Category: Attack Feeds

Attack Feeds

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data – [email protected] (The Hacker News)

– [[{“value”:”Threat hunters are warning about an updated version of the Python-based NodeStealer that’s now equipped to extract more information from victims’ Facebook Ads Manager accounts and harvest credit card data stored in web browsers. “They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement,” Netskope Threat Labs researcher”}]]  –...

Attack Feeds

Smashing Security podcast #394: Digital arrest scams and stream-jacking – Graham Cluley

– [[{“value”:”In our latest episode we discuss how a woman hid under the bed after scammers told her she was under “digital arrest”, how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI. All this and much more is discussed in the latest edition of the...

Attack Feeds

 US charges five men linked to ‘Scattered Spider’ with wire fraud – Greg Otto

– [[{“value”:” Federal authorities unsealed charges Wednesday against five individuals with links to the “Scattered Spider” cybercrime syndicate, accusing them of conducting an extensive phishing scheme that compromised companies nationwide, enabling the theft of non-public data and millions in cryptocurrency.  Ahmed Hossam Eldin Elbadawy, 23, of Texas; Noah Michael Urban, 20, of Florida; Evans Onyeaka Osiebo, 20, of Texas; and...

Attack Feeds

CISOs can now obtain professional liability insurance – Greg Otto

– [[{“value”:” Professional liability insurance is designed to protect executives against claims of negligence or inadequate work arising from their services. Companies often use these policies to safeguard a business’s financial assets from the potentially high costs of lawsuits and settlements in the event someone alleges executives have failed to uphold their duties. The policies often cover CEOs, CFOs, and...

Attack Feeds

Vulnerability disclosure policy bill for federal contractors clears Senate panel – mbracken

– [[{“value”:” A bill that would require federal contractors to implement vulnerability disclosure policies that comply with National Institute of Standards and Technology guidelines cleared a key Senate panel Wednesday, setting the bipartisan legislation up for a vote before the full chamber. The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 (S. 5028) from Sens. Mark Warner, D-Va., and James...

Attack Feeds

Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater” – gallagherseanm

– Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to an Iranian threat actor commonly referred to as MuddyWater or TA450. Earlier […]  – Read More ...

Attack Feeds

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments – [email protected] (The Hacker News)

– [[{“value”:”Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. “Criminals can now misuse Google Pay...

Attack Feeds

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity – [email protected] (The Hacker News)

– [[{“value”:”Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike’s earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use...

Attack Feeds

Enhancing Cyber Resilience in US SLED Organizations – [email protected]

– [[{“value”:” 2024 Cyber Resilience Research Unveils US SLED Sector Challenges New data illuminates how US SLED leaders can prioritize resilience. US SLED (State, Local, and Higher Education) organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to US SLED...

Attack Feeds

NHIs Are the Future of Cybersecurity: Meet NHIDR – [email protected] (The Hacker News)

– The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take  – Read More  – The Hacker News 

Attack Feeds

Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package – [email protected] (The Hacker News)

– [[{“value”:”Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that”}]]  – Read...

Attack Feeds

What is 2FA? – cyberpro

– [[{“value”:” Two-Factor Authentication (2FA) is a security process that adds an additional layer of protection to your accounts by requiring two different types of credentials to verify your identity before granting access. It ensures that even if one of the factors (like your password) is compromised, unauthorised access is still prevented because the attacker would need […] The post...

Attack Feeds

Social Media Hackers: How They Operate and How to Protect Yourself – cyberpro

– [[{“value”:” The Rising Threat of Social Media Hackers Social media platforms are an integral part of daily life, but they are also prime targets for hackers. With billions of users worldwide, these platforms store personal information that is highly valuable to cybercriminals. Understanding how social media hackers operate and learning how to protect your accounts is […] The post...

Attack Feeds

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks – [email protected] (The Hacker News)

– [[{“value”:”A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications”}]]  – Read More ...

Attack Feeds

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation – [email protected] (The Hacker News)

– [[{“value”:”Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. “This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network”}]]  – Read More  – The...

Attack Feeds

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities – [email protected] (The Hacker News)

– [[{“value”:”Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below – CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 – A cookie management vulnerability...

Attack Feeds

Fintech Giant Finastra Investigating Data Breach – BrianKrebs

– [[{“value”:” The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company....

Attack Feeds

Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules – Tim Starks

– [[{“value”:” A top senator on Tuesday urged the Federal Communications Commission to begin writing rules that would create mandatory security standards for wiretapping systems embedded in the networks of telecommunications carriers. The suggestion to act immediately from Sen. Richard Blumenthal, D-Conn., comes in response to Chinese hackers known as Salt Typhoon, targeting the phones of both 2024 presidential campaigns...

Attack Feeds

Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security – Greg Otto

– [[{“value”:” Microsoft has announced the launch of Zero Day Quest, a significant expansion of its bug bounty programs, focused on uncovering high-impact security vulnerabilities in cloud and AI technologies.  Under the program, Microsoft will double the bounty rewards for eligible AI vulnerabilities from Nov. 19, 2024, to Jan. 19, 2025, and give researchers direct access to the company’s dedicated...

Attack Feeds

Bipartisan Senate bill targets supply chain threats from foreign adversaries – mbracken

– [[{“value”:” An interagency federal council charged with securing the government’s IT supply chain would get stronger oversight powers under new legislation from a bipartisan pair of Senate lawmakers. The Federal Acquisition Security Council Improvement Act from Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., is aimed at better combatting security threats posed by technology products made by companies with...

Attack Feeds

Rail and pipeline representatives push to dial back TSA’s cyber mandates – Christian Vasquez

– [[{“value”:” House Republicans and representatives from the rail and pipeline industries criticized what they say are overly onerous security regulations during a Tuesday hearing that could be a preview of how cyber rules are handled in the Trump administration. The House Homeland Security Subcommittee on Transportation and Maritime Security hearing focused on the business impact of Transportation Security Administration...

Attack Feeds

Looking at the Internals of the Kenwood DMX958XR IVI – Connor Ford

– [[{“value”:” For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the double DIN Kenwood DMX958XR. This unit offers a variety of functionality, such as wired and wireless Android Auto and Apple CarPlay, as well as USB media playback, wireless mirroring, and more. This blog...

Attack Feeds

The AI Fix #25: Beware of the superintelligence, and a spam-eating AI super gran – Graham Cluley

– [[{“value”:”In episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil nuts. Graham meets an elderly grandmother who’s taking on the AI scammers, our...

Attack Feeds

Botnet serving as ‘backbone’ of malicious proxy network taken offline  – mbracken

– [[{“value”:” Whether it’s for espionage purposes or financially motivated cybercrime, proxy services are a common tool in the attacker toolbox. Often used to disguise the true origin or location of malicious activity, proxies can be lucrative for malicious actors, who create them via a botnet and sell access in order for others to run their schemes, which can range...

Attack Feeds

Attackers are hijacking Jupyter notebooks to host illegal Champions League streams – Christian Vasquez

– [[{“value”:” Amid threats of state-backed APTs turning the geopolitical tide by diving into sensitive networks, some hackers are looking to use misconfigured Jupyter notebook servers to watch UEFA Champions League soccer, according to a new report from Aqua Security. Researchers at the cloud security company said in a report released Tuesday that hackers were drawn to the misconfigured JupyterLab...

Attack Feeds

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts – [email protected] (The Hacker News)

– [[{“value”:”Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The”}]]  –...

Attack Feeds

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices – [email protected] (The Hacker News)

– [[{“value”:”The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. “At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices,” the...

Attack Feeds

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority – [email protected] (The Hacker News)

– Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To  – Read More  – The Hacker...

Attack Feeds

Navigating SaaS Security Risks: Key Strategies and Solutions – [email protected]

– [[{“value”:” Software-as-a-Service, an acronym for SaaS applications, has become increasingly popular among businesses looking to enhance efficiency, productivity, and scalability. These cloud-based services have exploded in popularity over the last few years, with the net consumption up 18% in 2023 and 130 apps used per business on average. As cybersecurity threats evolve and grow, the risks associated with SaaS...

Attack Feeds

How to remove the cybersecurity gridlock from the nation’s energy lifelines – Greg Otto

– [[{“value”:” In a world where every digital connection has the potential to be a vulnerability, the stakes for cybersecurity have never been higher.  The recent statement from National Security Advisor Jake Sullivan on supply chain security brings into sharp focus the escalating threats faced by critical infrastructure operators, particularly the energy sector. For the United States, securing this sector...

Attack Feeds

New ‘Helldown’ Ransomware Variant Expands Attacks to VMware and Linux Systems – [email protected] (The Hacker News)

– [[{“value”:”Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. “Helldown deploys Windows ransomware derived from the LockBit 3.0 code,” Sekoia said in a report shared with The Hacker News. “Given the recent development of ransomware targeting ESX, it appears that the...

Attack Feeds

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign – [email protected] (The Hacker News)

– [[{“value”:”U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a “monthslong campaign” designed to harvest cellphone communications of “high-value intelligence targets.” It’s not clear what information was taken, if any,”}]] ...

Attack Feeds

CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws – [email protected] (The Hacker News)

– [[{“value”:”Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was”}]]  – Read More  – The...

Attack Feeds

Alleged Russian Phobos ransomware administrator extradited to U.S., in custody – Tim Starks

– [[{“value”:” A Russian man who allegedly served as an administrator of the Phobos ransomware that’s extorted millions of dollars from more than a thousand victims is in U.S. custody, the Justice Department said Monday. South Korea extradited Evgenii Ptitsyn, 42, to the United States for a court appearance Nov. 4, according to a news release about an unsealed 13-count...

Attack Feeds

The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think – [email protected] (The Hacker News)

– According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year’s report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is...

Attack Feeds

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers – [email protected] (The Hacker News)

– [[{“value”:”Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an “extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory,” Intezer security”}]]  – Read More  –...