WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites https://firewall.firm.in/wp-content/uploads/2024/02/wordpress.jpg Feb 20, 2024NewsroomWebsite Security / PHP Code A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. ...

Lockbit cybercrime gang disrupted by Britain, US and EU – ET CISO https://etimg.etb2bimg.com/thumb/msid-107840606,imgsize-18920,width-1200,height=765,overlay-etciso/cybercrime-fraud/lockbit-cybercrime-gang-disrupted-by-britain-us-and-eu.jpg Lockbit, a notorious cybercrime gang that holds its victims’ data to ransom, has been disrupted in a rare international law enforcement operation, the gang and U.S. and UK authorities said on Monday. The operation was run by Britain’s National Crime Agency, the U.S. Federal Bureau of Investigation, ...

India’s Motilal Oswal says operations unaffected by cyber incident, ET CISO India’s Motilal Oswal Financial Services said on Monday its operations were unaffected following a cyber incident last week. The company said it had detected malicious activity on the computers of some employees and remedied the issue within an hour. The financial services company did not provide details of the ...

5 cyber security trends that we may see in 2024 – ET CISO https://etimg.etb2bimg.com/thumb/msid-107101815,imgsize-95704,width-1200,height=765,overlay-etciso/cybercrime-fraud/5-cyber-security-trends-that-we-may-see-in-2024.jpg About a dozen reports broadly suggested that hacking incidents increased in 2023 and the year saw some major data breaches as well as ransomware attacks that impacted businesses globally. Now a report by Palo Alto Networks announced its cybersecurity predictions for 2024, and said that companies ...

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack Feb 09, 2024 Newsroom Endpoint Security / Cryptocurrency Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. “This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to ...

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security ...

MoqHao Android Malware Evolves with Auto-Execution Capability Feb 09, 2024 Newsroom Mobile Security / Cyber Threat Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. “Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no ...

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits Feb 09, 2024 Newsroom Malware / Dark Web The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that “Raspberry Robin has access to an ...

Alert: New Stealthy Feb 10, 2024 Newsroom mac OS Malware / Cyber Threat Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, codenamed RustDoor by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures. The exact ...

Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways Feb 09, 2024 Newsroom Vulnerability / Zero Day Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the ...