Security News > 2024

Appliances giant Haier issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. Haier is a multinational home appliances and consumer electronics corporation selling a wide range of products under the brands General Electric Appliances, Hotpoint, Hoover, Fisher & Paykel, and Candy.

Ransomware attacks are being linked to a litany of psychological and physical illnesses reported by infosec professionals, and in some cases blamed for hospitalizations. The industry is as renowned for causing high stress levels as it is for high salaries, and episodes of burnout are so common that infoseccers say the mental and physical toll of dealing with ransomware attacks isn't sufficiently recognized or appreciated.

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a...

The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison. "The defendant's administration of BreachForums played an instrumental role in bringing together more than 300,000 members to solicit, distribute, and access thousands of breached databases containing the stolen data of hundreds of companies, organizations, and governmental organizations of varying size and the PII of millions of U.S. persons," reads the sentencing proposal.

Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed - but not before criminals found and exploited them, according to the vendor. The flaws only affected customer-managed NetScaler ADC and NetScaler Gateway, so customers using Netscaler-managed services don't have to worry about any of this.

Leaked credentials from traditional sources are still a prominent and substantial risk to organizations. We monitor more than 14 billion leaked credentials found from dumps across the dark web.

Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. Spurred by a recent tweet in which the poster shared that their accidentally exposted PostgreSQL server was "Immediately" compromised and wiped, Border0 researchers wanted to see whether and how quickly a simple PostgreSQL server - accessible from anywhere on the Internet by using the postgres username and the password password - would be targeted by the same bot once they exposed it online.

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust...

Russian cyberspies linked to the Kremlin's Federal Security Service are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November 2022, according to Google's Threat Analysis Group. "TAG has observed SPICA being used as early as September 2023, but believe that COLDRIVER's use of the backdoor goes back to at least November 2022," the Chocolate Factory's threat hunting team said in an analysis published today.

Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. "COLDRIVER presents these documents as a new op-ed or other type of article that the impersonation account is looking to publish, asking for feedback from the target. When the user opens the benign PDF, the text appears encrypted," Google TAG said.