribution for Cyber and OSINT Investigation Intro In today's world, where cybercrimes are becoming increasingly widespread, it is important to have access to effective tools for investigation and counteraction against these threats. One such tool...
Google unveils new Android 15 security updates: What you need to know
Google's helping you fight scammers and snoops.
Google takes aim at Android malware with an AI-powered live threat detection service
Google is preparing to launch a new system to help address the problem of malware on Android. Its new live threat detection service leverages Google Play Protect’s on-device AI to analyze apps for malicious behavior. The service, announced following the Google I/O...
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their...
Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities
Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities. The post Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities appeared first on SecurityWeek.
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most...
The new, redesigned WhatsApp is what Android users always wanted
I’ve tried virtually every major messenger app over the years, but my favorite has always been Apple’s Messages. No, I’m not a blue bubble snob. I’ll happily use different messaging apps with different friends. But I’ve always preferred Apple’s Messages because of its...
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days Go to Source Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two...
URLhaus: A database of malicious URLs used for malware distribution
Article URL: https://urlhaus.abuse.ch/ Comments URL: https://news.ycombinator.com/item?id=40362449 Points: 7 # Comments: 0
Microsoft fixes a bug abused in QakBot attacks plus a second under exploit
Microsoft fixes a bug abused in QakBot attacks plus a second under exploit Go to Source Plus: Google Chrome, Apple bugs also exploited in the wild Happy May Patch Tuesday. We've got a lot of vendors joining this month's patchapalooza,...