attacks – Page 9 – OWASP Jakarta

Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks

Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends. Read more

By adminowasp, 1 year ago

News

From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks

From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. “Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware Read more

By adminowasp, 1 year ago

News

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident “began with the exploitation Read more

By adminowasp, 1 year ago

News

Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks

Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a Read more

By adminowasp, 1 year ago

News

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting Read more

By adminowasp, 1 year ago

News

New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities

New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that’s believed to have Read more

By adminowasp, 1 year ago

News

Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries

Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos Read more

By adminowasp, 1 year ago

News

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can Read more

By adminowasp, 1 year ago

News

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly Read more

By adminowasp, 1 year ago

News

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. “It’s possible to send malicious pull requests with attacker-controlled data Read more

By adminowasp, 1 year ago