Security News

UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs
2024-06-20 17:46

A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. A new report by Mandiant unveils UNC3886's use of the mentioned rootkits on virtual machines for long-term persistence and evasion, as well as custom malware tools such as 'Mopsled' and 'Riflespine,' which leveraged GitHub and Google Drive for command and control.

Crypto exchange Kraken accuses blockchain security outfit CertiK of extortion
2024-06-20 17:35

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

SolarWinds Serv-U path-traversal flaw actively exploited in attacks
2024-06-20 15:45

Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept exploits. The vulnerability arises from insufficient validation of path traversal sequences, enabling attackers to bypass security checks and access sensitive files.

CDK Global hacked again while recovering from first cyberattack
2024-06-20 15:32

Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack. CDK Global is a software-as-a-service platform that provides a full suite of applications to handle a car dealership's operation, including sales, back office, financing, inventory, and service and support.

Crown Equipment cyberattack confirmed, manufacturing disrupted for weeks
2024-06-20 14:32

Ohio-based Crown Equipment, which is among the largest industrial and forklift truck manufacturers in the world, has become a victim of a cyberattack "By an international cybercriminal organization," the company has finally confirmed to its employees on Tuesday. The confirmation came nine days after the company's network went down and eight days after its manufacturing plants came to a standstill, as reported as reported by German security blogger Günter Born.

Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
2024-06-20 14:22

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors....

French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks
2024-06-20 14:00

State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country's information security agency ANSSI said in an advisory. The...

Russia's cyber spies still threatening French national security, democracy
2024-06-20 12:27

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Bitdefender vs Kaspersky (2024): Which Solution Is Better?
2024-06-20 12:00

Two powerful endpoint detection and response tools being deployed around the world are Kaspersky Endpoint Security for Business and Bitdefender GravityZone Business Security. Below, we'll take a look at what Kaspersky and Bitdefender have in common and where each product pulls ahead of the other.

Recovering Public Keys from Signatures
2024-06-20 11:10

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.