Category: Attack Feeds

– [[{“value”:”A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. “In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were”}]]  –...

– [[{“value”:” Members of Congress are pressing federal agencies and telecommunications companies for more information about a reported Chinese government-backed hacking campaign that breached the networks of at least three major U.S. telecoms. Earlier this month, the Wall Street Journal reported that a hacking group tied to Beijing successfully broke into the networks of Verizon, AT&T and Lumen Technologies. The...

– Security-focused wearable company HyperRing has launched a joint venture with Paul, the co-founder of The College of Extraordinary…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” Russian government hackers are targeting known, unpatched vulnerabilities to victimize specific organizations like governments and defense contractors while also scanning the internet for any susceptible systems to attack, U.S. and U.K. cyber agencies said in a joint alert. The threat actors tied to the Russian Foreign Intelligence Service (SVR) “are highly capable of and interested in exploiting software...

– [[{“value”:”Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.  In this post, we’ll explore hybrid attacks — what they are”}]]  – Read More  – The Hacker News 

– Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– The Sophos Women in Technology Network (SWiT) is empowering young girls and women through events and programs that inspire careers in technology and champion gender equality.  – Read More  – Sophos News 

– [[{“value”:”The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who”}]]  –...

– [[{“value”:”GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. “An issue was discovered in GitLab EE”}]]  – Read...

– [[{“value”:”The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said....

– [[{“value”:” The number of malicious packages found in the open-source ecosystem has dramatically grown in the past year, according to a new report from Sonatype. The cybersecurity firm found that the number of malicious packages intentionally uploaded into open-source repositories has jumped by more than 150% compared to last year. Open-source software, a transparent development process where almost anyone...

– [[{“value”:” Of the more than 14,000 IPs of exposed and vulnerable medical devices, health care login portals, and databases throughout the world, nearly half are found in the U.S., according to a report released Thursday. Censys — a search platform that can identify internet-connected devices — scoured the public net and categorized the vast medical playground used by malicious...

– [[{“value”:” Marriott International and its subsidiary Starwood Hotels and Resorts have agreed to a settlement with the federal and state authorities over three separate data breaches between 2014 and 2020. In a 16-page proposed consent order with the Federal Trade Commission, the hotel chains agreed to a series of compulsory actions to improve the way they handle, store and...

– Internet Archive suffered a massive cyberattack, leading to a data breach where 31 million user records were stolen…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– The post CISA official: AI tools ‘need to have a human in the loop’ appeared first on CyberScoop.   – Read More  – CyberScoop 

– Casio experienced a major cyberattack on October 5, 2024, causing system disruptions and raising concerns about a potential…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Boston and London, U.S. and U.K., 10th October 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Austin, TX, USA, 10th October 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X. “Threat”}]]  –...

– [[{“value”:”Financial Business and Consumer Solutions (FBCS), a debt collection agency previously used by Comcast, was the subject of a ransomware attack in February 2024, which had a database of names, addresses, social security numbers, dates of birth, and Comcast account details exposed. Read more in my article on the Hot for Security blog.”}]]  – Read More  – Graham Cluley 

– [[{“value”:”Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. “A vulnerability in the Nortek Linear eMerge E3...

– The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of better pay, the opportunity...

– [[{“value”:”Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. “At first glance, the thing that stood out was the script’s obfuscation, which seemed a bit bizarre because of all the accented characters,” Jscrambler researchers said in an analysis. “The heavy use of Unicode characters, many”}]] ...

– [[{“value”:”The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. “A”}]]  – Read More  – The Hacker...

– [[{“value”:”Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. “An attacker was able to achieve code execution in the content process by exploiting a use-after-free in”}]]  –...

– [[{“value”:”Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.”}]] ...

– [[{“value”:” OpenAI said it has disrupted more than 20 operations and networks over the past year from foreign actors attempting to use the company’s generative AI technologies to influence political sentiments around the world and meddle in elections, including the United States. In some cases, the actors attempted to use ChatGPT and other OpenAI tools to analyze and generate...

– Zug, Switzerland, October 8, 2024 // Supra, the 500k TPS Layer-1 blockchain with MultiVM compatibility for MoveVM and…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” National Cyber Directory Harry Coker said that the White House is focused on securing two foundational aspects of the tech landscape: how information packets are routed across the internet and computer programming languages that can be susceptible to memory-related errors. Speaking at a Recorded Future event Wednesday in Washington, D.C., Coker said the White House is looking at...

– Trojan.AutoIt.1443 targets 28,000 users, spreading via game cheats and office tools. This cryptomining and cryptostealing malware bypasses antivirus…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to...

– [[{“value”:” The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to...

– [[{“value”:” Microsoft on Tuesday shared security updates on 117 common vulnerabilities and exposures, including two that are being actively exploited, according to the company. The actively exploited vulnerabilities relate to the Microsoft Management Console (CVE-2024-43572) and the Windows MSHTML Platform (CVE-2024-43573), the company said. The list includes five publicly disclosed zero-days in total, as part of 28 elevation-of-privilege vulnerabilities,...

– [[{“value”:”Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. “The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution,” Claroty researchers Mashav Sapir and Vera”}]]  – Read More  – The Hacker...

– [[{“value”:”Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. “The threat actor behind...

– The Sui Foundation supports native USDC on the Sui network with $120M in liquidity, marking the 3rd largest…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Abu Dhabi, UAE, October 9, 2024 – Dragonz Lab, a Web3 gaming studio originating from the UK, today…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants...

– Cybercriminals exploit disaster relief efforts to target vulnerable individuals and organizations in Florida, compromising the integrity of relief…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” 2024 Cyber Resilience Research Unveils Financial Services Industry Challenges New data illuminates how financial services leaders can prioritize resilience.  Financial services institutions find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to financial institutions. Get your complimentary copy of...

– [[{“value”:”Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional flaws that the tech...

– Bumper crop of Windows vulns leads the way; 15 product groups represented  – Read More  – Sophos News 

– [[{“value”:”Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result”}]] ...

– Pro-Ukrainian hacktivists from DumpForums claim to have breached Russian cybersecurity giant Dr.Web, stealing over 10 TB of sensitive…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity tools. One of...

– [[{“value”:”Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. “These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community,” Morphisec researcher Shmuel Uzan said in a new report published today, adding “this malware”}]]  – Read More ...

– [[{“value”:”Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated”}]]  – Read More ...

– [[{“value”:” It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details of their latest security alerts. If...

– Morphisec Threat Labs uncovers sophisticated Lua malware targeting student gamers and educational institutions. Learn how these attacks work…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News