Today's cybersecurity headlines are brought to you by ThreatPerspective


Biz & IT Ars Technica

US charges Russian military officers for unleashing wiper malware on Ukraine

WhisperGate campaign targeted Ukrainian critical infrastructure and allies worldwide. US charges Russian military officers for unleashing wiper malware on Ukraine Federal prosecutors on Thursday unsealed an indictment charging six Russian nationals with conspiracy to hack into the computer networks of the Ukrainian government and its allies and steal or destroy sensitive data on behalf of the Kremlin. The i...

Published: 2024-09-05T20:54:19



Biz & IT Ars Technica

Zyxel warns of vulnerabilities in a wide range of its products

Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10. Zyxel warns of vulnerabilities in a wide range of its products Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its products. If left unpatched, some of them could enable the complete takeover of the devices, which can be targeted as an initial point of entry int...

Published: 2024-09-04T18:57:46



Biz & IT Ars Technica

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

Sophisticated attack breaks security assurances of the most popular FIDO key. YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to ...

Published: 2024-09-03T17:58:06



Biz & IT Ars Technica

City of Columbus sues man after he discloses severity of ransomware attack

Mayor said data was unusable to criminals; researcher proved otherwise. A ransom note is plastered across a laptop monitor. A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by ...

Published: 2024-08-30T20:00:41



Biz & IT Ars Technica

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Findings undercut pledges of NSO Group and Intellexa their wares won't be abused. Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says Critics of spyware and exploit sellers have long warned that the advanced hacking sold by commercial surveillance vendors (CSVs) represents a worldwide danger because they inevitably find their way into the hands of malicious parties, even when th...

Published: 2024-08-29T21:05:06



Biz & IT Ars Technica

Unpatchable 0-day in surveillance cam is being exploited to install Mirai

Vulnerability is easy to exploit and allows attackers to remotely execute commands. The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes. Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and ot...

Published: 2024-08-28T21:25:04



Biz & IT Ars Technica

“Exploitative” IT firm has been delaying 2,000 recruits’ onboarding for years

India's Infosys recruits reportedly subjected to repeated unpaid "pre-training." Carrot on a stick Indian IT firm Infosys has been accused of being “exploitative” after allegedly sending job offers to thousands of engineering graduates but still not onboarding any of them after as long as two years. The recent graduates have reportedly been tol...

Published: 2024-08-27T21:29:48



The Verge - Securities

Telegram changes its tone on moderating private chats after CEO's arrest

Photo illustration of Telegram CEO Pavel Durov with the Telegram logo. Telegram has quietly removed language from its FAQ page saying private chats were protected and that “we do not process any requests related to them.” The change comes nearly two weeks after its CEO, Pavel Durov, was arrested in France for ...

Published: 2024-09-05T23:24:54



The Verge - Securities

YubiKeys have an unfixable security flaw but it's difficult to exploit

Someone using the YubiKey 5 NFC to access a laptop. Security researchers have detected a vulnerability in YubiKey two-factor authentication tokens that enables attackers to clone the device according to a new security advisory. The vulnerability was discovered within the Infineon cryptograph...

Published: 2024-09-04T07:49:08



The Verge - Securities

Google releases Pixel update to get rid of surveillance vulnerability

Google Pixel 8 and Pixel 8 Pro on pink and blue backgrounds showing home screens with mineral wallpaper Last month, it was discovered that an inactive piece of software that ships on all Google Pixel smartphones presented a potential security vulnerability for device owners. The company quickly said it would remove “Showcase.apk,” which was c...

Published: 2024-09-03T15:55:06



The Verge - Securities

Bitcoin ATM scammers stole $65 million in first half of 2024

 Scammers will then instruct their victims to take out a large sum of cash and deposit it into a Bitcoin ATM which the FTC says scammers may call “safety lockers” to keep their funds secure. Once at the Bitcoin ATM, scammers will send thei...

Published: 2024-09-03T14:30:24



The Verge - Securities

CrowdStrike exec will testify to Congress about July's global IT meltdown

Vector illustration of the Crowdstrike logo. A senior CrowdStrike executive will testify before the House Homeland Security Committee next month about the IT outage that grounded planes and workplaces to a halt globally on July 19th. Adam Meyers, CrowdStrike’s senior vice president o...

Published: 2024-08-30T12:46:06



The Verge - Securities

A bank exec stole $47 million for a crypto scam, and now he's going to jail

Graphic photo collage of a wallet. A Kansas man was sentenced to 24 years in prison after pouring $47.1 million into a pig butchering scam using money from the bank he was in charge of. Shan Hanes, the former CEO of the small Heartland Tri-State Bank, pleaded guilty to emb...

Published: 2024-08-23T12:08:26



The Verge - Securities

Microsoft to host CrowdStrike and others to discuss Windows security changes

Vector illustration of the Crowdstrike logo. Microsoft is hosting an important summit on Windows security at its Redmond, Washington, headquarters next month. The Windows Endpoint Security Ecosystem Summit on September 10th will bring together Microsoft engineers and vendors like Crow...

Published: 2024-08-23T11:00:00



BleepingComputer

Transport for London staff faces systems disruptions after cyberattack

Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. [...]

Published: 2024-09-06T15:49:08



BleepingComputer

Car rental giant Avis discloses data breach impacting customers

American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. [...]

Published: 2024-09-06T14:04:32



BleepingComputer

SpyAgent Android malware steals your crypto recovery phrases from images

A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. [...]

Published: 2024-09-06T11:17:29



BleepingComputer

SonicWall SSLVPN access control flaw is now exploited in attacks

SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. [...]

Published: 2024-09-06T09:20:11



BleepingComputer

Apache fixes critical OFBiz remote code execution vulnerability

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. [...]

Published: 2024-09-05T17:33:32



BleepingComputer

Russian military hackers linked to critical infrastructure attacks

The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (als

Published: 2024-09-05T13:59:31



BleepingComputer

Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords

Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. [...]

Published: 2024-09-05T05:15:20



Threat Intelligence

A Measure of Motive: How Attackers Weaponize Digital Analytics Tools

Adrian McCabe, Ryan Tomcik, Stephen Clement Introduction Digital analytics tools are vital components of the vast domain that is modern cyberspace. From system administrators managing traffic load balancers to marketers and advertisers working to d

Published: 2024-08-29T14:00:00



Krebs on Security

Sextortion Scams Now Include Photos of Your Home

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in...

Published: 2024-09-03T15:45:49



Krebs on Security

When Get-Out-The-Vote Efforts Look Like Phishing

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California poli...

Published: 2024-08-28T23:55:17



The Register - Security

Despite cyberattacks, water security standards remain a pipe dream

White House floats round two of regulations Feature It sounds like the start of a bad joke: Digital trespassers from China, Russia, and Iran break into US water systems.

Published: 2024-09-07T12:33:09



The Register - Security

Google says replacing C/C++ in firmware with Rust is easy

Not so much when trying to convert coding veterans Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.

Published: 2024-09-06T21:44:14



The Register - Security

Cisco merch shoppers stung in Magecart attack

The 'security issue' was caused by a 9.8-rated Magento flaw Adobe patched back in June Bad news for anyone who purchased a Cisco hoodie earlier this month: Suspected Russia-based attackers injected data-stealing JavaScript into the networking giant's online store selling Cisco-branded merch.

Published: 2024-09-06T20:00:06



The Register - Security

To patch this server, we need to get someone drunk

When maintenance windows are hard to open, a little lubrication helps On Call The Register understands consuming alcohol is quite a popular way to wind down from the working week, but each Friday we get the party started early with a new and sober instalment of On Call, the reader contributed column in which you share stories about the emotional hangovers you've earned delivering tech support.

Published: 2024-09-06T07:28:05



The Register - Security

Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed

Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back - with a request for info The US Department of Homeland Security is seeking help to assess the security of tech at maritime ports, to safeguard the 13 million jobs and $649 billion of economic activity generated by the nation's docks.

Published: 2024-09-05T23:51:46



The Register - Security

White House's new fix for cyber job gaps: Serve the nation in infosec

Now do your patriotic duty and fill one of those 500k open roles, please? The White House has unveiled a new strategy to fill some of the hundreds of thousands of critical cybersecurity vacancies across the US: Pitch cyber as a national service.

Published: 2024-09-05T22:04:05



The Register - Security

Uncle Sam charges Russian GRU cyber-spies behind 'WhisperGate intrusions'

Feds post $10M bounty for each of the six's whereabouts The US today charged five Russian military intelligence officers and one civilian for their alleged involvement with the data-wiping WhisperGate campaign conducted against Ukraine in January 2022 before the ground invasion began.

Published: 2024-09-05T19:44:28



The Register - Security

Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security

Two critical holes including hardcoded admin credential If you're running Cisco's supposedly Smart Licensing Utility, there are two flaws you ought to patch right now.

Published: 2024-09-05T18:15:08



The Register - Security

Quantum computing is coming are you ready?

Are you prepared for the day that quantum computing breaks today's encryption? Sponsored Feature The internet is all about transparency and openness - connecting people and information, shoppers and vendors, or businesses. But it's also all about security and trust.

Published: 2024-09-05T15:08:11



The Register - Security

Security boom is over, with over a third of CISOs reporting flat or falling budgets

Good news? Security is still getting a growing part of IT budget It looks like security budgets are coming up against belt-tightening policies, with chief security officers reporting budgets rising more slowly than ever and over a third saying their spending this year will be flat or even reduced.

Published: 2024-09-05T14:34:10



The Register - Security

The fingerpointing starts as cyber incident at London transport body continues

Network admins take a ride on the Fright Bus The Transport for London (TfL) "cyber incident" is heading into its third day amid claims that a popular appliance might have been the gateway for criminals to gain access to the organization's network.

Published: 2024-09-05T10:00:11



The Register - Security

Security biz Verkada to pay $3M penalty under deal that also enforces infosec upgrade

Allowed access to 150K cameras, some in sensitive spots, but has been done for spamming Physical security biz Verkada has agreed to cough up $2.95 million following an investigation by the US Federal Trade Commission (FTC) but the payment won't make good its past security failings, including a blunder that led to CCTV footage being snooped on by miscreants. Instead, the fine is about spam.

Published: 2024-09-05T04:28:07



The Register - Security

White House seizes 32 domains, issues criminal charges in massive election-meddling crackdown

Russia has seemingly decided who it wants Putin the Oval Office The Biden administration on Wednesday seized 32 websites and charged two employees of a state-owned media outlet connected to a $10 million scheme to distribute pro-Kremlin propaganda, and claimed the actions were necessary to counter Russia's attempts to influence the upcoming US presidential election.

Published: 2024-09-05T02:27:11



The Register - Security

North Korean scammers plan wave of stealth attacks on crypto companies, FBI warns

Feds warn of 'highly tailored, difficult-to-detect social engineering campaigns' The FBI has warned that North Korean operatives are plotting "complex and elaborate" social engineering attacks against employees of decentralized finance (DeFi) organizations, as part of ongoing efforts to steal cryptocurrency.

Published: 2024-09-05T01:17:42



The Register - Security

Palo Alto takes a big $500M bite out of IBM QRadar

Big Blue also shifts to Prisma SASE to secure its 250,000 workforce Palo Alto Networks has completed its purchase of IBM's QRadar SaaS offering, spending $500 million to buy up the service's customers and hopefully shift them into its own Cortex platform.

Published: 2024-09-04T22:15:15



The Register - Security

Copilot for Microsoft 365 might boost productivity if you survive the compliance minefield

Loads of governance issues to worry about, and the chance it might spout utter garbage Microsoft has published a Transparency Note for Copilot for Microsoft 365, warning enterprises to ensure user access rights are correctly managed before rolling out the technology.

Published: 2024-09-04T21:15:12



The Register - Security

Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data

93GB of info feared pilfered in Montana by heartless crooks Planned Parenthood of Montana's chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment.

Published: 2024-09-04T20:33:53



The Register - Security

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials The Cicada3301 ransomware, which has claimed at least 20 victims since it was spotted in June, shares "striking similarities" with the notorious BlackCat ransomware, according to security researchers at Israeli outfit endpoint security outfit Morphisec.

Published: 2024-09-04T14:29:06



The Register - Security

Telegram apologizes to South Korea and takes down smutty deepfakes

Unclear if this is a sign controversial service is cleaning up its act everywhere Controversial social network Telegram has co-operated with South Korean authorities and taken down 25 videos depicting sex crimes.

Published: 2024-09-04T04:28:14



The Register - Security

Ex-senior New York State staffer charged in cash-for-favors scandal with China

Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway allegedly The US Department of Justice has accused a now-former senior official of the New York State government of illegally advancing the interests of the Chinese government and communist party.

Published: 2024-09-04T00:53:37



The Register - Security

White House thinks it's time to fix the insecure glue of the internet: Yup, BGP

Better late than never The White House on Tuesday indicated it hopes to shore up the weak security of internet routing, specifically the Border Gateway Protocol (BGP).

Published: 2024-09-03T22:34:09



The Register - Security

UK trio pleads guilty to running $10M MFA bypass biz

Crew bragged they could help crooks raid victims' bank accounts Updated A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities estimate has raked in millions in less than two years.

Published: 2024-09-03T21:30:07



The Register - Security

Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election

No, Abbey is not really a "pure patriotic girl" Spamouflage, the Beijing-linked trolls known for spreading fake news about American politics, is back with new accounts on X and TikTok that claim to be frustrated US voters in "more aggressive" attempts to influence the upcoming presidential election.

Published: 2024-09-03T18:15:08



The Register - Security

Data watchdog fines Clearview AI $33M for 'illegal' data collection

Selfie-scraper again claims European law does not apply to it The Dutch Data Protection Authority (DPA) has fined controversial facial recognition company Clearview AI 30.5 million ($33 million) over the "illegal" collation of images.

Published: 2024-09-03T15:30:06



The Register - Security

Transport for London confirms cyberattack, assures us all is well

Government body claims there is no evidence of customer data being compromised Transport for London (TfL) responsible for much of the public network carrying people around England's capital is battling to stay on top of an unfolding "cyber security incident."

Published: 2024-09-03T09:40:03



The Register - Security

Application builders get ready

Grey Matter ISV Partner Day will bring together Microsoft-focused ISVs, SaaS Providers and application builders from the UK and Ireland to learn about the latest Microsoft technologies from the software company's own experts.

Published: 2024-09-03T08:51:12



The Register - Security

Telegram CEO was 'too free' on content moderation, says Russian minister

CEO Pavel Durov charged in France, messaging platform insists it abides by EU laws Telegram CEO Pavel Durov, who was cuffed and charged by the French police last week, was "too free" in his approach to managing the global messaging platform, according to Russia's foreign minister.

Published: 2024-09-02T16:35:14



The Register - Security

Novel attack on Windows spotted in phishing campaign run from and targeting China

Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Chinese web champ Tencent's cloud is being used by unknown attackers as part of a phishing campaign that aims to achieve persistent network access at Chinese entities.

Published: 2024-09-02T03:06:24



The Register - Security

Check your IP cameras: There's a new Mirai botnet on the rise

Also, US offering $2.5M for Belarusian hacker, Backpage kingpins jailed, additional MOVEit victims, and more Infosec in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet.

Published: 2024-08-31T18:22:08



The Register - Security

RansomHub hits 210 victims in just 6 months

The ransomware gang recruits high-profile affiliates from LockBit and ALPHV As RansomHub continues to scoop up top talent from the fallen LockBit and ALPHV operations while accruing a smorgasbord of victims, security and law enforcement agencies in the US feel it's time to issue an official warning about the group that's gunning for ransomware supremacy.

Published: 2024-08-30T23:55:11



The Register - Security

Green Berets storm building after compromising its Wi-Fi

Relax, it's just a drill. This time at least US Army Special Forces, aka the Green Berets, have been demonstrating their ability to use offensive cyber-security tools in the recent Swift Response 24 military exercises in May, the military has now confirmed.

Published: 2024-08-30T21:00:11



The Register - Security

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

Infosec hounds say they spotted vulnerability during routine travel in the US Updated Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights.

Published: 2024-08-30T13:28:14



The Register - Security

Iran hunts down double agents with fake recruiting sites, Mandiant reckons

Farsi-language posts target possibly-pro-Israel individuals Government-backed Iranian actors allegedly set up dozens of fake recruiting websites and social media accounts to hunt down double agents and dissidents suspected of collaborating with the nation's enemies, including Israel.

Published: 2024-08-30T04:27:08



The Register - Security

US indicts duo over alleged Swatting spree that targeted elected officials

Apparently made over 100 fake crime reports and bomb threats The US government has indicted two men for allegedly reporting almost 120 fake emergencies or crimes in the hope of provoking action by armed law enforcement agencies.

Published: 2024-08-29T22:28:14



The Register - Security

What a coincidence. Spyware makers, Russia's Cozy Bear seem to share same exploits

Google researchers note similarities, can't find smoking-gun link Google's Threat Analysis Group (TAG) has spotted an interesting pattern: A Kremlin-linked cyber-espionage crew and commercial spyware makers exploiting specific security vulnerabilities in pretty much the same way.

Published: 2024-08-29T20:03:11



The Register - Security

Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom

Sordid search history 'evidence' in case that could see him spend 35 years for extortion and wire fraud A former infrastructure engineer who allegedly locked IT department colleagues out of their employer's systems, then threatened to shut down servers unless paid a ransom, has been arrested and charged after an FBI investigation.

Published: 2024-08-29T18:30:07



The Register - Security

Rock Chrome hard enough and get paid half a million

Google revises Chrome Vulnerability Rewards Program with higher payouts for bug hunters Google's Chrome Vulnerability Rewards Program (VRP) is now significantly more rewarding with a top payout that's at least twice as substantial.

Published: 2024-08-29T16:30:12



The Register - Security

Brain Cipher claims attack on Olympic venue, promises 300 GB data leak

French police reckon financial system targeted during Summer Games Nearly four weeks after the cyberattack on dozens of French national museums during the Olympic Games, the Brain Cipher ransomware group claims responsibility for the incident and says 300 GB of data will be leaked later today.

Published: 2024-08-29T12:32:11



The Register - Security

CrowdStrike's meltdown didn't dent its market dominance yet

Total revenue for Q2 grew 32 percent CrowdStrike's major meltdown a month ago doesn't look like affecting the cyber security vendor's market dominance anytime soon, based on its earnings reported Wednesday.

Published: 2024-08-29T02:27:08



The Register - Security

Microsoft hosts a security summit but no press, public allowed

CrowdStrike, other vendors, friendly govt reps but not anyone who would tell you what happened op-ed Microsoft will host a security summit next month with CrowdStrike and other "key" endpoint security partners joining the fun and during which the CrowdStrike-induced outage that borked millions of Windows machines will undoubtedly be a top-line agenda item.

Published: 2024-08-28T22:20:12



The Register - Security

Proof-of-concept code released for zero-click critical IPv6 Windows hole

If you haven't deployed August's patches, get busy before others do Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks ago.

Published: 2024-08-28T21:20:12



The Register - Security

Iran's Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear

The government-backed crew also enjoys ransomware as a side hustle Iranian government-backed cybercriminals have been hacking into US and foreign networks as recently as this month to steal sensitive data and deploy ransomware, and they're breaking in via vulnerable VPN and firewall devices from Check Point, Citrix, Palo Alto Networks and other manufacturers, according to Uncle Sam.

Published: 2024-08-28T18:00:06



The Register - Security

Dick's Sporting Goods discloses cyberattack

Authorities probing unwanted intrusion; hard questions ahead Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week.

Published: 2024-08-28T16:20:07



The Register - Security

From Copilot to Copirate: How data thieves could hijack Microsoft's chatbot

Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon Microsoft has fixed flaws in Copilot that allowed attackers to steal users' emails and other personal data by chaining together a series of LLM-specific attacks, beginning with prompt injection.

Published: 2024-08-28T13:05:10



The Register - Security

The ultimate dual-use tool for cybersecurity

Sword or plowshare? That depends on whether you're an attacker or a defender Sponsored Feature Artificial intelligence: saviour for cyber defenders, or shiny new toy for online thieves? As with most things in tech, the answer is a bit of both.

Published: 2024-08-28T09:02:06



The Register - Security

Woman uses AirTags to nab alleged parcel-pinching scum

Phew! Consumer-grade tracking devices are good for more than finding your keys and stalking Theft of packages is an ongoing problem, so one California woman tried a high tech solution to the problem and her use of Apple's consumer-grade AirTags tracking devices led to two arrests.

Published: 2024-08-28T07:30:15



The Register - Security

Chinese broadband satellites may be Beijing's flying spying censors, think tank warns

Ground stations are the perfect place for the Great Firewall to block things China finds unpleasant The multiple constellations of broadband-beaming satellites planned by Chinese companies could conceivably run the nation's "Great Firewall" content censorship system, according to think tank The Australian Strategic Policy Institute. And if they do, using the services outside China will be dangerous.

Published: 2024-08-28T01:58:14



The Register - Security

Intel's Software Guard Extensions broken? Don't panic

More of a storm in a teacup Today's news that Intel's Software Guard Extensions (SGX) security system is open to abuse may be overstated.

Published: 2024-08-27T19:59:33



The Register - Security

Volt Typhoon suspected of exploiting Versa SD-WAN bug since June

The same Beijing-backed cyber spy crew the feds say burrowed into US critical infrastructure update It looks like China's Volt Typhoon has found a new way into American networks as Versa has disclosed a nation-state backed attacker has exploited a high-severity bug affecting all of its SD-WAN customers using Versa Director.

Published: 2024-08-27T17:32:28



The Register - Security

Microsoft security tools questioned for treating employees as threats

Cracked Labs examines how workplace surveillance turns workers into suspects Software designed to address legitimate business concerns about cyber security and compliance treats employees as threats, normalizing intrusive surveillance in the workplace, according to a report by Cracked Labs.

Published: 2024-08-27T14:00:15



Security Latest

Hackers Threaten to Leak Planned Parenthood Data

Plus: Kaspersky’s US business sold, Nigerian sextortion scammers jailed, and Europe’s controversial encryption plans return.

Published: 2024-09-07T11:30:00



Security Latest

The NSA Has a Podcast Here's How to Decode It

The spy agency that dared not speak its name is now the Joe Rogan of the SIGINT set. And the pod's actually worth a listen.

Published: 2024-09-06T13:00:00



Security Latest

Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database

Video and audio of therapy sessions, transcripts, and other patient records were accidentally exposed in a publicly accessible database operated by the virtual medical company Confidant Health.

Published: 2024-09-06T10:45:00



Security Latest

YubiKeys Are a Security Gold Standard but They Can Be Cloned

Security researchers have discovered a cryptographic flaw that leaves the YubiKey 5 vulnerable to attack.

Published: 2024-09-05T21:01:38



Security Latest

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

Unit 29155 of Russia’s GRU military intelligence agency a team responsible for coup attempts, assassinations, and bombings has branched out into brazen hacking operations with targets across the world.

Published: 2024-09-05T17:00:35



Security Latest

Why It's So Hard to Fully Block X in Brazil

With 20,000 internet providers across the country, the technical challenges of blocking X in Brazil mean some connections are slipping through the cracks.

Published: 2024-09-05T15:41:52



Security Latest

We Hunted Hidden Police Signals at the DNC

Using special software, WIRED investigated police surveillance at the DNC. We collected signals from nearly 300,000 devices, revealing vulnerabilities for both law enforcement and everyday citizens alike.

Published: 2024-09-05T10:30:00



Security Latest

The Japanese Robot Controversy Lurking in Israel’s Military Supply Chain

Activists claim Japanese industrial robots are being used to build military equipment for Israel. The robot maker denies the claims, but the episode reveals the complex ethics of global manufacturing.

Published: 2024-09-04T05:00:00



Security Latest

The US Navy Is Going All In on Starlink

The Navy is testing out the Elon Musk owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.

Published: 2024-09-03T11:00:00



Security Latest

Taylor Swift Concert Terror Plot Was Thwarted by Key CIA Tip

Plus: China-linked hackers infiltrate US internet providers, authorities crack down on a major piracy operation, and a ransomware gang claims attacks during the Paris Olympics.

Published: 2024-08-31T10:30:00



Security Latest

Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa.

Published: 2024-08-29T14:17:35



Security Latest

Harmful 'Nudify' Websites Used Google, Apple, and Discord Sign-On Systems

Single sign-on systems from several Big Tech companies are being incorporated into deepfake generators, WIRED found. Discord and Apple have started to terminate some developers’ accounts.

Published: 2024-08-29T10:00:00



Security Latest

Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor

In addition to its long-standing password spraying attacks, Microsoft says Iran-backed hacker group Peach Sandstorm or APT 33 has developed custom malware dubbed “Tickler.”

Published: 2024-08-28T15:19:42



Security Latest

Telegram CEO Pavel Durov’s Arrest Linked to Sweeping Criminal Investigation

French authorities detained Durov to question him as part of a probe into a wide range of alleged violations including money laundering and CSAM but it remains unclear if he will face charges.

Published: 2024-08-26T21:23:38



Security Latest

Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance

Durov has reportedly been detained in France over Telegram’s alleged failure to adequately moderate illegal content on the messaging app. His arrest sparked backlash and left some associates asking, what now?

Published: 2024-08-25T22:01:52



Security Latest

The US Navy Has Run Out of Pants

Plus: The US intelligence community formally blames Iran for Trump campaign hack, aircraft-tracking platform FlightAware says a “configuration error” exposed sensitive user data, and more.

Published: 2024-08-24T10:30:00



Security Latest

When War Came to Their Country, They Built a Map

The Telegram channel and website Deep State uses public data and insider intelligence to power its live tracker of Ukraine’s ever-shifting front line.

Published: 2024-08-23T09:00:00



The Hacker News

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector. "After an initial chat conversation, the attacker sent a ZIP file that contained

Published: 2024-09-07T12:58:00



The Hacker News

FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals

Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire

Published: 2024-09-07T12:40:00



The Hacker News

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management

Published: 2024-09-06T21:25:00



The Hacker News

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances. In

Published: 2024-09-06T20:44:00



The Hacker News

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com). Adversaries targeting open-source repositories across

Published: 2024-09-06T20:33:00



The Hacker News

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025

The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,

Published: 2024-09-06T15:07:00



The Hacker News

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an

Published: 2024-09-06T12:05:00



The Hacker News

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid

Published: 2024-09-06T10:52:00



The Hacker News

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed

Published: 2024-09-06T09:32:00



The Hacker News

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky

Published: 2024-09-05T21:49:00



The Hacker News

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1

Published: 2024-09-05T21:35:00



The Hacker News

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design Agency (SDA),

Published: 2024-09-05T17:34:00



The Hacker News

NIST Cybersecurity Framework (CSF) and CTEM Better Together

It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally

Published: 2024-09-05T14:49:00



The Hacker News

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed

Published: 2024-09-05T13:15:00



The Hacker News

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems. "KTLVdoor is a highly obfuscated malware that

Published: 2024-09-05T10:33:00



The Hacker News

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account

Published: 2024-09-05T10:10:00



The Hacker News

North Korean Hackers Targets Job Seekers with Fake FreeConference App

North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for

Published: 2024-09-04T21:22:00



The Hacker News

Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the NIST National

Published: 2024-09-04T19:06:00



The Hacker News

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack

A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in "hundreds of thousands" of malicious package

Published: 2024-09-04T18:30:00



The Hacker News

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection. "The improper neutralization of special elements in the

Published: 2024-09-04T16:57:00



The Hacker News

The New Effective Way to Prevent Account Takeovers

Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, "Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them" argues that the

Published: 2024-09-04T16:57:00



The Hacker News

Clearview AI Faces 30.5M Fine for Building Illegal Facial Recognition Database

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of 30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an "illegal database with billions of photos of faces," including those of Dutch citizens. "Facial recognition is a highly intrusive technology that you

Published: 2024-09-04T14:13:00



The Hacker News

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers

Published: 2024-09-04T11:01:00



The Hacker News

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which

Published: 2024-09-03T18:59:00



The Hacker News

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity

Published: 2024-09-03T18:46:00



The Hacker News

Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks," Dutch security company ThreatFabric said. "Finally, it can use all this exfiltrated

Published: 2024-09-03T15:07:00



The Hacker News

Secrets Exposed: Why Your CISO Should Worry About Slack

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is

Published: 2024-09-03T13:00:00



The Hacker News

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework. "If successful, the adversary could gain any privileges already granted to the affected

Published: 2024-09-03T09:31:00



The Hacker News

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt

A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud. He was

Published: 2024-09-03T07:28:00



The Hacker News

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,

Published: 2024-09-02T19:03:00



The Hacker News

Webinar: Learn to Boost Cybersecurity with AI-Powered Vulnerability Management

The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That's where Artificial Intelligence (AI) comes in. AI isn't just a buzzword; it's a game-changer for vulnerability management. AI is poised to revolutionize vulnerability

Published: 2024-09-02T14:25:00



The Hacker News

Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities

The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate

Published: 2024-09-02T12:30:00



The Hacker News

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. "By mimicking the popular 'noblox.js' library, attackers have published dozens of packages designed to steal sensitive data and compromise systems," Checkmarx

Published: 2024-09-02T09:06:00



The Hacker News

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which has made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months.

Published: 2024-08-31T21:05:00



The Hacker News

Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign

Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that's equipped to

Published: 2024-08-30T18:34:00



The Hacker News

Iranian Hackers Set Up New Network to Target U.S. Political Campaigns

Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a hacking group it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (

Published: 2024-08-30T16:45:00



The Hacker News

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of

Published: 2024-08-30T16:12:00



The Hacker News

New Malware Masquerades as Palo Alto VPN Targeting Middle East Users

Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool. "The malware can execute remote PowerShell commands, download and exfiltrate files, encrypt communications, and bypass sandbox solutions, representing a significant threat to

Published: 2024-08-30T15:50:00



The Hacker News

North Korean Hackers Target Developers with Malicious npm Packages

Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named temp-etherscan-api, ethersscan-api, telegram-con, helmet-validate, and

Published: 2024-08-30T11:55:00



The Hacker News

SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments

A comprehensive guide authored by Dean Parsons, SANS Certified Instructor and CEO / Principal Consultant of ICS Defense Force, emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the

Published: 2024-08-30T11:49:00



The Hacker News

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report. The

Published: 2024-08-30T11:47:00



The Hacker News

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,

Published: 2024-08-30T11:42:00



The Hacker News

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster tracked as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is

Published: 2024-08-29T21:45:00



The Hacker News

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement

Published: 2024-08-29T21:29:00



The Hacker News

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to

Published: 2024-08-29T17:12:00



The Hacker News

How AitM Phishing Attacks Bypass MFA and EDR and How to Fight Back

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, we’re going to look at what AitM phishing

Published: 2024-08-29T16:56:00



The Hacker News

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE)," Akamai researchers Kyle

Published: 2024-08-29T16:35:00



The Hacker News

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized

Published: 2024-08-29T10:11:00



The Hacker News

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database. "The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are

Published: 2024-08-28T21:44:00



The Hacker News

APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor

A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users

Published: 2024-08-28T19:18:00



Security Affairs

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these vulnerabilities: At the end of August, […]

Published: 2024-09-07T16:19:40



Security Affairs

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache plugin is a popular caching plugin for WordPress that accounts for over 5 million active installations. The plugin offers site acceleration through server-level caching and various optimization features. The LiteSpeed Cache plugin […]

Published: 2024-09-07T11:13:28



Security Affairs

Car rental company Avis discloses a data breach

Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information. Car rental company Avis notified customers impacted in an Augus data breach. Threat actors breached one of its business applications and gained access to some of the customers’ personal information. “We discovered on August […]

Published: 2024-09-06T21:48:20



Security Affairs

SonicWall warns that SonicOS bug exploited in attacks

Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. SonicWall warns that a recently fixed access control flaw, tracked as CVE-2024-40766 (CVSS v3 score: 9.3), in SonicOS is now potentially exploited in attacks. “An improper access control vulnerability has been identified in the SonicWall SonicOS management […]

Published: 2024-09-06T18:59:17



Security Affairs

Apache fixed a new remote code execution flaw in Apache OFBiz

Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache OFBiz is an open source product for the automation of enterprise processes that includes framework components and business […]

Published: 2024-09-06T08:13:21



Security Affairs

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

The United States and its allies state that Russia-linked threat actors operating under the GRU are behind global critical infrastructure attacks. The FBI, CISA, and NSA linked threat actors from Russia’s GRU Unit 29155 to global cyber operations since at least 2020. These operations include espionage, sabotage, and reputational damage. The United States and its […]

Published: 2024-09-06T07:09:50



Security Affairs

Veeam fixed a critical flaw in Veeam Backup & Replication software

Veeam addressed 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. Veeam security updates to address multiple vulnerabilities impacting its products, the company fixed 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. The most severe flaw included in the September 2024 security bulletin is a critical, […]

Published: 2024-09-05T19:57:35



Security Affairs

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted […]

Published: 2024-09-05T13:15:02



Security Affairs

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

A cyber attack hit the German air traffic control agency (DFS) disrupting its operations, experts attribute it to Russia-linked group APT28. A cyber attack targeted the German Air Traffic Control Agency (DFS), as reported by Spiegel and European Truth. DFS, based in Langen near Frankfurt, confirmed that attackers breached its office connection but confirmed that […]

Published: 2024-09-05T10:02:17



Security Affairs

Quishing, an insidious threat to electric car owners

Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of […]

Published: 2024-09-05T08:33:20



News Packet Storm

US Charges Russian Military Officers For Unleashing Wiper Malware On Ukraine

Planned Parenthood Confirms Attack Claimed By RansomHub

Apache Makes Another Attempt At Patching Exploited RCE In OFBiz

Recent SonicWall Firewall Vuln Exploited In The Wild

Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation

Russian Doppelganger Campaign Exposed

White House's New Fix For Cyber Job Gaps: Serve The Nation In Infosec

North Korean Hackers Target Job Seekers With Fake App

Cisco Patches Critical Vulns In Smart Licensing Utility

US Targets Election Influence Operation With Charges, Sanctions, Domain Seizures

Colorado Tops List Of Cyberattacks Per Capita In The US

Ukrainian Drones Now Spray Thermite Streams Right Into Russian Trenches

Security Boom Is Over, With Over 1/3 Of CISOs Reporting Flat Or Falling Budgets

VMware Fusion13.x Code Execution Bug Patched

Ex-Senior New York State Staffer Charged In Cash-For-Favors Scandal With China

Cicada Ransomware May Be A BlackCat/ALPHV Rebrand And Upgrade

Zyxel Patches Critical Vulns In Networking Devices

FBI: North Korea Aggressively Hacking Cryptocurrency Firms

White House Thinks It's Time To Fix The Insecure Glue Of The Internet: Yup, BGP

Stop Scanning Random QR Codes

Infineon's Cryptographic Library Suffers From An ECDSA Private Key Recovery Vulnerability

Transport For London Confirms Cyberattack

Intel Responds To SGX Hacking Research

Halliburton Says Hackers Removed Data In Cyberattack

Hacker Leaks Data Of 390 Million Users From VK, A Russian Social Network

SecurityWeek

US Gov Removing Four-Year-Degree Requirements for Cyber JobsIndustry Moves for the week of September 2, 2024 - SecurityWeek

Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild

In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams

Apache Makes Another Attempt at Patching Exploited RCE in OFBiz

Cybersecurity M&A Roundup: 36 Deals Announced in August 2024

Veeam Patches Critical Vulnerabilities in Enterprise Products

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks

CISA Breaks Silence on Controversial ‘Airport Security Bypass’ Vulnerability

Russian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and Espionage

Ransomware Gang Claims Cyberattack on Planned Parenthood

CISA News

CISA Launches New Portal to Improve Cyber Reporting

Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024

Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts

FBI and CISA Release Joint PSA, Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting

CISA Releases Secure by Demand Guide

CISA Names First Chief Artificial Intelligence Officer

CISA Releases Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle

CISA and FBI Release Joint PSA: Putting Potential DDoS Attacks During the 2024 Election Cycle in Context

Statement from CISA Director Easterly on Leadership Changes at CISA

CISA Releases Playbook for Infrastructure Resilience Planning

CISA Blog

Learn with Region 8’s Webinar Program

Shaping the legacy of partnership between government and private sector globally: JCDC

SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices

Region 10 Team Provides Vital Election Security Training for Idaho

SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology

SAFECOM Releases New Resource for Cloud Adoption

With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software

SAFECOM and NCSWIC Publish Fall 2023 Joint SAFECOM-NCSWIC Bi-Annual Meeting Executive Summaries

NCSWIC’s Planning, Training, and Exercise Committee releases “Set Your PACE Plan” Flyer

NCSWIC Planning Training, and Exercise Committee releases the Human Factors Resource Guide

All CISA Advisories

Baxter Connex Health Portal

Russian Military Cyber Actors Target US and Global Critical Infrastructure

CISA Releases Four Industrial Control Systems Advisories

Hughes Network Systems WL3000 Fusion Software

FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure

CISA Releases One Industrial Control Systems Advisory

CISA Adds Three Known Exploited Vulnerabilities to Catalog

LOYTEC Electronics LINX Series

CISA and Partners Release Advisory on RansomHub Ransomware

CISA Releases Three Industrial Control Systems Advisories

Exploit-DB.com RSS Feed

[webapps] NoteMark < 0.13.0 - Stored XSS

[webapps] Gitea 1.22.0 - Stored XSS

[webapps] Invesalius3 - Remote Code Execution

[dos] Windows TCP/IP - RCE Checker and Denial of Service

[webapps] Aurba 501 - Authenticated RCE

[webapps] HughesNet HT2000W Satellite Modem - Password Reset

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

[webapps] Helpdeskz v2.0.2 - Stored XSS

[webapps] Calibre-web 0.6.21 - Stored XSS

[webapps] Devika v1 - Path Traversal via 'snapshot_path'

[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

[local] Oracle Database 12c Release 1 - Unquoted Service Path

[webapps] Ivanti vADC 9.9 - Authentication Bypass

[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection

[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection

[webapps] Microweber 2.0.15 - Stored XSS

[webapps] Customer Support System 1.0 - Stored XSS

[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition

[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

[webapps] Boelter Blue System Management 1.3 - SQL Injection

[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

[webapps] XMB 1.9.12.06 - Stored XSS

[webapps] Carbon Forum 5.9.0 - Stored XSS

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)

[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)

[webapps] Dotclear 2.29 - Remote Code Execution (RCE)

[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)

[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)

[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)

[webapps] Aquatronica Control System 5.1.6 - Information Disclosure

[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)

[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

[webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

[webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)

Full Disclosure

[SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78)

[SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395)

[SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312)

[SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269)

[SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434)

[SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23)

Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH)

HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage

Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials

Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution

Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage

[SYSS-2024-024]: C-MOR Video Surveillance - Improper Access Control (CWE-284)

[SYSS-2024-023]: C-MOR Video Surveillance - SQL Injection (CWE-89)

[SYSS-2024-022]: C-MOR Video Surveillance - Cross-Site Request Forgery (CWE-352)

[SYSS-2024-021]: C-MOR Video Surveillance - Persistent Cross-Site Scripting (CWE-79)

Open Source Security

Security fixes available in Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20

CVE-2024-45751: CHAP authentication bypass in user-space Linux target framework (tgt) up to v1.0.92

libpcap 1.10.5 released with two security fixes

CVE-2024-7012, CVE-2024-7923: Authentication bypass in Foreman & Pulpcore

CVE-2024-45034: Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes

CVE-2024-45498: Apache Airflow: Command Injection in an example DAG

Re: Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init()

Go 1.23.1 and Go 1.22.7 released with 3 security fixes

[OSSA-2024-003] OpenStack Ironic: Unvalidated image data passed to qemu-img (CVE-2024-44082)

CVE-2024-43402: Rust before 1.81.0 didn't fully fix argument escaping for batch files

Re: CVE-2024-45310: runc can be tricked into creating empty files/directories on host

Webmin UDP/10000 discovery service Loop DoS (COK-2024-05-05)

CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE

CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing)

CPython: [CVE-2024-6232] Regular-expression DoS when parsing TarFile headers

Ethical Hacking News

ISP Compromise Highlights Need for Secure Software Updates

A recent incident involving a China-linked threat actor compromising an internet service provider (ISP) has highlighted the need for secure software update mechanisms, emphasizing the importance of DNS over HTTPS or TLS and robust signature checks to prevent similar attacks.

Published: Tue Aug 6 13:56:13 2024










     


© Ethical Hacking News . All rights reserved.

Privacy | Terms of Use | Contact Us