Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails https://firewall.firm.in/wp-content/uploads/2024/11/attack.png Nov 14, 2024Ravie LakshmananMalware / Vulnerability A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM ...

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims https://firewall.firm.in/wp-content/uploads/2024/11/ransomware.png Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker’s inner workings, allowing the researchers to discover a “specific window of opportunity for data recovery immediately after the removal of protectors ...

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel https://firewall.firm.in/wp-content/uploads/2024/11/cyberattacks.png Nov 13, 2024Ravie LakshmananThreat Intelligence / Cyber Espionage A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi ...

Comprehensive Guide to Building a Strong Browser Security Program https://firewall.firm.in/wp-content/uploads/2024/11/browser.png Nov 13, 2024The Hacker NewsBrowser Security / SaaS Security The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, ...

Amazon confirms employee data hacked in the biggest cyberattack of 2023 – ET CISO https://etimg.etb2bimg.com/thumb/msid-115209365,imgsize-39952,width-1200,height=765,overlay-etciso/data-breaches/amazon-confirms-employee-data-hacked-in-the-biggest-cyberattack-of-2023.jpg Amazon has acknowledged a hacking incident involving a third-party vendor that compromised employee data. The breach exposed work email addresses, phone numbers, and building locations of affected employees. While Amazon’s core systems remain secure, the company emphasized that the incident occurred at a vendor responsible ...

Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns https://firewall.firm.in/wp-content/uploads/2024/11/palo.png Nov 09, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote ...

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus https://firewall.firm.in/wp-content/uploads/2024/11/windows-malware.png Nov 08, 2024Ravie LakshmananMalware / Virtualization Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The “intriguing” campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut ...

Big crackdown on unauthorised use of PAN card details! Here’s what the government is doing – ET CISO https://etimg.etb2bimg.com/thumb/msid-115004174,imgsize-64924,width-1200,height=765,overlay-etciso/data-breaches/big-crackdown-on-unauthorised-use-of-pan-card-details-heres-what-the-government-is-doing.jpg Big crackdown on PAN details unauthorised use! The Indian Cybercrime Coordination Centre (I4C), operating under the Union home ministry, has directed the cessation of unauthorized usage of Indian citizens’ Permanent Account Numbers (PAN) by financial technology companies and other consumer tech ...

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions https://firewall.firm.in/wp-content/uploads/2024/11/fbi.png The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. “An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of ...

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups https://firewall.firm.in/wp-content/uploads/2024/11/wing.png Nov 01, 2024The Hacker NewsSaaS Security / Insider Threat With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many ...