Category: Attack Feeds

– [[{“value”:” Hackers stole sensitive employee data from a software-as-a-service company that advises consumers on trade credit and provides supply chain risk monitoring, according to a Securities and Exchange Commission filing. CreditRiskMonitor.com said on Tuesday that hackers got away with an unspecified amount of data between July 9 and July 17. The pilfered files included personally identifiable information of employees...

– [[{“value”:” An unauthorized party stole encrypted internal data related to employee user accounts from home and small business security provider ADT, the company said Monday in a filing with the Securities and Exchange Commission. The company detected the unauthorized access Oct. 2, according to the filing, and said the “unauthorized actor had illegally accessed ADT’s network using compromised credentials...

– [[{“value”:”In episode 19 of “The AI Fix” podcast, Graham and Mark discover some AI podcast hosts having an existential crisis, a robot dog climbs another step towards world domination, Mark makes a gift for anyone working in tech support, and William Shatner chews through Lucy in the Sky with Diamonds. Things can take a terrible turn when a pair...

– San Francisco, CA, 8th October 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– The Storm-1575 group is known for frequently rebranding its phishing infrastructure. Recently, ANY.RUN analysts identified the deployment of…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Introduction Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately. In the world of cybersecurity, one of the most important areas of application of AI is augmenting and enhancing identity management”}]]  – Read More  –...

– [[{“value”:”Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a checkout page? When it’s an “evil twin”! Malicious redirects can send unsuspecting shoppers...

– [[{“value”:”Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. “The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems,” Kaspersky said, detailing a new campaign that began in June 2024 and continued at...

– Best-in-class price-performance, excellent power efficiency, bolstered threat protection.  – Read More  – Sophos News 

– [[{“value”:”A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization, Slovak cybersecurity company ESET said. “The ultimate goal of”}]]  – Read...

– [[{“value”:”Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an “unprecedented hacker attack.” However, it said “no significant damage” was caused and that everything was working normally”}]] ...

– [[{“value”:”Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to “memory corruption”}]]  – Read...

– American Water faces a cyberattack, disrupting its customer portal and billing operations. The company assures that water services…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Okta fixed a vulnerability in its Classic product that allowed attackers to bypass sign-on policies. Exploitation required valid…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” A pair of hacking operations seemingly tied to Russian President Vladimir Putin’s birthday targeted the country’s top state media provider and the websites associated with its court and judicial system.  VGTRK, the provider of top Russian state media outlets, suffered the attack late Sunday into Monday, according to Gazeta, a Russian news outlet. The attack was first announced...

– [[{“value”:” A New Jersey-based company responsible for providing water to more than 14 million people was hit by a cyberattack which appears to only resulted in the loss of billing systems, according to a Securities and Exchange Commission filing Monday. American Water Works Company, which first learned of the attack on Oct. 3, said there does not appear to...

– [[{“value”:”When Sean Kelly bought a top-of-the-line vacuum cleaner, he imagined he was making a safe purchase. Little did he know that the cleaning machine scuttling about his family’s feet contained a security flaw that could let anyone see and hear their every move. Read more in my article on the Hot for Security blog.”}]]  – Read More  – Graham...

– Torrance, United States / California, 7th October 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– China’s Salt Typhoon hacked AT&T, Verizon, and Lumen, compromising wiretap systems used in criminal investigations. The breach, linked…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Critical security vulnerabilities exposed in DrayTek Vigor routers: Discover how to protect your network from these serious flaws.…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Organizations are losing between $94 – $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the...

– [[{“value”:”Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet “issued over 300,000 attack commands, with a shocking attack density” between September 4 and September 27, 2024. No less than 20,000 commands designed”}]] ...

– [[{“value”:”The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant financial losses.  While traditional password-based systems offer”}]]  – Read More  – The Hacker...

– [[{“value”:”Google has announced that it’s piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging...

– [[{“value”:”Ever heard of a “pig butchering” scam? Or a DDoS attack so big it could melt your brain? This week’s cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it’s too late! ⚡ Threat of the Week Double Trouble: Evil Corp & LockBit Fall: A consortium...

– [[{“value”:”A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. “Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad...

– [[{“value”:”Europe’s top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region. “An online social network such as Facebook cannot use all of...

– A foreign government is believed to have hacked into the Dutch police force’s systems, exposing the contact details…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha...

– DoJ and Microsoft seized over 100 sites used by Russian hackers for phishing campaigns targeting the U.S. The…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Cloud-based solutions are transforming the software quality assurance (QA) industry. As organizations increasingly migrate their development and verification…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” Roughly a month out from Election Day, officials from across the country said they remain focused on carrying out a smooth voting process while bracing for the possibility that their offices could be overwhelmed by angry voters and false claims of election fraud. Speaking at a gathering in Washington D.C. hosted by the Partnership for Large Election Jurisdictions,...

– [[{“value”:”Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials”}]]  –...

– Internet infrastructure provider Cloudflare fends off a massive 3.8 Tbps DDoS attack, surpassing the previous record. Learn how…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Graham Cluley Security News is sponsored this week by the folks at ManageEngine. Thanks to the great team there for their support! It’s almost the end of 2024, and one thing is clear: cybersecurity and compliance are no longer optional; they’re inseparable pillars of survival. This year has seen some of the most severe cyber … Continue reading “Cybersecurity...

– [[{“value”:”A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was”}]] ...

– [[{“value”:”Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off “over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (“}]] ...

– Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities –  – Read More  – The Hacker...

– [[{“value”:”The UK’s Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were found to have been left vulnerable to hackers and unauthorised access for years. Read more in my article on the Hot for Security blog.”}]]  – Read More  – Graham Cluley 

– [[{“value”:” Tina Peters, a former county clerk for Mesa County, Colo., was sentenced to nine years in prison after being convicted earlier this year on seven felony counts for facilitating a data breach involving voting system data in the wake of the 2020 presidential election. The incident is widely viewed as one of the most serious breaches of election...

– New Linux malware ‘Perfctl’ is targeting millions worldwide, mimicking system files to evade detection. This sophisticated malware compromises…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Dubai Silicon Oasis, United Arab Emirates, 3rd October 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” After trying some new approaches to the U.S.-led global Counter Ransomware Initiative this year, the international coalition is already laying the groundwork for next year’s agenda. Thursday wrapped up meetings of the 68 countries with an optional capacity-building day to help those participating nations “get through practical skills,” Anne Neuberger, the deputy national security advisor for cyber and...

– [[{“value”:”Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that’s responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station...

– [[{“value”:” This blog post highlights two additional vulnerabilities in the Autel Maxicharger that were exploited at Pwn2Own Automotive 2024. Details of the patches are also included. Autel has been informed and has deployed a firmware update (v1.35) to address both of these issues. If you want to read about other Autel bugs reported at Pwn2Own, you check out our earlier...

– San Francisco, United States / California, 3rd October 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical...

– [[{“value”:” Microsoft and the U.S. Department of Justice on Thursday announced the seizure of more than 100 domains used by a Russian-backed hacking unit to target more than two dozen civil society organizations between January 2023 and August 2024. Microsoft’s Digital Crimes Unit filed a lawsuit with the NGO Information Sharing and Analysis Center (NGO-ISAC) to seize 66 unique...

– Torrance, United States / California, 3rd October 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News