Hackers target critical zero-day vulnerability in PTZ cameras
Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and courtroom settings. In April 2024, GreyNoise discovered CVE-2024-8956 and CVE-2024-8957 after its AI-powered threat detection tool, Sift, detected unusual activity on its honeypot network that did not match any known threats. Upon examination of […]
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. Quad7, also known as CovertNetwork-1658 or xlogin, is a botnet first discovered by security researcher Gi7w0rm that consists of compromised SOHO routers. Later reports by Sekoia and Team Cymru reported that the threat actors are targeting routers and networking devices from TP-Link, ASUS, Ruckus wireless […]
Sophos reveals 5-year battle with Chinese hackers attacking network devices
Sophos disclosed today a series of reports dubbed “Pacific Rim” that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos. For years, cybersecurity firms have warned enterprises that Chinese threat actors exploit flaws in edge networking devices […]
Interbank confirms data breach following failed extortion, data leak
Interbank, one of Peru’s leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. Previously known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers. “We have identified that some data of a […]
QNAP patches second zero-day exploited at Pwn2Own to get root
QNAP has released security patches for a second zero-day bug exploited by security researchers during last week’s Pwn2Own hacking contest. This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387, was found in QNAP’s SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later. The zero-day flaw was patched one week after […]
North Korean govt hackers linked to Play ransomware attack
The North Korean state-sponsored hacking group tracked as ‘Andariel’ has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. A report from Palo Alto Networks and its Unit 42 researchers claims that Andariel might be either an affiliate of Play or acting as an initial access broker […]
Android malware “FakeCall” now reroutes bank calls to attackers
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker’s phone number instead. The goal of the latest version remains to steal people’s sensitive information and money from their bank accounts. FakeCall (or FakeCalls) is a banking trojan with a focus on […]
New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target’s NTLM credentials remotely. NTLM has been extensively exploited in NTLM relay attacks, where threat actors force vulnerable network devices to authenticate against servers under their control, and pass-the-hash attacks, where they exploit system vulnerabilities or deploy malicious […]
WhatsApp now encrypts contact databases for privacy-preserving synching
The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management. The new system solves two long-standing problems WhatsApp users have been dealing with for years, namely the risk of losing their contact lists if they lose their phone and the inability to sync contacts between different […]
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. The flaw is rated critical (CVSS v3.1 score: 9.8) and stems from a heap overflow weakness in vCenter’s DCE/RPC protocol implementation, impacting the vCenter Server and […]