Security News

Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts

2023-12-19 13:30

Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware...

#github #hacker

OpenAI Is Not Training on Your Dropbox Documents—Today

2023-12-19 12:09

There's a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Dropbox isn't sharing all of your documents with OpenAI. But here's the problem: we don't trust OpenAI. We don't trust tech corporations.

#dropbox #openai #training

Are We Ready to Give Up on Security Awareness Training?

2023-12-19 11:53

Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the...

#awareness #security #securityawareness #training

Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa

2023-12-19 11:41

The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt,...

#attack #espionage #hacker #iranian #telecom

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

2023-12-19 11:02

The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed...

#malvertising

Mr. Cooper breach exposes sensitive info of over 14 million customers

2023-12-19 10:33

Mortgage company Mr. Cooper has confirmed that personal information of over 14.6 million customers has been exposed in its October 2023 data breach. "On October 31, 2023, Mr. Cooper detected suspicious activity in certain network systems," the company stated in the data breach notice sent out to affected customers.

#breach

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

2023-12-19 10:11

Security researchers have discovered a vulnerability in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection's security by truncating the extension negotiation message. Terrapin is a prefix truncation attack targeting the SSH protocol.

#attack #SSH #vulnerability #CVE-2023-48795

Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months

2023-12-19 09:26

Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet. Microsoft Threat Intelligence reckons a new Qakbot phishing campaign is active as of December 11 but attack attempts are currently low in volume.

#FBI #takedown

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

2023-12-19 06:58

The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming...

#malware #oracle #server #vulnerability #weblogic #CVE-2020-14883

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

2023-12-19 05:42

The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the...

#ransomware

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News