Security News > 2024 > February

The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security...

The Bumblebee malware loader seemingly vanished from the internet last October, but it's back and - oddly - relying on a vintage vector to try and gain access. First spotted in 2022 by researchers at Proofpoint - who identified it as an apparent replacement for BazarLoader - Bumblebee was originally used by high-profile ransomware groups including Russia-linked Conti.

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities in various versions of the operating systems embedded in the firmware of their popular network-attached storage devices. "Prior to the publication of CVE-2023-47565, Unit 42 researchers initially suspected the ATP-observed vulnerability to affect QNAP NAS systems running QTS firmware. However, on November 17, 2023, Unit 42 conducted reverse engineering and additional investigation of QTS firmware images and discovered the vulnerability now known as CVE-2023-50358. The two vulnerabilities are somewhat similar, but affect different software components in different classes of devices."

Get an iProVPN: Lifetime Subscription on sale for just $29.97 through February 19th for our Presidents' Day sale. That's why it's a good idea to use a tool like iProVPN. This highly rated service applies strong encryption to all your online traffic to maintain security.

Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. In a phishing campaign recently discovered by Malwarebytes researchers, attackers targeted potential victims via email or SMS, personalized to match their roles within the organization.

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting...

Missing vital information and growing complacency are not the only problems alert fatigue can cause. Alert fatigue doesn't just make people complacent and bury important information in noise, it also creates stress.

To some extent, cybersecurity fatigue and complacency have left gaps where threat actors have exploited old vulnerabilities, including gaps in logging and patching, to get a stalwart beachhead into the network. These threat actors can also pose a significant threat to geopolitical stability worldwide.

Fabric is an open-source framework, created to enable users to granularly apply AI to everyday challenges. "I created it to enable humans to easily augment themselves with AI. I believe it's currently too difficult for people to use AI. I think there are too many tools, too many websites, and too few practical use cases that combine a problem with a solution. Fabric is a way of addressing those problems," Daniel Miessler, the creator of Fabric, told Help Net Security.

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active...