Cybersecurity
- thehackernews.com Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China
🚨 Beware, Android users! Two file management apps on Google Play Store revealed as spyware, sending users' data to servers in China.
- thehackernews.com Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing
This multi-step vishing attack combines hi-tech malware, voice traffic routing, and social engineering to deceive victims into micro-loans.
- thehackernews.com Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
🔒 Yet another critical SQL injection vulnerability (CVE-2023-36934) uncovered in popular MOVEit Transfer—the same software that was exploited.
- thehackernews.com Mastodon Social Network Patches Critical Flaws Allowing Server Takeover
Mastodon, the decentralized social network, releases critical security update. Update your instance ASAP to prevent potential DoS and RCE attacks.
- thehackernews.com Close Security Gaps with Continuous Threat Exposure Management
Protect your organization from evolving cyber threats! Implement a Continuous Threat Exposure Management (CTEM) program that offers precision, speed,
- thehackernews.com BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days
Microsoft uncovers the ruthless efficiency of ransomware attacks. In just 5 days, hackers complete the entire attack process, breaching systems.
- thehackernews.com Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
New variants of TrueBot malware targeting U.S. and Canadian organizations, exploiting a critical vulnerability in Netwrix Auditor.
- thehackernews.com JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident
JumpCloud reacts to a cybersecurity incident, resets API keys for affected clients.
- thehackernews.com Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
Google's latest Android security updates are here! Patching 46 vulnerabilities, including 3 actively exploited flaws.
- thehackernews.com Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users
Iranian nation-state actor TA453 continues to evolve its tactics, deploying novel infection chains and malware to infiltrate both Windows and macOS.
- thehackernews.com Silentbob Campaign: Cloud-Native Environments Under Attack
A potentially massive cyber attack campaign is targeting cloud-native environments.
- thehackernews.com How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance
Is your organization eligible for cyber insurance? Discover the crucial role of regular penetration testing in assessing your cyber security risk prof
- thehackernews.com Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability
New Linux Kernel Vulnerability Uncovered. StackRot (CVE-2023-3269) opens doors to unauthorized elevated privileges.
- thehackernews.com Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics
Learn how the DDoS attack landscape has changed in Q1-Q2 of 2023.
- thehackernews.com INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cybercrime
Suspected leader of OPERA1ER hacking crew, responsible for $11 Million+ in theft, has been arrested in an international operation.
- thehackernews.com RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors
RedEnergy, a sophisticated stealer-as-a-ransomware threat, is targeting energy utilities, oil, gas, telecom, and machinery sectors.
- thehackernews.com Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone
Learn how leaked secrets can lead to devastating breaches and tarnish an organization's reputation.
- thehackernews.com Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware
Developers, beware! npm packages are vulnerable to manifest confusion. This could serve as a backdoor for malicious code, hiding in your project
- thehackernews.com Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns
Meta's Instagram Threads, poised as the next Twitter rival, hits a roadblock in Europe over privacy concerns.
- thehackernews.com Swedish Data Protection Authority Warns Companies Against Google Analytics Use
Swedish watchdog warns against using Google Analytics over Data Protection risks linked to U.S. surveillance.
- thehackernews.com DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
DDoSia attack tool gets an upgrade! Now conceals target lists with new encryption methods.
- thehackernews.com Mexico-Based Hacker Targets Global Banks with Android Malware
Neo_Net, a Mexican e-crime actor, is behind an Android malware campaign that's stolen €350,000+ and compromised PII data.
- thehackernews.com Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw
Over 330,000 FortiGate firewalls are still vulnerable to the critical CVE-2023-27997 RCE exploit.
- thehackernews.com Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
Chinese cyber group targets European ministries with sophisticated HTML smuggling techniques to deploy the PlugX trojan.
- thehackernews.com CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices
CISA flags eight critical vulnerabilities currently exploited in the wild - six affecting Samsung phones and two in D-Link devices.
- thehackernews.com Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam
In the digital warfare against website spam, automation is your ally. Discover CleanTalk Anti-Spam solution for WordPress - a tool designed for precis
- thehackernews.com Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
Your crypto wallet, your secrets, even your games – NOTHING is safe from Meduza Stealer. Discover how this crimeware stays ahead of the game.
- thehackernews.com BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
BlackCat ransomware now spreading via malvertising! Watch out for rogue installers disguised as legitimate apps like WinSCP.
-
Early thoughts on bots
cross-posted from: https://lemmy.world/post/937288
> Scrolling through New I've been seeing an influx of posts from bots. > I see what you're doing. You're seeding your communities with content to attract engagement and help grow communities. > > At face value, I think that's great! Let's build these communities as big as possible! > But as someone who is on the receiving end of this seeding, it's having the opposite effect and makes the Lemmy experience unappealing. I don't want to see back-to-back-to-back-(repeating) posts to one community while browsing for new content. > > Maybe set limits on how frequently your bots post to individual communities? E.x. 1 post/5 mins/community. > > What do y'all think? Am I the only one that feels this way? > > Cross posting to offending communities for visibility.
- threatpost.com Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
-
iPhone Users Urged to Update to Patch 2 Zero-Days
threatpost.com iPhone Users Urged to Update to Patch 2 Zero-Days Under AttackSeparate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- threatpost.com Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
- threatpost.com Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
- threatpost.com Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
- threatpost.com Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- threatpost.com Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- threatpost.com Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- threatpost.com Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.