Linux SSH servers with poor security are being targeted by cybercriminals to install port scanners and dictionary attack tools. The attackers aim to compromise other vulnerable servers and use them for cryptocurrency mining and DDoS attacks.
TuneFab converter, a tool used to convert copyrighted music from streaming platforms, exposed over 151 million records of users' private data due to a misconfiguration on MongoDB.
A simple Google Drive configuration mistake by Japanese game developer Ateam resulted in the potential exposure of sensitive information for nearly one million individuals, highlighting the importance of properly securing cloud services.
A dual privilege escalation chain in Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM) allowed attackers to gain complete control over Kubernetes clusters, highlighting the importance of regular updates and proactive security measures.
Attackers can exploit these vulnerabilities to execute commands on vulnerable NameServer components of RocketMQ, highlighting the importance of upgrading to version 5.1.2/4.9.7 or above to mitigate the risk.
AT&T Alien Labs discovered an ongoing campaign that delivers the AsyncRAT to targeted victims. The threat actor behind the campaign has been active for at least 11 months, using phishing emails and malicious JavaScript files to distribute the RAT.
A group known as Anonymous Arabic, with links to Turkey and Syria, is behind a sophisticated remote access Trojan called SilverRAT. They plan to release an updated version that can control compromised Windows systems and Android devices.
Multiple information-stealing malware families are exploiting an undocumented Google OAuth endpoint called "MultiLogin" to restore expired authentication cookies and gain unauthorized access to users' accounts.
Despite increased cybersecurity budgets, there is a need for a further rise in spending to effectively mitigate security risks. Economic volatility, a growing distributed workforce, and supply chain issues are key factors influencing spending.
In 2023, businesses have been hit with 800,000 cyberattacks, over 60,000 of which were DDoS attacks and 4,000 falling victim to ransomware, according to a report by Vercara.