AttackFeed Cybersecurity News
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it’s likely associated with the North Korean state-sponsored group tracked as Kimsuky. “The malware payloads used in the DEEP#GOSU represent a- The Hacker News – Read More
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Virtual reality (VR) offers profound benefits across industries, particularly in education and training, thanks to its immersive nature. Through derivatives, such as 3D learning environments, VR enables learners...
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. “A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow- The Hacker News – Read More
By Waqas Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines – Dark Web Tool Aims at E-commerce! This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
By Owais Sultan Web3 infrastructure leader COTI is excited to announce a significant community rewards initiative, with the platform airdropping up… This is a post from HackRead.com Read the original post: COTI Announces Upcoming V2 Airdrop Campaign Worth +10M USD – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Sandu Boris Diaconu was involved in conspiracy to commit access device and computer fraud – Read More –
Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.- Graham Cluley – Read More
By Deeba Ahmed 40% of 2024 CVEs Missing Key Info: NVD Data Gap Raises Security Risks! This is a post from HackRead.com Read the original post: NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. “It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website,” Netskope Threat Labs- The Hacker News – Read More
In September, 2022 it was reported that the Chinese social media platform, TikTok, had experienced a “potential” data breach that exposed the user information of over 2 billion users. Multiple warnings went out from a variety of cybersecurity organisations, but it didn’t seem to trickle down to the users themselves for some time. As investigations […] The post TikTok Hacking:...
Seven years into its ethical hacking program, the Pentagon received its 50,000th vulnerability report on March 15 – Read More –
The voluntary FCC program will allow smart device manufacturers to demonstrate to consumers that their product has met robust cybersecurity standards – Read More –
Post Content – Read More – IC3.gov News
WordPress users of miniOrange’s Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. It impacts the following versions of the two plugins – Malware Scanner (versions <= 4.7.2)...
The flaws, identified by KTrust, enable attackers to bypass rate limits and brute force protection mechanisms – Read More –
[[{“value”:” Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA’s Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of specific security practices. CISA and the Office of Management and Budget (OMB) released the form on March...
A Microsoft report found that 87% of UK organizations are either vulnerable or at high-risk of cyber-attacks, and urged investment in AI as a security tool – Read More –
Scottish NHS trust reveals patient and staff data may have been taken in security breach – Read More –
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. “The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated- The Hacker News – Read More
The International Monetary Fund says it is still looking into a recent compromise of multiple email accounts – Read More –
If migrating SCADA solutions to the cloud, cyber security must be a key consideration for operational technology organisations. – Read More – NCSC Feed
By Waqas Hackers claim to have breached Viber, stealing 740GB of data, including source code, and are now demanding ransom of 8 Bitcoin. This is a post from HackRead.com Read the original post: Hackers Claim Accessing 740GB of Data from Viber Messaging App – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary. “The repositories look- The Hacker News – Read More
A cyberattack on a payment processor that has crippled large parts of the U.S. health care system is inspiring calls in Washington to urgently implement cybersecurity regulations for the sector, setting up a showdown with hospital and health care groups that are stridently arguing against such a move. “As these companies have become so large, it is creating a systemic...
MIAMI — In recent months, U.S. intelligence officials have issued a series of pitched warnings about Chinese hacking operations targeting American critical infrastructure, but at a gathering last week of the world’s foremost industrial cybersecurity experts, the conversations among those charged with protecting these systems were anything but alarmed when it came to China. Instead, conversations on panels and in hallways...
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. “All the common synchronization primitives implemented- The Hacker News – Read More
Speakers: To be announced. Synopsis: Join us during Second Chance Month to discuss the challenges and opportunities of the reintegration of justice-involved individuals into the workforce. We will emphasize the resilience, redemption, and the – Read More – News and Events Feed by Topic
By Waqas Another day, another cybersecurity threat hits unsuspected users! This is a post from HackRead.com Read the original post: New Malware “BunnyLoader 3.0” Steals Credentials and Crypto – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Two firms have been fined $26 million by the US Federal Trade Commission (FTC) for scaring consumers into believing their computers were infected by malware. Read more in my article on the Hot for Security blog.- Graham Cluley – Read More
By Waqas New INTERPOL Financial Fraud assessment reveals how cybercrime is being fueled by the abuse of AI and other technologies. This is a post from HackRead.com Read the original post: AI-Powered Scams, Human Trafficking Fuel Global Cybercrime Surge: INTERPOL – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
By Deeba Ahmed Another day, another massive data breach! This is a post from HackRead.com Read the original post: Massive Data Breach Exposes Info of 43 Million French Workers – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users’ consent- The Hacker News – Read...
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk – and nobody knows why – Read More –
Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard protection mode for Chrome on desktop and iOS will check sites against Google’s server-side list of known bad sites in real-time,” Google’s Jonathan Li and Jasika Bawa said. “If we- The Hacker News – Read More
An AppOmni researcher detailed a misconfiguration in the HSE COVID Vaccination Portal, exposing the health and personal data of over a million Irish citizens – Read More –
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. “The malicious site found in the notepad++ search is distributed through an advertisement block,” Kaspersky- The Hacker News –...
By Deeba Ahmed The data breach is linked to a December 2023 cyberattack. This is a post from HackRead.com Read the original post: Nissan Confirms Data Breach Affected 100,000 Customers and Employees – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years. Onerep’s “Protect” service starts at $8.33...
Three New Hampshire voters and the nonprofit League of Women Voters filed a civil suit Thursday against a number of individuals and companies allegedly behind a January robocall featuring the AI-generated voice of President Joe Biden that urged Democratic state primary voters to stay away from the polls. The complaint, filed in the U.S. District Court of New Hampshire, argues...
The Federal Communications Commission voted Thursday to approve the U.S. Cyber Trust Mark, a voluntary label that denotes that consumer Internet of Things devices like “smart” home appliances meet baseline security standards. The FCC approval is the culmination of a White House initiative and is somewhat modeled after the energy efficiency labeling program Energy Star. The program would create an...
In mid-December, election officers from across Arizona trooped into a bland hotel ballroom for a training session and were greeted by the most routine of messages: brief remarks and a PowerPoint presentation from Arizona Secretary of State Adrian Fontes. But the election workers had been duped. Fontes’ remarks had been generated by AI, and it required serious prompting by the...
An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. Read more in my article on the Tripwire State of Security blog.- Graham Cluley – Read More
By Waqas Microsoft’s Copilot for Security will be accessible through a pay-as-you-use licensing model. This is a post from HackRead.com Read the original post: Microsoft is Opening AI-Powered “Copilot for Security” to Public – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
It can be difficult to over-estimate the benefits that we accrue from the use of technology in our day to day lives. But these benefits have come at a price which has redefined what we expect in terms of privacy. As a member of Generation X, which came of age at the dawn of the Internet era and witnessed the...
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with “conspiring with others to intentionally damage protected computers and to transmit- The Hacker News – Read More
The vote saw 352 members of Congress supporting the bill while only 65 opposed it – Read More –
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said. “To exploit- The Hacker News – Read More
DoControl said one in six employees was found to have shared company data via personal email – Read More –
[[{“value”:” As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SENTRON...
[[{“value”:” View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series Vulnerabilities: Incorrect Pointer Scaling, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to be able to read arbitrary information or execute malicious code on a target product by sending a specially...