Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks.
The post Iranian Hackers Targeting Iraqi Government: Security Firm appeared first on SecurityWeek.
PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens
Noise generated by the pixels on a screen can be leveraged to exfiltrate data from air-gapped computers in what is called a PIXHELL attack.
The post PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens appeared first on SecurityWeek.
Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks
A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks.
The post Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks appeared first on SecurityWeek.
Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa
Google TAG publishes evidence showing identical or striking similarities between exploits used by Russia’s APT29 and commercial spyware vendors.
The post Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa appeared first on SecurityWeek.
Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE
The Iran-linked state-sponsored hacker group tracked as Peach Sandstorm has started using a new backdoor in attacks aimed at the US and UAE.
The post Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE appeared first on SecurityWeek.
Malware Delivered via Malicious Pidgin Plugin, Signal Fork
Threat actors delivered malware via instant messaging applications, including a malicious Pidgin plugin and an unofficial Signal fork.
The post Malware Delivered via Malicious Pidgin Plugin, Signal Fork appeared first on SecurityWeek.
In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI
Noteworthy stories that might have slipped under the radar: FAA improving cyber rules for airplanes, NGate Android malware used to steal cash from ATMs, abusing Slack AI to steal data.
The post In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI appeared first on SecurityWeek.
Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware
More than two years after the Log4j crisis, organizations are still being hit by crypto-currency miners and backdoor scripts.
The post Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware appeared first on SecurityWeek.
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign
Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables.
The post Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign appeared first on SecurityWeek.
In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack
Noteworthy stories that might have slipped under the radar: there are 400 CVE Numbering Authorities, crash reports can be a valuable source of information, and Schlatter was hit by a cyberattack.
The post In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack appeared first on SecurityWeek.