“SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators,” security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.
An Iranian state-sponsored hacking group successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, including the US Treasury and State Department, as part of a five-year cyber espionage campaign.
The vulnerabilities could be exploited to “completely reveal the contents of users’ keystrokes in transit,” researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.
According to a new report by Mandiant, which is based on Mandiant Consulting investigations during 2023, the global median dwell time for attackers fell to its lowest point since the company began tracking the metric in 2011.
An unidentified attacker hacked a Czech news service’s website and published a fake story on Tuesday claiming that an assassination attempt had been made against the newly elected Slovak president Petr Pellegrini.
One in five UK companies has experienced sensitive corporate data exposure due to employees’ use of generative AI (GenAI), according to a report by cybersecurity services provider RiverSafe.
The US State Department is imposing visa restrictions on 13 people involved in the development and sale of commercial spyware, as well as their spouses and children. The State Department can deny these people entrance to the United States.
The website Spy.pet has been involved in a major privacy breach, selling billions of private messages from Discord users. This breach exposes personal information, private photos, financial details, and potentially company secrets.
In a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report.
A notorious Russian APT group has been stealing credentials for years by exploiting a Windows Print Spooler bug and using a novel post-compromise tool known as “GooseEgg,” Microsoft has revealed.