Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials https://firewall.firm.in/wp-content/uploads/2024/10/roundcube.png Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an ...

U’khand cyber attack: Initial probe points to breach at B’luru backup centre – ET CISO https://etimg.etb2bimg.com/thumb/msid-114367216,imgsize-7858,width-1200,height=765,overlay-etciso/data-breaches/ukhand-cyber-attack-initial-probe-points-to-breach-at-bluru-backup-centre.jpg As the probe into the recent ransomware attack that forced the shutdown of 192 govt websites in the state continues, preliminary findings suggest the attackers first breached security at the disaster recovery (DR) centre in Bengaluru. The DR centre is managed by a private ...

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks https://firewall.firm.in/wp-content/uploads/2024/10/russia.png Oct 19, 2024Ravie LakshmananNetwork Security / Data Breach A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. “The group under ...

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign https://firewall.firm.in/wp-content/uploads/2024/10/cyberattack.png Oct 18, 2024Ravie LakshmananCyber Intelligence / Critical Infrastructure Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. “Since October 2023, Iranian actors have used brute force ...

The Ultimate DSPM Guide: Webinar on Building a Strong Data Security Posture https://firewall.firm.in/wp-content/uploads/2024/10/data-security.png Oct 18, 2024The Hacker NewsWebinar / Data Protection Picture your company’s data as a vast, complex jigsaw puzzle—scattered across clouds, devices, and networks. Some pieces are hidden, some misplaced, and others might even be missing entirely. Keeping your data secure in today’s fast-evolving landscape can feel like ...

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data https://firewall.firm.in/wp-content/uploads/2024/10/server.png Oct 18, 2024Ravie LakshmananInsider Threat / Cyber Espionage North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new ...

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant https://firewall.firm.in/wp-content/uploads/2024/10/attack.png Oct 17, 2024Ravie LakshmananThreat Intelligence / Malware The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant ...

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk https://firewall.firm.in/wp-content/uploads/2024/10/flaws.png Oct 17, 2024Ravie LakshmananVulnerability / Kubernetes A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project ...

Legal services firm asks govt to probe Star Health data breach – ET CISO https://etimg.etb2bimg.com/thumb/msid-114237756,imgsize-9320,width-1200,height=765,overlay-etciso/data-breaches/legal-services-firm-asks-govt-to-probe-star-health-data-breach.jpg Software Freedom Law Centre India (SFLCI), a Delhi-based legal services organisation, on Monday wrote to the national cyber agency Indian Computer Emergency Response Team (CERT-In) to initiate a probe into the data breach by Star Health and Allied Insurance, one of the largest health insurers ...

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity https://firewall.firm.in/wp-content/uploads/2024/10/hacker.png Oct 16, 2024Ravie LakshmananEndpoint Security / Malware Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected “threat actors attempting to integrate EDRSilencer in their attacks, repurposing ...