A hidden backdoor function embedded in the firmware of the Contec CMS8000 patient monitor has been identified by the US Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, which includes a hard-coded IP address and the potential for unauthorized access to patient data, exists in all analyzed versions of the device’s firmware. The Contec CMS8000
Feb 03, 2025Ravie LakshmananVulnerability / Network Security As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as “another banner year for threat actors targeting the exploitation of vulnerabilities,” VulnCheck said 23.6% of known
R1, the latest large language model (LLM) from Chinese startup DeepSeek, is under fire for multiple security weaknesses. The company’s spotlight on the performance of its reasoning LLM has also brought scrutiny. A handful of security research reports released in late January have highlighted flaws in the model. Additionally, the LLM critically underperforms in a
Feb 01, 2025Ravie LakshmananVulnerability / Zero-Day BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company’s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to
Tata Technologies Limited, a subsidiary of the Indian conglomerate Tata Group, has been the victim of a ransomware attack affecting some of its IT assets. The publicly traded company informed the Bombay Stock Exchange (BSE) of the attack in a January 31 letter. The tech giant temporarily suspended some IT services as a precaution, but
Feb 01, 2025Ravie LakshmananCybercrime / Fraud Prevention U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The
Threat actors are increasing their focus on exploiting public-facing applications to achieve initial access, according to Cisco Talos’ Incident Response Trends in Q4 2024 report. The exploitation of public-facing applications was the most common method of gaining initial access in Q4 2024, making up 40% of incidents. The researchers said this marked a “notable shift”
Jan 31, 2025Ravie LakshmananVulnerability / Healthcare The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale
Google Play has blocked 2.36 million policy-violating apps from being published and banned 158,000 developer accounts associated with harmful activities in 2024. More than 92% of Google’s human reviews for harmful apps are now AI-assisted, the tech giant said in a new report released on Wednesday. This allows faster and more accurate detection, helping prevent malicious apps from reaching
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. “Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities,” Google Threat
AI-driven API vulnerabilities have skyrocketed by 1205% in the past year. The figures come from the 2025 API ThreatStats Report by Wallarm, which highlights how AI has become the biggest driver of API security threats, with nearly 99% of AI-related vulnerabilities tied to API flaws. The study also found that 57% of AI-powered APIs were accessible externally,
Jan 29, 2025Ravie LakshmananThreat Intelligence / Malware The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. “Each C2 server hosted a web-based administrative platform, built with a
US energy contractor ENGlobal has revealed that sensitive personal data was stolen after it was hit by a cyber-attack in November 2024. In an updated filing to the Securities and Exchange Commission (SEC) dated January 27, 2025, the engineering firm said the threat actor gained access to a portion of its IT system that contained
Jan 28, 2025Ravie LakshmananPhishing Attack / Network Security A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and
A new report has revealed a surge in the use of so-called “hidden text salting” techniques to evade email security measures in the latter half of 2024. This method, also known as “poisoning,” allows cybercriminals to bypass spam filters, confuse email parsers and evade detection engines by embedding invisible elements in the HTML source code
Jan 27, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user’s Git credentials. “Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper,” GMO
The FBI has warned that North Korean IT worker schemes are stealing data to extort their victims as part of efforts to generate revenue for the Democratic People’s Republic of Korea (DPRK). The US intelligence agency confirmed it has observed North Korean IT workers engaging in this tactic over recent months. This involves exfiltrating stolen
A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the
A new report by Recorded Future has revealed new elements about the sophisticated techniques by which a well-known Russian crypto scamming group operates. The group, Crazy Evil, is a collective of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages – commonly called a ‘traffer team.’ Since 2021, the group has been
The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this dependence on SaaS solutions
Amazon’s cloud branch, Amazon Web Services (AWS), is launching a £5m ($6.2m) grant to help strengthen the cybersecurity capabilities of educational institutions across the UK. According to a January 24 announcement, the AWS UK Cyber Education Grant Program aims to enhance security capabilities in UK educational institutions, advance ransomware protection, upskill the IT workforce in
Jan 24, 2025Ravie LakshmananTelecom Security / Vulnerability A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span
Threat actors have been actively exploiting chained vulnerabilities in Ivanti Cloud Service Appliances (CSA), significantly amplifying the impact of their cyber-attacks. The vulnerabilities—CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380—were leveraged in September 2024 to breach systems, execute remote code (RCE), steal credentials and deploy webshells on victim networks. Exploiting Chained Vulnerabilities According to a joint advisory from
Jan 23, 2025Ravie LakshmananFirmware Security / Vulnerability An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices’ firmware as well as misconfigured security features. “These weren’t obscure, corner-case vulnerabilities,” security vendor Eclypsium said in a report shared with The Hacker News. “Instead these
A cyber espionage operation targeting South Korean VPN software was conducted in 2023 by a previously undocumented advanced persistent threat (APT) group, PlushDaemon. According to new research by ESET, the attack involved the compromise of legitimate VPN installer files, embedding a malicious backdoor called SlowStepper alongside the original software. ESET reported that the malware-infected installer
Jan 22, 2025Ravie LakshmananCybersecurity / National Security The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS). “In alignment with the Department of Homeland Security’s (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing
A significant botnet campaign leveraging a new variant of the infamous Mirai malware, dubbed Murdoc_Botnet, has been observed targeting AVTECH cameras and Huawei HG532 routers, exploiting known vulnerabilities to infect devices and establish a vast network for malicious activities. Identified by researchers at Qualys, the Murdoc_Botnet campaign uses exploits such as CVE-2024-7029 and CVE-2017-17215 to
Jan 21, 2025Ravie LakshmananBotnet / Vulnerability Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc_Botnet. The ongoing activity “demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks,” Qualys
Hewlett Packard Enterprise (HPE) has launched an investigation into claims by prominent hacker, IntelBroker, who alleges to have stolen sensitive data from the tech giant. The hacker announced on January 16 on BreachForums that they are selling files purportedly taken from HPE systems. The data allegedly includes source code for products like Zerto and iLO, private
Jan 20, 2025Ravie LakshmananNetwork Security / Vulnerability New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. “Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 123
- Next Page »