Security News

Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
2024-11-11 10:11

Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulnerabilities discovered both on...

New SteelFox malware hijacks Windows PCs using vulnerable driver
2024-11-06 17:53

A new malicious package called 'SteelFox' mines for cryptocurrency and steals credit card data by using the "bring your own vulnerable driver" technique to get SYSTEM privileges on Windows machines. [...]

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls
2024-11-04 06:13

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with...

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
2024-10-30 13:00

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer....

DNS hijacks target crypto platforms registered with Squarespace
2024-07-12 18:28

A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet...

New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials
2024-05-02 05:04

A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from...

China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale
2024-04-29 13:46

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and...

Vast botnet hijacks smart TVs for prime-time cybercrime
2024-01-18 10:15

Security researchers have pinned a DDoS botnet that's infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi. "The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability," said researchers at Chinese security biz Qianxin.

Hacker hijacks Orange Spain RIPE account to cause BGP havoc
2024-01-03 19:44

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. "Resource Public Key Infrastructure is a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number," explains a Cloudflare article on RPKI. By enabling RPKI with a routing body such as ARIN or RIPE, a network can cryptographically certify that only routers under their control can advertise an AS number and their associated IP addresses.

Stealthy KV-botnet hijacks SOHO routers and VPN devices
2023-12-13 22:47

The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and VPN devices to proxy malicious traffic so it blends with legitimate traffic to remain undetected.