abused
-
Silent Push Threat Analysts have revealed a widespread malvertising campaign exploiting Google Ads to target graphic design professionals. This ongoing operation, active since November, utilizes domains hosted on dedicated IP addresses to deliver malicious downloads disguised as legitimate tools for CAD and graphic design software.
-
In an attack campaign dubbed “Operation Digital Eye,” a suspected China-nexus threat actor has been observed targeting business-to-business IT service providers in Southern Europe.
-
Cloudflare developer domains are actively abused by the threat actors for several illicit malicious purposes, as reported by the security analysts at FORTRA.
-
Cloudflare’s ‘pages.dev’ and ‘workers.dev’ domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.
-
Malware campaign abused flawed Avast Anti-Rootkit driver
-
Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events
-
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and “warez” sites.
-
While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote command execution on vulnerable systems, they could offer more opportunity to attackers who engage in DDoS attacks, Akamai threat researchers have discovered.
-
Singapore is working on legislation and a dedicated agency that would hold online service providers more accountable for cyber bullying, according to prime minister Lawrence Wong.
-
A recently fixed “Windows MSHTML spoofing vulnerability” tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. When first disclosed as part of the September 2024 Patch Tuesday, Microsoft had not marked the vulnerability as previously exploited. However, on Friday, Microsoft updated the CVE-2024-43461 advisory…
-
The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore.
-
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments.
-
Long-time Slashdot reader UnderAttack explains: A blog post at the SANS Internet Storm Center suggests that OpenAI actions are being abused to scan for WordPress vulnerabilities. Honeypot sensors at the Storm Center detected scans for URLs targeting WordPress that originated exclusively from OpenAI systems. The URLs requested all pages including the pattern ‘%%target%%’, which may…
-
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. Android users receive a “new info related to…” Google search notification about a subject they have previously searched about, but are then presented with misleading search results, driving traffic to scam websites disguised as…
-
A new wave of banking trojans is exploiting the secureserver.net domain to target Spanish and Portuguese-speaking regions worldwide, including Latin America and Europe. These malicious campaigns, identified by Forcepoint’s X-Labs, employ sophisticated techniques to evade detection and compromise financial institutions.
-
Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform.
-
Threat actors are exploiting a misconfiguration in Selenium Grid, a popular web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency.
-
Image: MidjourneyAcronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials.
-
Cado Security researchers have recently unveiled several campaigns exploiting Cloudflare’s WARP service to attack vulnerable internet-facing services. WARP, a free VPN service designed to optimize user traffic, is being leveraged by attackers to mask their true origins and bypass security measures.