Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The Hacker News Daily Updates 7 Passwordless Approaches for B2C Passwords are problematic. They are hard to remember, and they don’t work well. Passwords can be guessed or leaked. Today’s technology allows for better authentication, without passwords. It’s time to move on and join the cutting edge. Download Now Sponsored LATEST NEWS Dec 22, 2022 FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware DarkSide, REvil, and LockBit families. The highly active threat group, also known as ... Read More The Era of Cyber Threat Intelligence Sharing We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and when all our efforts failed, only then we considered banding together with our peers to outnumber them. Cybercriminals don't reinvent themselves each time. Their resources are limited, and they have a limited budget. Therefore they use playbooks to attack many people. Meaning most ... Read More Combine Your Payment Stack into One FastSpring handles the complexity of selling software so you can get back to doing what you do best — building great products. Our platform includes global payment processing, subscription management, checkout, sales taxes and VAT, fraud prevention, and much ... Read More Critical Security Flaw Reported in Passwordstate Enterprise Password Manager Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges ... Read More Two New Security Flaws Reported in Ghost CMS Blogging Software Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654 (CVSS score: 8.5), the authentication bypass vulnerability allows unprivileged users (i.e., members) to make unauthorized modifications to newsletter settings. ... Read More Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this ... Read More Hackers Breach Okta's GitHub Repositories, Steal Source Code Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP, or DoD customers," the company said in a public statement. "No action is required by customers." The security event, which ... Read More Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools," Trend Micro researcher Christopher ... Read More EDI Requirements Checklist for Selecting the Best EDI System Get an expert list of the top Electronic Data Interchange (EDI) requirements to consider when acquiring a new system. Use this document & template to identify your key criteria and select and compare top EDI systems for your company. Download Now Sponsored This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India