atlas news
    
The Hacker News
24  janvier     12h58
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
   A group of academics has disclosed details of over security vulnerabilities impacting LTE and G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The vulnerabilities, assigned unique CVE...
    11h00
2025 State of SaaS Backup and Recovery Report
   The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud based Software as a Service SaaS applications to facilitate it. SaaS applications like Microsoft and Google Workspace have now become the...
    09h53
DoJ Indicts 5 Individuals for 866K North Korean IT Worker Scheme Violations
   The U.S. Department of Justice DoJ on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology IT worker scheme that seeks to generate revenue for the Democratic People’s Republic...
    07h20
Android’s New Identity Check Feature Locks Device Settings Outside Trusted Locations
   Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. When you turn on Identity Check, your device will require explicit biometric authentication to access certain...
    05h39
CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
   The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday placed a now patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The medium severity vulnerability is CVE...
23  janvier     15h13
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
   An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices’ firmware as well as misconfigured security features. These weren’t obscure, corner case vulnerabilities, security vendor Eclypsium said in a report shared...
    15h00
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
   Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the...
    14h56
New Research: The State of Web Exposure 2025
   Are your websites leaking sensitive data New research reveals that of third party apps access user info without proper authorization, and of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks download...
    14h55
Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
   Enterprise grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a magic packet sent by the...
    14h00
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
   An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning...
    11h20
How to Eliminate Identity-Based Threats
   Despite significant investments in advanced technologies and employee training programs, credential and user based attacks remain alarmingly prevalent, accounting for of enterprise breaches , . While identity based attacks continue to dominate as the leading cause of security incidents,...
    10h24
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
   SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access SMA Series appliances that it said has been likely exploited in the wild as a zero day. The vulnerability, tracked as CVE , is rated . out of a maximum of . on the CVSS scoring...
    09h43
QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features
   Cybersecurity researchers have disclosed details of a new BackConnect BC malware that has been developed by threat actors linked to the infamous QakBot loader. BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks, Walmart’s Cyber...
    06h21
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
   Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE , carries a CVSS score of . out . . It...
    06h00
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
   The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security DHS . In alignment with the Department of Homeland Security’s DHS commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize...
    05h35
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
   Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on premise ransomware attacks. This actor engaged in a variety of threat activity, including cryptocurrency mining operations on...
22  janvier     13h53
Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet
   Threat actors are exploiting an unspecified zero day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial of service DDoS attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since...
    10h31
Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
   As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward thinking security teams are looking for security controls and strategies to address...
    10h30
President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison
   U.S. President Donald Trump on Tuesday granted a full and unconditional pardon to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending more than years behind bars. I just called the mother of Ross William Ulbricht to let her know that in honor of her and the...
    08h49
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
   A previously undocumented China aligned advanced persistent threat APT group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network VPN provider in , according to new findings from ESET. The attackers replaced the legitimate installer...
    07h25
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
   Oracle is urging customers to apply its January Critical Patch Update CPU to address new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management PLM Framework CVE , CVSS score: . ...
    06h19
Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000 IoT Devices
   Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a . Terabit per second Tbps distributed denial of service DDoS attack, the largest ever attack to be reported to date. The UDP protocol based attack took place on October , , targeting one of its...
21  janvier     14h00
Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
   Cybersecurity researchers have warned of a new large scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity demonstrates enhanced capabilities, exploiting vulnerabilities...
    12h46
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
   A global network of about , hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity take s advantage of misconfigured DNS records to pass email protection techniques, ...
    10h52
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
   A former analyst working for the U.S. Central Intelligence Agency CIA pleaded guilty to transmitting top secret National Defense Information NDI to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, , of Vienna,...
    10h30
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
   Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, Were all functionalities of the web app tested or Were there any security issues that could have been identified during testing often go unresolved, raising concerns about the...
    05h45
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
   Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi stage loader dubbed PNGPlug to deliver the ValleyRAT payload,...
    05h27
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
   The Computer Emergency Response Team of Ukraine CERT UA is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the level of security, CERT UA added...
20  janvier     15h08
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
   New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to...
    14h53
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
   The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem meaning organization in Urdu and Tanzeem Update, were spotted in October and December by cybersecurity company Cyfirma. The apps...
    12h02
âs THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]
   As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper...
    11h10
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI
   Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across...
    05h45
Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP
   Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index PyPI repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below async mutex mutex, a...
19  janvier     05h24
TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025
   Popular video sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January , . We regret that a U.S. law banning TikTok will take effect on January and force us to make our services temporarily unavailable, the...
18  janvier     06h06
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon
   The U.S. Treasury Department’s Office of Foreign Assets Control OFAC has imposed sanctions against a Chinese cybersecurity company and a Shanghai based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. People’s Republic of China linked...
17  janvier     14h08
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
   Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS HPT industrial switches that could be chained to achieve pre authentication remote code execution on susceptible devices. These switches are widely used in building and home automation systems for a variety...
    13h06
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
   Cybersecurity researchers have exposed a new campaign that targets web servers running PHP based applications to promote gambling platforms in Indonesia. Over the past two months, a significant volume of attacks from Python based bots has been observed, suggesting a coordinated effort to exploit...
    10h21
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
   Recent data breaches have highlighted the critical need to improve guest Wi Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with...
    10h07
New ’Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
   Cybersecurity researchers have detailed a new adversary in the middle AitM phishing kit that’s capable of Microsoft accounts with an aim to steal credentials and two factor authentication FA codes since at least October . The nascent phishing kit has been dubbed Sneaky FA by French...
    10h07
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
   The U.S. Treasury Department’s Office of Foreign Assets Control OFAC sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People’s Republic of Korea DPRK by dispatching IT workers around the world to obtain...
    04h14
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
   Austrian privacy non profit None of Your Business noyb has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users’ data to China. The advocacy group is seeking an...
16  janvier     18h12
Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign
   The Russian threat actor known as Star Blizzard has been linked to a new spear phishing campaign that targets victims’ WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. Star Blizzard’s targets are most commonly related to government...
    12h25
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
   The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust...
    11h30
The 10 Cyber Threat Responsible for the Biggest Breaches of 2024
   You can tell the story of the current state of stolen credential based attacks in three numbers: Stolen credentials were the attacker action in , and the breach vector for of web app attacks. Source: Verizon . Cybersecurity budgets grew again in , with organizations now spending...
    11h23
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
   Details have emerged about a now patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface UEFI systems. The vulnerability, assigned the CVE identifier CVE CVSS score: ., resides in a UEFI application signed by...
    11h20
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
   Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that’s designed to disable NT LAN Manager NTLM v can be trivially bypassed by a misconfiguration. A simple misconfiguration in on premise applications can override the Group Policy, effectively negating the...
    11h15
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
   Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and bj ctivity Stealer as part of separate campaigns. In both campaigns, attackers hid malicious code in images they uploaded to archive . org, a file hosting website, and used the same ...
    06h45
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
   Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security,...
    06h39
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
   Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager EPM , including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated . out of . on the CVSS scale...
15  janvier     15h48
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
   Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. The scheme consists of stealing as many advertiser accounts as possible by...