Category: Attack Feeds

– [[{“value”:”WordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley...

– [[{“value”:” If your remote employee insists on using their own devices, won’t show up on webcam and frequently changes their payment services, you may have accidentally hired a North Korean operative. Those are some of the tactics wielded by the actors behind what Secureworks refers to as Nickel Tapestry, a group known for planting fake IT workers at Western...

– The US DoJ indicts two Sudanese nationals allegedly behind Anonymous Sudan for over 35,000 DDoS attacks targeting critical…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– North Korean hackers target Linux-based payment switches with new FASTCash malware, enabling ATM cashouts. Secure your financial infrastructure…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” A federal grand jury unsealed an indictment Wednesday against two Sudanese brothers allegedly behind Anonymous Sudan, a cybercriminal outfit responsible for tens of thousands of attacks designed to knock websites and services offline. Authorities also unsealed a criminal complaint and announced they had disabled the group’s powerful tool for conducting attacks. Ahmed Salah Yousif Omer, 22, and Alaa...

– [[{“value”:” GitHub’s latest Enterprise Server update fixes a critical vulnerability that allows authentication bypass for on-premise deployments, according to the company. The bug — CVE-2024-9487 — impacts GitHub’s enterprise product and does not affect its software-as-a-service products, according to the company’s release. The Microsoft-owned company said the bug, which is a 9.5 on the CVSS scale, would allow hackers...

– Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” Iranian hackers are aggressively trying to crack passwords in the health care, government, information technology, energy and engineering sectors, an advisory from U.S., Canadian and Australian cyber agencies said Wednesday. The “brute force” attacks — which take a variety of forms — date to October of last year, according to the FBI, the Cybersecurity and Infrastructure Security Agency,...

– [[{“value”:”Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected “threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection.” EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is”}]]  –...

– [[{“value”:” Latino and Hispanic voters are viewed as a critical, up-for-grabs bloc this election cycle, with Republican Donald Trump showing signs of making significant inroads with the groups in polling and advisers to Democrat Kamala Harris singling out those votes as key to winning battleground states like Florida, Nevada, Arizona and Pennsylvania. These voters were bombarded with Spanish-speaking mis-...

– [[{“value”:” Hackers are evading natural language processing detection capabilities used to filter out phishing attacks by adding benign text and links, according to data from Egress’ threat intelligence unit released Tuesday. Egress researchers looked at 40 attacks targeting U.S. organizations that used obfuscation techniques designed to evade anti-phishing services by using natural language processors (NLP) to send malware or...

– [[{“value”:”The FIDO Alliance said it’s working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method. To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange,”}]] ...

– Attackers leverage QR codes in PDF email attachments to spearphish corporate credentials from mobile devices  – Read More  – Sophos News 

– [[{“value”:”The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser...

– [[{“value”:”AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI: The Reality vs. Hype “AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don’t know how to...

– [[{“value”:”To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations. Pivoting on С2 IP addresses to pinpoint malware”}]] ...

– [[{“value”:”A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. “The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis. “”}]]  – Read More ...

– [[{“value”:”The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain”}]]  – Read More  –...

– [[{“value”:”GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 “An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing”}]]  –...

– Finnish Customs and Swedish Police, with Bitdefender’s support, shut down dark web marketplaces Sipulitie and Tsätti. These platforms…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– ESET Research found the Telekopye scam network targeting Booking.com and Airbnb. Scammers use phishing pages via compromised accounts…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device’s unlock pattern or PIN. “This new addition enables the threat actor to operate on the device even while it is locked,” Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild...

– [[{“value”:”North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is “installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs,” a security researcher who goes by...

– [[{“value”:”Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload. “DarkVision RAT communicates with its command-and-control (C2) server using a custom network”}]]  – Read More ...

– [[{“value”:”In episode 20 of “The AI Fix”, Mark asks an AI to make a very important decision, the Nobel academy finds a bandwagon, Graham gets a new nickname, a pair of robots prove that AI can’t do humour, and our hosts find out why emotional support insects haven’t taken off. Graham introduces Mark to Optimus, the robot that can’t...

– [[{“value”:” The number of ransomware attacks that reach the encryption stage dropped 300% over the past two years, due in large part to automatic attack disruption technologies, according to a report out Tuesday from Microsoft.  The findings — which come as part of Microsoft’s fifth annual Digital Defense Report analyzing trends between June 2022 and July 2023 — come amid...

– In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent...

– [[{“value”:” Large organizations that train developers with secure-by-design practices can reliably reduce the number of vulnerabilities introduced into software products by more than 50%, according to a new report from Secure Code Warrior. The Australia-based secure coding platform and software firm analyzed data from 600 enterprise customers over nine years to find out what improvements, if any, can be...

– [[{“value”:”China’s National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries...

– [[{“value”:”Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma. Hijack Loader, also known as DOILoader, IDAT Loader, and”}]]  – Read More ...

– [[{“value”:”The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth. It’s used on...

– Intel Broker claims a major data breach at Cisco, allegedly stealing source codes, confidential documents, and credentials from…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Another day, another ticketing platform breached!  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” Whether it’s selling books, delivering groceries, broadcasting professional football games, or providing countless organizations with IT infrastructure, it’s imperative for Amazon to provide world-class security for its hundreds of millions of customers. But the company has realized the tech used to supply that security can only take it so far.  Executives for the company say that security being...

– [[{“value”:” Around 87,000 IPs are likely susceptible to a Fortinet vulnerability that the Cybersecurity and Infrastructure Security Agency put on its “must patch” list last week because attackers are actively exploiting it, according to data from the nonprofit Shadowserver Foundation. The number was at 87,930 on Saturday before dropping slightly to 86,602 on Sunday. CISA placed the critical remote...

– NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Hey there, it’s your weekly dose of “what the heck is going on in cybersecurity land” – and trust me, you NEED to be in the loop this time. We’ve got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it’s full of stuff they don’t 🤫 want you to know. So let’s...

– [[{“value”:”Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. “Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers Yehuda”}]]  – Read...

– The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on “shift-left” practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning  – Read More  – The Hacker...

– [[{“value”:”A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the”}]]  –...

– Deploy the new 2nd Gen XGS Series desktops with zero touch.  – Read More  – Sophos News 

– [[{“value”:”Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.0...

– Game Freak’s “Teraleak” appears to expose nearly 1 terabyte of sensitive Pokémon data, including source code, cancelled games,…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities”}]]  – Read More ...

– [[{“value”:”The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S. Federal Bureau of Investigation (FBI) taking the “unprecedented step” of creating its...

– [[{“value”:” An advisory committee to the Cybersecurity and Infrastructure Security Agency on Friday approved a series of reports to be delivered to the agency aimed at boosting national cyber resilience, increasing public awareness of CISA efforts, and better securing the world’s digital ecosystem. Members of CISA’s Cybersecurity Advisory Committee approved the four draft reports and multiple recommendations in response...

– [[{“value”:”A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. “In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were”}]]  –...