The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But show more ...
The hacktivist group Ghosts of Palestine has claimed responsibility for the cyberattack on Israeli universities targeting prominent educational institutions. The list of targets includes the Weizmann Institute of Science, Tel Aviv University, Hebrew University of Jerusalem, Technion Israel Institute of Technology, Ben show more ...
In a recent wave of cyberattacks on cryptocurrency enthusiasts, malicious actors have been employing sophisticated tactics to infiltrate macOS systems. The attacks begin innocuously enough, with the target receiving a seemingly legitimate meeting invitation via Calendly, a widely used scheduling application. However, show more ...
The presidential move orders a variety of different departments and organizations to regulate personal data better and provide clear, high standards to prevent foreign access.
A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.
The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat.
Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre.
User-friendly apps allow anybody to serve as traffickers for cybercrime syndicates.
Experts advise organizations in the region to refuse to pay ransom demands.
Applications are increasingly distributed, expanding companies' cloud attack surfaces, and requiring regular testing to find and fix vulnerabilities — else companies risk a growing sprawl of services.
The White House Office of the National Cyber Director puts software developers on notice, calling for a move to memory-safe programming languages and the development of security metrics.
Threat actors using the malware have infected systems within government, healthcare, and other critical infrastructure organizations since at least 2019.
More bad news for Ivanti customers: soon, even if you've patched, you still might not be safe from relentless attacks from high-level Chinese threat actors.
Measuring and tracking your mean time to remediate shows whether vulnerability management is reducing risk and closing opportunities for adversaries.
Per a Proofpoint report, over two-thirds of organizations experienced a successful ransomware incident in the past year, with close to 60% reporting four or more separate ransomware incidents.
Ukraine's military intelligence has reported that Russia has invested over $1 billion in a disinformation campaign called "Maidan-3" aimed at diminishing Western support for Kyiv and sowing distrust among Ukrainian citizens.
The FTC's aggressive approach to enforcing privacy regulations reflects a commitment to ensuring that AI model refinement does not compromise people's privacy or security.
The new executive order targets the unregulated data broker industry and prohibits the sale of genomic, biometric, health, geolocation, and financial data to the identified countries.
According to Imperva's State of API Security Report, attacks on the business logic of APIs, including credential stuffing and data scraping, account for the largest share (27%) of API attacks.
The cybersecurity firm Mandiant has identified a suspected Iranian hacking group, UNC1549, targeting aerospace and defense industries across the Middle East, including in Israel and the United Arab Emirates.
Adversaries are actively conducting sophisticated cyber reconnaissance on critical infrastructure networks in Australia, posing a significant threat to national security.
Computer scientists have developed a fast and efficient method, called BEAST, to generate harmful prompts that elicit undesirable responses from large language models using an Nvidia RTX A6000 GPU with 48GB of memory.
The open-source tool supports various payload delivery chains and has future plans to add more image polyglots, file extensions, and EML file support for stealthy payload delivery.
While customer, supplier, and colleague information was not compromised, the incident may have involved a social engineering attack known as business email compromise (BEC).
The 2023 Cyber Threat Landscape report from France’s National Cybersecurity Agency (ANSSI) highlights a significant increase in cyber espionage campaigns targeting individuals and non-governmental organizations.
Hochschule Kempten, a university of applied sciences in Germany, has been targeted by a criminal cyberattack. The attack has affected access to several IT systems, including email, while the telephone system remains operational.
Russian hacktivist groups' attacks have minimal impact and are more psychological than kinetic, aiming to degrade confidence in governments and rally support for Russian President Vladimir Putin.
Chinese threat actor UNC5325 is adept at using novel malware and "living off the land" techniques to persist in hacked devices even after factory resets and system upgrades.
Cloud-focused malware campaigns are increasingly targeting services like Docker, Redis, Kubernetes, and Jupyter, requiring security teams to reassess their approaches to identifying and responding to emerging cloud threats.
Threat actors are increasingly using zero-day exploits to enhance the success of advanced targeted attacks, with a 70% increase in public ads selling zero-day exploits observed between 2022 and 2023, according to Group-IB.
According to a report by Enea, 76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocketed following the launch of ChatGPT.
The ninth annual Open Source Security and Risk Analysis (OSSRA) report by Synopsys revealed that 74% of commercial codebases contain high-risk open source vulnerabilities, an increase from 48% in 2022.
The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a “backdoor”.
GTPDOOR is a new Linux malware designed for telecom networks that leverages the GPRS Tunnelling Protocol (GTP) for command-and-control communications, posing a threat to subscriber information and call metadata.
Senator Edward Markey has called for an investigation into the data privacy practices of the automotive industry, urging Federal Trade Commission (FTC) Chair Lina Khan to take action.
The attack involves the automated forking of legitimate repositories, resulting in millions of malicious forks with names identical to the original ones, making detection and removal challenging for GitHub.
The Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has allocated $45 million for 16 projects aimed at developing new technologies to prevent cyberattacks and reduce energy disruptions.
The hackers have urged Anycubic to open-source their 3D printers due to software deficiencies and have warned affected customers to disconnect their printers from the Internet until the security issue is patched.
The BlackCat/ALPHV ransomware gang claimed responsibility for a cyberattack on Optum, affecting the Change Healthcare platform and potentially compromising sensitive data of millions of individuals and organizations.
The adversary used a PDF file posing as an invitation from the Ambassador of India to a wine-tasting event, which contained a malicious link leading to the WINELOADER malware.
LockBit has set up new data leak and negotiation sites, and is actively recruiting experienced pentesters to join their operation, indicating a potential increase in future attacks.
Debian Linux Security Advisory 5634-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Ubuntu Security Notice 6653-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the show more ...
Backdoor.Win32.Agent.amt malware suffers from bypass and code execution vulnerabilities.
Backdoor.Win32.Jeemp.c malware suffers from a hardcoded credential vulnerability.
Ubuntu Security Notice 6651-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the show more ...
WordPress IDonate Blood Request Management System plugin versions 1.8.1 and below suffer from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2024-1027-03 - An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9. Issues addressed include XML injection and denial of service vulnerabilities.
Ubuntu Security Notice 6648-2 - It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Zhenghan Wang discovered that the show more ...
A recent cyberattack on Thyssenkrupp’s automotive unit has disrupted production in the car parts division, though the company assures it is fulfilling orders despite the setback. The Thyssenkrupp cyberattack occurred at a plant located in Duisburg, Germany, where a Thyssenkrupp employee detected the breach. show more ...
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as attempted to maintain
U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House said in a statement. This includes sensitive information such as genomic data, biometric data,
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come from the Ambassador of India, inviting diplomatic staff to a wine-tasting
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most
Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of your
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce,” Semperis
Your smartphone may be toast – if you use a hacked wireless charger, we take a closer look at the latest developments in the unfolding LockBit ransomware drama, and Carole dips her toe into online AI romance apps. All this and much much more is discussed in the latest edition of the “Smashing show more ...
The US government has warned the healthcare sector that it is now the biggest target of the BlackCat ransomware group. Read more in my article on the Tripwire State of Security blog.
Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor
Source: grahamcluley.com – Author: Graham Cluley Your smartphone may be toast – if you use a hacked wireless charger, we take a closer look at the latest developments in the unfolding LockBit ransomware drama, and Carole dips her toe into online AI romance apps. All this and much much more is discussed in the show more ...
Source: grahamcluley.com – Author: Graham Cluley Graham Cluley Security News is sponsored this week by the folks at Cynet. Thanks to the great team there for their support! George Tubin, Director of Product Strategy, Cynet Thorough, independent tests are a vital resource as cybersecurity leaders and their teams show more ...
Source: www.bitdefender.com – Author: Graham Cluley Matthew Perry’s official Twitter account was hijacked by scammers this week who attempted to solicit donations from well-meaning fans of the much-loved late actor. The post, which has since been removed from Perry’s Twitter account, asked for show more ...
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Image: Midjourney According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. The person behind this incident added a hacked_machine_readme.gcode file to their show more ...
Source: www.bleepingcomputer.com – Author: Bill Toulas At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim’s machine, giving attackers a persistent backdoor. Hugging Face is a tech firm engaged in artificial intelligence show more ...
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans’ private data to “countries of concern” such as China, Russia, Iran, North Korea, Cuba, and Venezuela. “Our show more ...
Source: www.bleepingcomputer.com – Author: Bill Toulas The Rhysida ransomware gang has claimed the cyberattack on Lurie Children’s Hospital in Chicago at the start of the month. Lurie is a leading pediatric acute care institution in the U.S. that provides care to over 200,000 children annually. The show more ...
Source: www.bleepingcomputer.com – Author: Lawrence Abrams Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. Kali Linux is a distribution created for cybersecurity professionals and ethical hackers to perform penetration testing, show more ...
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Image: Midjourney The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. Change Healthcare is show more ...
Source: www.bleepingcomputer.com – Author: Lawrence Abrams The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week’s law enforcement disruption. Last week, the NCA, FBI, and Europol conducted a coordinated disruption show more ...
Source: www.bleepingcomputer.com – Author: Bill Toulas North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) show more ...
Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: ronstik via Alamy Stock Photo Cybercriminals are laundering stolen funds through ordinary people, thanks to a small ecosystem of user-friendly apps that can turn any mobile user into an unwitting money mule. A new report from Cloud show more ...
Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Pitinan Piyavatin via Alamy Stock Photo The Biden administration continues to push for closer public-private partnerships to harden US information-technology infrastructure, calling on companies to shift to memory-safe programming show more ...
Source: www.cyberdefensemagazine.com – Author: Stevin By Zac Amos, Features Editor, ReHack Cyberattacks are a growing problem worldwide as they can cause significant damage to any organization, big or small. Higher education institutions are especially vulnerable, exposing students and employees to various show more ...
Source: www.cyberdefensemagazine.com – Author: Stevin By Luke Wallace, VP of Engineering at Bottle Rocket With rising oil prices, higher interest rates, and an economic downturn plaguing Europe and China throughout 2023, recession is looming in the United States. However, according to a recent Forrester report, show more ...
Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Network security management refers to the processes and systems that administrators put into place for the purpose of overseeing, regulating and safeguarding an organization’s network infrastructure. A network security management strategy protects show more ...
