Cybersecurity News

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Fri, 06 Dec 2024 16:58:00 +0530
The Hacker News

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first

Conquering the Complexities of Modern BCDR

Fri, 06 Dec 2024 16:30:00 +0530
The Hacker News

The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex IT ecosystems.

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

Fri, 06 Dec 2024 13:52:00 +0530
The Hacker News

The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

Fri, 06 Dec 2024 12:33:00 +0530
The Hacker News

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.

This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

Thu, 05 Dec 2024 21:28:00 +0530
The Hacker News

As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Thu, 05 Dec 2024 20:26:00 +0530
The Hacker News

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input

Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

Thu, 05 Dec 2024 20:25:00 +0530
The Hacker News

Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Thu, 05 Dec 2024 18:16:00 +0530
The Hacker News

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management