Episode 258 of the Transatlantic Cable kicks off with discussions around the Lazarus group, more specifically the new attack being attributed to them. From there, discussions move to talk around some crypto-exchanges sharing geo-tracking public information with ICE (the United States Immigrations and Customs show more ...
In June, researchers from three US universities published a paper describing a actual attack that abuses the fact that CPU frequency changes depend on the load thereon (standard behavior for modern CPUs). CPU frequency is measured in hertz, hence the name Hertzbleed, hinting that a change in this frequency leads to show more ...
Hacktivist group DragonForce Malaysia has been spotted working its way around a Confluence exploit to conduct some action in Windows servers that may lead to ransomware attacks. Network and system admins are suggested to audit and monitor anomalies in networks.
The U.K Army’s Twitter and YouTube accounts were hacked and modified to push crypto scams. While the Twitter account displayed fake NFTs and crypto giveaways, the YouTube account aired Ark Invest live streams. One should keep logging out of their accounts on a regular basis. If nothing, sessionIDs would get clear and stop the attack if an account is compromised.
Red Canary's Detection Engineering team has detected Raspberry Robin malware on the networks of various customers in the technology and manufacturing sectors. The worm can bypass UAC security on targeted systems with legitimate Windows tools. The attack could help hackers deploy additional malware within the victims' networks and escalate privileges.
Ukraine's cybersecurity defense and security agency SSSCIP reported that the country's government and private sector organizations have suffered nearly 800 cyberattacks since the start of the war. Most attacks focused on information harvesting (242 events), along with breach, take down, or malware deployment. show more ...
Resecurity registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong to law enforcement officers and their internal systems.
Researchers found a document that exploited CVE-2022-30190, aka Follina, then downloaded Rozena to deploy a fileless attack and leverage the public Discord CDN attachment service.
This joint advisory provides information—including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)—on Maui ransomware obtained from FBI incident response activities and industry analysis of a Maui sample.
The malware, which was delivered in the victim's spam email, includes an OLE object that points to an HTML file on an external resource that contains JavaScript code. This code exploits Follina.
It disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection.
According to researchers from Microsoft Threat Intelligence Center (MSTIC), the most notable update in the latest variant is the use of a more complex encryption method.
Recently, the malware used by Lazarus, VSingle, has been updated to retrieve C2 server information from GitHub. VSingle has two versions, one targeting Windows OS and the other targeting Linux OS.
It is not easy to obtain a blue badge, and threats of suspension can cause people to react without thinking. Over this uncertainty, such accounts are prime targets for threat actors.
The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts.
Multiple Russian influence networks have been running disinformation and influence campaigns since May designed to sow division in the West over its support for Ukraine, according to Recorded Future.
A group of 29 areas that represent a high risk in terms of vulnerability, abuse of power, mismanagement, or need for drastic changes was analyzed in a new report produced by the Federal Audit Court (TCU).
After the cyberattack, SHI added a message to its website warning customers and visitors that its information systems were undergoing maintenance due to a "sustained outage."
Lockdown Mode is designed for users, such as journalists or activists, who face serious digital threats from NSO Group and other private companies that are developing state-sponsored mercenary spyware.
The leaders of MI5 and the FBI shared the stage for the first time yesterday in a bid to warn business leaders and academics of the seriousness of the espionage threat from China.
Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system.
Wedding officiant training company American Marriage Ministries (AMM) said it is dealing with another data security issue after reporting a breach of sensitive data to the FBI earlier this year.
QNAP says the attacks are focused on Internet-exposed QNAP devices with the SMB service enabled and accounts with weak passwords that can easily be cracked in brute-force attacks.
In advance of this year’s Amazon Prime Day set for July 12 and 13, Check Point said it has seen a 37% jump in Amazon-related phishing attacks at the start of July compared with the daily average for June.
The UK’s leading cybersecurity agency has urged organizations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.
On Twitter and Facebook, the school explained that it is experiencing a system-wide outage of most online services but noted that programs such as Canvas, Adobe, and Microsoft Teams are still available to students.
The added value of ENISA threat intelligence efforts lies in offering updated information on the dynamically changing threat landscape. These efforts support risk mitigation, promote situational awareness and proactively respond to future challenges.
On Windows 11, the Kerberos SSP's KerbRetrieveEncodedTicketMessage message can be used to get an arbitrary service ticket and session key from an AppContainer even without the enterprise authentication capability leading to elevation of privilege.
Dovecot IMAP server version 2.2 suffers from a privilege escalation vulnerability. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied show more ...
Ubuntu Security Notice 5505-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth show more ...
Ubuntu Security Notice 5488-2 - USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.
Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system. The malware gets its name from one of the filenames that's utilized to temporarily store the output of executed commands ("/tmp/.orbit"), according to cybersecurity firm Intezer. "It can be installed
Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies
Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite
Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec. What can tens of thousands of machines tell us about illegal hacker activities? Do you remember that scene in Batman - The Dark Knight, where Batman uses a system that aggregates active sound data from countless mobile phones to create a meta sonar feed of what is going on at any
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health
Researchers have disclosed a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts. "This was done using automation which includes the
Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. Read more in my article on the Tripwire State of Security blog.
A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer show more ...
