Microsoft has detected Storm-0501 using Cobalt Strike for lateral movement across networks and deploying Embargo ransomware on victim organizations in hybrid cloud setups.
Two critical vulnerabilities, CVE-2024-6592 and CVE-2024-6593, have been found in WatchGuard’s Authentication Gateway and Single Sign-On Client software by cybersecurity firm RedTeam Pentesting GmbH.
KLogEXE is a C++ keylogger while FPSpy is a backdoor designed to collect system information and exfiltrate data from compromised devices. Both malware strains are primarily being distributed through spear-phishing emails.
A critical security flaw, CVE-2024-43917, with a CVSS score of 9. 3, has been found in the popular WordPress plugin TI WooCommerce Wishlist, putting over 100,000 sites at risk of SQL injection attacks.
A new HTML smuggling campaign is targeting Russian-speaking users, distributing DCRat malware. This marks the first time the malware has been deployed using this method, unlike common delivery methods like compromised sites or phishing emails.
The malicious app, called WalletConnect, amassed over 10,000 downloads and stole around $70,000 in cryptocurrency from Android users before being removed from the Google Play Store.
NIST is seeking public feedback on the draft guidelines, which can be submitted via email until October 7. The goal is to promote sensible password practices that enhance security without burdening users or compromising their online identity.
A watering hole attack targeted Kurdish websites, distributing malicious APKs and spyware, compromising 25 sites for over a year. French cybersecurity firm Sekoia uncovered the campaign called SilentSelfie, delivering various info-stealers.
HPE has released patches for three critical security vulnerabilities in Aruba’s networking access points, which could allow attackers to run code on the systems by sending specially crafted packets to UDP port 8211.
The Brazilian-targeted threat BBTok has a complex infection chain that starts with an email containing an ISO image. The malware compiles C# code directly on the infected machine and uses the AppDomain Manager Injection technique.