Sign up to save your podcasts
Or
Share 2024-02-09 : Daily : Gracie Folkins
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
2024-02-09 : Daily : Gracie Folkins
I'm Gracie Folkins, today is February 9th, 2024, and you are listening to Hack News Daily.
Today, we've got a roundup of some serious cyber news you'll want to know about. First off, the U.S. State Department is taking a stand against cybercrime, offering a reward of up to $10 million for info on the Hive ransomware group's leaders. This comes after the FBI managed to sneak into their network, saving potential victims over $130 million in ransom payments.
In the world of malware, there's a new variant of XLoader targeting Android users. It kicks into action right after installation and tricks users with phishing notifications. McAfee suggests beefing up your device's security to fend off these sneaky threats.
Security updates are crucial, folks. Ivanti is urging updates for Connect Secure, Policy Secure, and ZTA gateways due to a risky XXE flaw in the SAML component. This bug could let hackers in without needing any user interaction. Patches were out as of January 31, so make sure your systems are up to date.
Raspberry Robin malware is getting smarter and faster, buying up exploits for fresh vulnerabilities to dodge detection and stick around longer on infected systems. It's a reminder of how cyber threats are always evolving.
Over in France, a massive data breach has hit healthcare payment providers Viamedis and Almerys, affecting 33 million people. Although financial info was safe, personal details were exposed, upping the risk of phishing and fraud.
LastPass users, beware! A fake app called "LassPass Password Manager" popped up on the Apple App Store, mimicking the real deal but leading to a suspicious site. Steps are being taken to get rid of this impostor.
A duo allegedly scammed Apple out of $2.5 million by hacking into systems and snagging gift cards and hardware. Their tactics included using remote desktops and VPNs to hide their tracks.
A newly spotted vulnerability in the Apache bRPC framework could let attackers sneak in through HTTP request smuggling. The fix? Upgrade to version 1.8.0 or apply the available patch.
TOTOLINK routers have a critical flaw that could let hackers take control without needing a password. The manufacturer hasn't responded yet, so users should stay alert for updates.
On the legal side, Jim Dempsey is pushing for laws that make software makers more accountable for security lapses, aiming to clearly define when they should be liable for vulnerabilities.
Google's getting a facelift, updating its sign-in pages to a sleeker, more personalized design. Keep an eye out for a new look on services like Gmail.
Kaspersky Labs discovered a new banking Trojan targeting Brazilian banks, named "Coyote". It's sneaky, using advanced techniques to hide and steal data.
A look at CISA's Known Exploited Vulnerabilities in 2023 by Horizon3.ai shows that even with safer programming languages like Rust, security risks from exposed endpoints and logic bugs are still a big deal.
For those looking to beef up their cybersecurity, "Hadess" is offering a suite of services including Red Team exercises and Blockchain Security.
A serious SQL injection vulnerability in the WordPress Booking Calendar plugin was swiftly dealt with by the Wordfence team, protecting over 60,000 sites from potential attacks.
CISA's latest alert adds a Google Chromium bug to its watchlist, highlighting the need for federal agencies to patch up by February 27 to avoid remote attacks.
The Chinese cyber-espionage group Volt Typhoon went unnoticed for five years in US networks, showcasing the stealth and persistence of modern cyber threats.
Scammers are using Facebook job ads to spread malware via Discord, highlighting the creative tactics of malvertisers.
And that wraps up today's cyber news. Come back tomorrow for more Hack News Daily for the latest updates. You can find links to all the cyber news, red team tradecraft tooling, and more at HAQ.NEWS. Gracie Folkins out.
View all episodes
By Jared FolkinsI'm Gracie Folkins, today is February 9th, 2024, and you are listening to Hack News Daily.
Today, we've got a roundup of some serious cyber news you'll want to know about. First off, the U.S. State Department is taking a stand against cybercrime, offering a reward of up to $10 million for info on the Hive ransomware group's leaders. This comes after the FBI managed to sneak into their network, saving potential victims over $130 million in ransom payments.
In the world of malware, there's a new variant of XLoader targeting Android users. It kicks into action right after installation and tricks users with phishing notifications. McAfee suggests beefing up your device's security to fend off these sneaky threats.
Security updates are crucial, folks. Ivanti is urging updates for Connect Secure, Policy Secure, and ZTA gateways due to a risky XXE flaw in the SAML component. This bug could let hackers in without needing any user interaction. Patches were out as of January 31, so make sure your systems are up to date.
Raspberry Robin malware is getting smarter and faster, buying up exploits for fresh vulnerabilities to dodge detection and stick around longer on infected systems. It's a reminder of how cyber threats are always evolving.
Over in France, a massive data breach has hit healthcare payment providers Viamedis and Almerys, affecting 33 million people. Although financial info was safe, personal details were exposed, upping the risk of phishing and fraud.
LastPass users, beware! A fake app called "LassPass Password Manager" popped up on the Apple App Store, mimicking the real deal but leading to a suspicious site. Steps are being taken to get rid of this impostor.
A duo allegedly scammed Apple out of $2.5 million by hacking into systems and snagging gift cards and hardware. Their tactics included using remote desktops and VPNs to hide their tracks.
A newly spotted vulnerability in the Apache bRPC framework could let attackers sneak in through HTTP request smuggling. The fix? Upgrade to version 1.8.0 or apply the available patch.
TOTOLINK routers have a critical flaw that could let hackers take control without needing a password. The manufacturer hasn't responded yet, so users should stay alert for updates.
On the legal side, Jim Dempsey is pushing for laws that make software makers more accountable for security lapses, aiming to clearly define when they should be liable for vulnerabilities.
Google's getting a facelift, updating its sign-in pages to a sleeker, more personalized design. Keep an eye out for a new look on services like Gmail.
Kaspersky Labs discovered a new banking Trojan targeting Brazilian banks, named "Coyote". It's sneaky, using advanced techniques to hide and steal data.
A look at CISA's Known Exploited Vulnerabilities in 2023 by Horizon3.ai shows that even with safer programming languages like Rust, security risks from exposed endpoints and logic bugs are still a big deal.
For those looking to beef up their cybersecurity, "Hadess" is offering a suite of services including Red Team exercises and Blockchain Security.
A serious SQL injection vulnerability in the WordPress Booking Calendar plugin was swiftly dealt with by the Wordfence team, protecting over 60,000 sites from potential attacks.
CISA's latest alert adds a Google Chromium bug to its watchlist, highlighting the need for federal agencies to patch up by February 27 to avoid remote attacks.
The Chinese cyber-espionage group Volt Typhoon went unnoticed for five years in US networks, showcasing the stealth and persistence of modern cyber threats.
Scammers are using Facebook job ads to spread malware via Discord, highlighting the creative tactics of malvertisers.
And that wraps up today's cyber news. Come back tomorrow for more Hack News Daily for the latest updates. You can find links to all the cyber news, red team tradecraft tooling, and more at HAQ.NEWS. Gracie Folkins out.