EHA
Home Cyber Security News

Cyber Security News

PyRIT : Automated AI Toolkit For Security Professionals

PyRIT : Automated AI Toolkit For Security Professionals

A new Python automation framework has been released for risk identification in generative AI. This new framework has been named "PyRIT," and it can help security professionals and machine learning engineers find risks in...
Malware From Fake Software Developers Job

Windows Malware Dropped From Fake Software Developers Job Offers Scheme

February 24, 2024 – Phylum, a leader in cybersecurity research, has unveiled a sophisticated malware campaign aimed at software developers seeking employment. This alarming scheme, identified in collaboration with Palo Alto Network's Unit 42,...
Researchers Unveild Apple’s Shortcuts Vulnerability

Researchers Unveild Apple’s Shortcuts Vulnerability

Researchers uncovered the vulnerability in Apple's Shortcuts application, which could leave users' privacy at risk. This vulnerability highlights the importance of maintaining constant and rigorous security measures to protect sensitive data. The vulnerability, CVE-2024-23204, has...
LockBit Gang Money Flow Uncovered : New Strain Under Development

LockBit Gang Money Flow Uncovered : New Strain Under Development

Over the past few years, LockBit, a ransomware-as-a-service (RaaS) operation, has been linked to multiple security incidents affecting organizations worldwide. Yet, they appear to have experienced a lot of logistical, technological, and reputational issues recently....
ScreenConnect Security Flaw Exploited In The Wild By Attackers

ScreenConnect Security Flaw Exploited In The Wild By Attackers

The ScreenConnect software is a popular choice for remote access among organizations worldwide. However, recent vulnerabilities have raised concerns about potential exploitation by attackers. Specifically, these vulnerabilities could allow attackers to access vulnerable instances and distribute...
New SSH-Snake Malware Abuses SSH Credentials To Spread Itself In The Network

New SSH-Snake Malware Abuses SSH Credentials To Spread Itself In The Network

Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. By exploiting weak or compromised credentials, they can execute malicious activities. SSH credential abuse provides a stealthy entry point for threat actors...
Russian Government Software Hijacked to Konni RAT

Russian Government Software Hijacked to Install Konni RAT

A critical cybersecurity incident recently occurred where the Konni Remote Access Trojan (RAT), a highly covert and sophisticated malware that specializes in data exfiltration, infiltrated the software systems of the Russian Government. This incident, uncovered...
Apple Adds PQ3 post-quantum encryption for iMessage

Apple Adds PQ3 post-quantum Encryption for iMessage

Apple has released its new PQ3 (post-quantum) cryptographic protocol, claimed to be the first-ever messaging protocol to reach Level 3 security. Apple announced its cryptographic protocol change in 2019 when it shifted from RSA to...
Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day

Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day

Ivanti Connect Secure vulnerabilities were disclosed in January 2024 as a potential gateway for threat actors to penetrate corporate networks. The two vulnerabilities, CVE-2023-46805 and CVE-2024-21887 were associated with authentication bypass and arbitrary command...
Hackers Heavily Abusing Google Cloud Run to Deliver Banking Malware

Hackers Heavily Abusing Google Cloud Run to Deliver Banking Malware

Large-scale malware distribution campaigns are abusing Google Cloud Run to transmit banking trojans, including Astaroth (also known as Guildma), Mekotio, and Ousaban, to European and Latin American targets. With Cloud Run, you can promptly execute...

Managed WAF

Website

Latest News