Welcome to the Transatlantic Cable a podcast that dives into hot topics in the security news and industry each week. We start off this episode with hacking Starlink! It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes. Then we move on to 7-Eleven show more ...
Russia-linked Shuckworm threat group was found targeting Ukrainian organizations with infostealers. The activity is an extension of the attacks that the CERT-UA reported in July. The attackers delivered two backdoors named Pterodo and Giddome. Both are trademarks of Shuckworm tools and are continually enhanced by the attackers to stay hidden.
The SOVA Android banking trojan came up with a new upgrade that includes a ransomware module. The malware can also now target over 200 digital wallet, crypto, and banking apps to pilfer sensitive data and cookies. Cybercriminals sticking to a set development timeline and upgrading with new features every few months show more ...
Microsoft disrupted activity by the Russia-based TA446 aka SEABORGIUM that was conducting a persistent campaign against people and organizations in NATO countries. The threat group steals the entered credentials and authentication cookies or tokens generated after the user login. These stolen tokens allow the threat group to log in even if 2FA is enabled.
Recent observations of exploits used in the wild reveal that attackers have been making use of new remote code execution vulnerabilities in VMware ONE Access, Identity Manager, Spring Cloud Function, Spring MVC, and Spring Web Flux, among others.
Active adversaries are increasingly exploiting stolen session cookies to bypass multi-factor authentication (MFA) and gain access to corporate resources, according to Sophos.
Almost 7 million users, since 2020, have attempted to install malicious browser extensions, with 70% of those extensions promoting adware to target users with advertisements. On the contrary, Kaspersky stopped around 6,057,308 users from downloading adware, riskware, and malware, which were masked as browser extensions in H1 2022.
The APT29 actors have found a way to disable Purview Audit, formerly known as Advanced Audit, that is available with E5 licenses and certain add-ons of Microsoft Office 365.
The Indonesian Communication and Informatics Ministry will soon issue a technical recommendation to better protect the personal data of Telkom subscribers, while at the same time coordinating with the National Cyber and Encryption Agency (BSSN).
Private equity giant Thoma Bravo has now completed its purchase of enterprise identity security vendor SailPoint in an all-cash deal estimated at $6.9 billion that was initially announced on April 11 of this year.
Although most systems are now back up and running, and the core dealer management system which hosts customer data was unaffected, the firm admitted some infrastructure had been damaged.
Following several attacks on critical infrastructure in recent years and an increasing rate of these attacks, the Department of Energy is providing $45 million in funding for the next generation of technology to protect the electric grid.
Remarkably, Borat RAT can deliver a ransomware payload to the victim's machine to encrypt users' files and demand a ransom. The package also includes a keylogger executable file that monitors and exfiltrates keystrokes on victims' computers.
Cyber adversaries are reportedly attempting to bypass a new 'Restricted setting' security feature in Android 13 using BugDrop. The feature, introduced by Google, blocks sideloaded applications from requesting Accessibility Service privileges. Analysts at Threat Fabric revealed that malware authors are already show more ...
The first six months of 2022 witnessed seven new wiper variants that were used in campaigns against private, government, and military organizations. Wiper malware attacks were detected in 24 nations, besides Ukraine.
The developers started performing DDoS attacks against nations supporting Ukraine or the ones against Russia. It now has over 100,000 subscribers on its Telegram channel.
Cyberattacks don't just affect the virtual world: they can have concerning real-world consequences for everyone, and a recent incident seemingly involving a near miss has demonstrated just how disruptive they can be.
The DirtyCred issue exploits an unknown vulnerability, tracked as CVE-2022-2588, to escalate privileges. The experts explained that the exploits written with DirtyCred would work with different kernels and architectures.
As the blockchain and crypto space continues to evolve and develop in creative and innovative directions, the bulk of this development rests on the bedrock of these applications being safe and secure.
Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta.
IBM's Cost of a Data Breach Report shows that the Middle East registered an average total data breach cost of $7.45 million between March 2021 and March 2022, a 7.6 percent increase over $6.93 million booked over the same period in the earlier year.
The researchers discovered changes in the system storage area as well as the appearance of the same malicious code in the system partition of multiple models, including P48 Pro, Redmi Note 8, Note 30u, and Mate 40.
Nowadays, consumers are receiving fraudulent messages or phone calls that claim to be from the Bangalore Electricity Supply Company Limited (BESCOM) saying that the power supply to their houses will be disconnected owing to payment failure.
The attack caused Fremont County Government buildings and county government systems to remain closed through Friday. So far, there is no indication that city and state-managed systems have been compromised.
According to the first half of the 2022 H1 Global Threat Analysis Report released by Radware this past week, cyberattacks have grown and evolved as a result of the Russian invasion of Ukraine.
This attack makes "for the time being inaccessible all the hospital's business software, the storage systems (in particular medical imaging) and the information system relating to patient admissions," indicated the establishment in a statement.
Like other such attacks, GAIROSCOPE is no different in that it banks on the ability of an adversary to breach a target environment via ploys such as infected USB sticks, watering holes, or supply chain compromises to deliver the malware.
Researchers found Hyperscraper in Dec 2021 and analyzed it using a test Gmail account. It is not a hacking tool but an instrument that helps the attacker steal email data and store it on their machine after logging into the victim's email account.
An Iranian threat group UNC3890 was found targeting Israeli shipping, government, healthcare, aviation, and energy sectors via watering hole attacks and credential harvesting attacks. Additionally, the researchers have discovered a UNC3890 server loaded with scraped Facebook and Instagram information that could employ in social engineering attacks.
Recently, a simple and short email with a suspicious RTF attachment was sent to a telecommunications agency in South Asia. The email was disguised as having come from a Pakistan government division and delivered the PivNoxy malware.
The endless list of stolen credentials available online means that without basic defenses like multifactor authentication (MFA), organizations are at a disadvantage in combating ransomware’s infiltration routes before the malware deployment stage.
On Saturday, DESFA confirmed that its IT infrastructure was hit by a cyberattack and that it had a “confirmed impact on the availability of some systems and possible leakage of a number of directories and files.”
One of the most abused tools for cryptomining is notepad.exe. Using techniques like process hollowing to inject malicious code into legitimate processes like notepad.exe, the cryptomining malware tries to stay below the radar.
LockBit’s site remains largely inaccessible Monday, but briefly showed a message warning that the gang plans to upload Entrust’s stolen data to peer-to-peer networks, making the data almost impossible to take down.
As organizations continue to migrate to the cloud, reliance on third parties and partners increases, which in turn exacerbates the risk of threats through the supply chain.
Serialization is used to convert a data object in memory into a series of bytes for storage or transmission. Deserialization reverses that process by turning a data stream back into an object in memory.
Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server.
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
Teleport 9.3.6 is vulnerable to command injection leading to remote code execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
Red Hat Security Advisory 2022-6053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.56.
Ubuntu Security Notice 5575-2 - USN-5575-1 fixed vulnerabilities in Libxslt. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
WordPress Duplicator plugin version 1.4.7.2 suffers from a backup disclosure vulnerability.
10-Strike Network Inventory Explorer versions 9.3 and below are vulnerable to a SEH based buffer overflow which leads to code execution or local privilege escalation. The vulnerable part of the program is the functionality to add computers from a text file.
A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2022-0028 (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to
Ransomware is the de facto threat organizations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation. Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for ransomware extortion, a crime that
A suspected Iranian threat activity cluster has been linked to attacks aimed at Israeli shipping, government, energy, and healthcare organizations as part of an espionage-focused campaign that commenced in late 2020. Cybersecurity firm Mandiant is tracking the group under its uncategorized moniker UNC3890, which is believed to conduct operations that align with Iranian interests. "The collected
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known
The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers
Malicious hackers are demanding $10 million from a French hospital they hit with ransomware last weekend. The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night, causing major disruption to health services. Read more in my article on the Hot for Security blog.
