Category: Attack Feeds

A top federal cybersecurity official said Wednesday that threat hunters from the Cybersecurity and Infrastructure Security Agency first discovered activity from Salt Typhoon on federal networks, allowing public and private sector defenders to more quickly “connect the dots” and respond to Chinese attacks on the U.S. telecommunications industry.   Speaking at an event hosted by the Foundation for Defending Democracies, CISA...

CIA director nominee John Ratcliffe said during testimony on Capitol Hill that if confirmed, he hopes to develop offensive cyber tools and supports the creation of a cyber-specific deterrence strategy. Ratcliffe, who served as director of national intelligence and in the House of Representatives for Texas, drew a comparison to the concerns over physical, territorial borders. “It’s invasion through our...

A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext’s clients.…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

The Cybersecurity and Infrastructure Security Agency is making one last push before the change in administration for increased information sharing between the public and private sectors, releasing an artificial intelligence-focused playbook Tuesday that aims to foster “a unified approach” to handling AI-related cyber threats. The agency’s AI Cybersecurity Collaboration Playbook was developed with the FBI, the NSA’s Artificial Intelligence Security...

The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. “The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews,” Ryan Sherstobitoff, senior vice president of Threat  – Read More ...

Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. “The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” Jérôme Segura, senior director of  – Read More ...

For the upcoming Pwn2Own Automotive contest a total of 7 electric vehicle chargers have been selected. One of these is the Autel MaxiCharger AC Wallbox Commercial (MAXI US AC W12-L-4G) which also made an appearance at the inaugural Pwn2Own Automotive last January.  We have previously posted internal photos of the MaxiCharger in 2023 so the goal of this blog post...

Tel Aviv, Israel, 15th January 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

Silver Spring, United States / Maryland, 15th January 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared with The Hacker  – Read...

Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT  – Read More  –...

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. “Attackers can take control of a malicious server and read/write arbitrary files of any connected client,” the CERT Coordination Center (CERT/CC) said in an advisory. “Sensitive data, such as...

A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

Prague, Czech republic, 15th January 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

CVE-2024-44243, a critical macOS vulnerability discovered recently by Microsoft, can allow attackers to bypass Apple’s System Integrity Protection…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a “multi-month law enforcement operation.” PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People’s Republic of China...

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the “vulnerabilities are trivial to reverse and exploit.” The list of identified flaws is as follows –  – Read More  – The Hacker News 

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344),...

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day...

In its latest security update, Microsoft has addressed a total of 159 vulnerabilities, covering a broad spectrum of the tech giant’s products, including .NET, Visual Studio, Microsoft Excel, Windows components, and Azure services.  The update covers several critical and high-severity flaws across various systems, impacting Windows Telephony Services, Active Directory Domain Services, Microsoft Excel and other key Microsoft services. There...

Cybersecurity is facing new challenges with advances in AI, cloud tech, and increasing cyber threats. Solutions like blockchain…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

Welcome to the first Patch Tuesday of the new year. Even while preparing for Pwn2Own Automotive, the second Tuesday still brings with it a bevy of security updates from Adobe and Microsoft. Take a break from avoiding your New Year’s resolutions and join us as we review the details of their latest security alerts. If you’d rather watch the full...

U.S. and international law enforcement agencies have removed the PlugX malware from thousands of computers worldwide in a coordinated campaign to blunt the effectiveness of one of the most infamous pieces of malware used by malicious cyber actors. According to recently unsealed court documents from the Eastern District of Pennsylvania, the U.S. Department of Justice worked alongside international partners, including...

New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. “Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security co-founder and CEO Dylan Ayrey...

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug  – Read More  – The...

Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI manipulation and…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

The Halcyon RISE Team has identified a new Codefinger ransomware campaign targeting Amazon S3 buckets. This attack leverages…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

Prepare for the 2025 altcoin season: experts predict rising interest in altcoins like WorldCoin, driven by Web3, blockchain,…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia’s General Staff Main  –...

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in...

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. “The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes,” cybersecurity firm  – Read More  – The Hacker News 

The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by blockchain analytics firm Elliptic, show that monthly inflows have increased by 51% since July 2024. Huione Guarantee, part  – Read More ...

A draft cybersecurity executive order would tackle cyber defenses in locations ranging from outer space to the U.S. federal bureaucracy to its contractors, and address security risks embedded in subjects like cybercrime, artificial intelligence and quantum computers. The draft, a copy of which CyberScoop obtained, constitutes one big last stab at cybersecurity in the Biden administration’s eleventh hour. The order...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could  – Read More  – The...

A hacking group linked to Russian intelligence has been observed leveraging seemingly legitimate documents from the Kazakhstan government as phishing lures to infect and spy on government officials in Central Asia, according to researchers at Sekoia. The files, laced with malware, include draft versions of diplomatic statements, correspondence letters, internal administrative notes and other documents attributed to the Kazakhstan government...

The post Biden administration unveils export controls on AI models, chips appeared first on CyberScoop.   – Read More  – CyberScoop 

Imagine trusting your pastor with your savings, only to find out he’s running a crypto scam. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

In recent months, incoming Trump administration national security adviser Mike Waltz and some lawmakers have suggested that in response to Chinese cyber breaches, the United States needs to prioritize taking more aggressive offensive actions in cyberspace rather than emphasizing defense. It’s been said before. And it’s easier said than done. Experts that spoke with reporters for this story note several...

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in  – Read More  – The Hacker...

SUMMARY Three Russian nationals have been indicted for their alleged roles in running cryptocurrency mixing services Blender.io and…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the  – Read...

The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into...

Telefónica faces a data breach impacting its internal systems, linked to hackers using compromised credentials. Learn more about this alarming cyber threat.  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for command-and-control (C2). In partnership...

Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). “This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment  – Read More  – The Hacker News 

With the advent of virtual reality, everyone got scared that the life we ​​know will disappear, and only…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

SUMMARY Cybercriminals are deploying a tricky new phishing campaign impersonating the cybersecurity firm CrowdStrike‘s recruiters to distribute a…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in Microsoft’s Windows LDAP service (CVE-2024-49113), which can cause denial-of-service attacks.  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News