Ivanti warns of active exploitation of three new CSA vulnerabilities, enabling hackers to bypass security measures.
Category: cybercrime/malcode – Page 32
Gamers searching for game cheats are falling victim to a global malware campaign delivering RedLine Stealer.
GoldenJackal cyber threat targets air-gapped systems in embassies and governments, using USB-based malware.
New Gorilla botnet launches over 300,000 DDoS attacks globally, exploiting IoT devices and Apache Hadoop flaws.
Organizations are losing between $94 — $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the escalating risks they pose to businesses worldwide.
Drawing on a comprehensive study conducted by the Marsh McLennan Cyber Risk Intelligence Center, the report analyzes over 161,000 unique cybersecurity incidents. The findings demonstrate a concerning trend: the threats posed by vulnerable or insecure APIs and automated abuse by bots are increasingly interconnected and prevalent. Imperva warns that failing to address security risks associated with these threats could lead to substantial financial and reputational damage.
INTERPOL arrests 8 cybercriminals in West Africa linked to phishing scams and romance fraud, defrauding victims globally.
Europol and allies dismantle LockBit ransomware’s infrastructure, arresting key figures and sending a strong message to cybercriminals.
“When a new user logs into the server, it immediately stops all ‘noisy’ activities, lying dormant until the server is idle again. After execution, it deletes its binary and continues to run quietly in the background as a service.”
It’s worth noting that some aspects of the campaign were disclosed last month by Cado Security, which detailed an activity cluster that targets internet-exposed Selenium Grid instances with both cryptocurrency mining and proxyjacking software.
Specifically, the fileless perfctl malware has been found to exploit a security flaw in Polkit (CVE-2021–4043, aka PwnKit) to escalate privileges to root and drop a miner called perfcc.
Cloudflare mitigates a record-breaking 3.8 Tbps DDoS attack, marking a surge in global cyber threats.
A pair of Harvard students successfully rigged Meta-formerly-Facebook and Ray Ban’s smart glasses with facial recognition software.