Category: Attack Feeds

– [[{“value”:”An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. “Between late 2022 to present, SloppyLemming”}]]  – Read More  – The...

– [[{“value”:”Nation-state threat actors backed by Beijing broke into a “handful” of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. “Investigators”}]]  –...

– MoneyGram faces a cyberattack that has caused global service disruptions for five days. Customers are unable to send…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– Dell faces its third data leak in a week as hacker “grep” continues targeting the tech giant. Sensitive…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” A bill that would push the National Institute of Standards and Technology to set up a formal process for reporting security vulnerabilities in AI systems sailed through a House committee Wednesday. The AI Incident Reporting and Security Enhancement Act, introduced by Reps. Deborah Ross, D-N.C., Jay Obernolte, R-Calif., and Don Beyer, D-Va., was approved via voice vote by...

– [[{“value”:” A hacking unit working with the Iranian government penetrated a Swedish telecommunications firm in August 2023 and pushed 15,000 text messages calling for revenge against people who burned the Quran, Swedish authorities said Tuesday. Using a persona they dubbed “Anzu Team,” hackers working with the Islamic Revolutionary Guard Corps (IRGC) penetrated an unnamed Swedish company that operated a...

– UEEx enhances user security with new compensation policies addressing abnormal market volatility and asset protection. Users can now…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of...

– [[{“value”:” Congressional Republicans on the House Permanent Select Committee on Intelligence are requesting a briefing from the FBI and Securities Exchange Commission on e-commerce app Temu and its parent company, Pinduoduo, saying both pose a potential threat to national security and the personal data of Americans. In a letter sent Tuesday to FBI Director Christopher Wray and SEC Chair...

– [[{“value”:” The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen...

– DragonForce ransomware is expanding its RaaS operation and becoming a global cybersecurity threat against businesses. Companies must implement…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers’ systems. “It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language,” Unit...

– LMS training is vital for modern education and corporate learning, enabling efficient course delivery and progress tracking. To…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users’ consent. “Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites,” noyb said”}]]  – Read...

– [[{“value”:”Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it’s too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs  Phishing URLs are often long, confusing, or filled with random characters. Attackers use these to disguise the link’s...

– Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn’t fully delivered on its potential, leaving SOCs still grappling with many of the same  – Read More  – The Hacker News 

– [[{“value”:”A now-patched security vulnerability in OpenAI’s ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool’s memory. The technique, dubbed SpAIware, could be abused to facilitate “continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions”}]]  – Read...

– [[{“value”:”Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many”}]]  – Read...

– [[{“value”:”The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the”}]]  – Read More  –...

– Cybercriminals are exploiting the ongoing Sean “Diddy” Combs scandal by spreading the new PDiddySploit malware hidden in infected…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” A CrowdStrike executive apologized Tuesday over a faulty update that caused a massive IT outage two months ago, saying the company has taken steps to make sure it can’t happen again. The history-making July 19 problem involved new threat detection configurations for CrowdStrike’s Falcon security platform that were sent to sensors running on Microsoft Windows devices that the...

– [[{“value”:” The people behind the alleged Iranian hacking effort targeting former President Donald Trump’s campaign continue to share material with journalists, including a letter dated Sept. 15, suggesting recent access to campaign materials or that the election interference operation is ongoing. Judd Legum, the publisher of the Popular Information newsletter, reported Tuesday that the persona that had been reaching...

– [[{“value”:” The Federal Election Commission is expanding the use of federal campaign funds to pay for physical and cybersecurity measures for political candidates, their families and their campaign staff. The amended rules were first proposed earlier this year and passed unanimously by the commission during a Sept. 19 open meeting. They would expand the ability of federal candidates and...

– Leverage Cloud App Development and DevOps to boost business agility, scalability, and security. Optimize operations, deploy faster, and…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro. Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include – Wuta Camera – Nice Shot...

– [[{“value”:” If you just want to read the rules, you can find them here. Earlier this year we held our inaugural Pwn2Own Automotive contest, and it was a rousing success. On our biggest-ever stage (literally), we awarded $1,323,750 over the three-day event as researchers from around the globe demonstrated 49 unique zero days. Today, we’re excited to announce that...

– [[{“value”:” Some vendors for automatic tank gauge systems found in gas stations, airports, and hospitals around the U.S. have ignored warnings concerning multiple critical vulnerabilities, according to alerts from the Department of Homeland Security and a report from the cybersecurity firm Bitsight. Bitsight TRACE researchers and the Cybersecurity and Infrastructure Security Agency worked together to disclose 10 vulnerabilities impacting...

– [[{“value”:”A new ransomware operation has started to leak information it claims has been stolen from organisations it has compromised around the world. In recent days Valencia Ransomware has posted on its dark web leak site’s so-called “Wall of shame” links to gigabytes of downloadable information that has seemingly been exfiltrated from a Californian municipality, a pharmaceutical firm, and a...

– [[{“value”:”The U.S. Department of Commerce (DoC) said it’s proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People’s Republic of China (PRC) and Russia. “The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the...

– [[{“value”:”In episode 17 of The AI Fix, our hosts meet the worst newsreaders in the world, Graham learns about Big Trak and is shocked by a food delivery robot, Mark explains why he won’t be dressing as a pirate, ChatGPT angelically removes a peanut butter sandwich from a VCR, and everyone thinks they’ve got Ebola. Graham explains how his...

– [[{“value”:”Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month. “Kaspersky antivirus customers received a software update facilitating the transition to UltraAV,” the company said in a post announcing the move on September 21. “This update...

– Telegram now shares users’ IP addresses and phone numbers with authorities after valid legal requests. This policy change…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant...

– [[{“value”:” House Homeland Security Chairman Mark Green, R-Tenn., is introducing and seeking to advance a bill this week to address his top legislative priority: strengthening the cybersecurity workforce. The bill — full details of which CyberScoop is first reporting — would create an Reserve Officer Training Corps (ROTC)-like program housed within the Cybersecurity and Infrastructure Security Agency, where students...

– [[{“value”:”Ransomware is no longer just a threat; it’s an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there’s good news: you don’t have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, “Unpacking the 2024 Ransomware Landscape:...

– [[{“value”:”Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions. The new version has been codenamed Octo2 by the malware author, Dutch security firm ThreatFabric said in a report shared with The Hacker News, adding campaigns distributing the malware have”}]]  –...

– [[{“value”:”Two men have been arrested by the FBI and charged in relation to their alleged involvement in a scam which saw almost a quarter of a billion dollars worth of cryptocurrency stolen from a single victim. Two men arrested one month after $230 million of cryptocurrency stolen from a single victim. The men were allegedly less than careful hiding...

– [[{“value”:”The government of Ukraine imposed a ban on the Telegram messaging app being used on official devices belonging to government officials, military staff, and critical infrastructure workers, citing security fears. Read more in my article on the Hot for Security blog.”}]]  – Read More  – Graham Cluley 

– [[{“value”:”In a major policy reversal, the popular messaging app Telegram has announced it will give users’ IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. “We’ve made it clear that the IP addresses and phone numbers of those who violate our rules can be...

– A hacker has leaked 12,000 alleged Twilio call records, including phone numbers and audio recordings. The breach exposes…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” U.S. intelligence officials report that despite  Russia, China and Iran ramping up AI-generated content meant to influence the 2024 election cycle, they lag in generating convincing material that can fool existing detection tools. In their fourth election-related briefing this year, officials from the Office of the Director of National Intelligence and the FBI told reporters that they continue...

– How to make the most of the new features in Sophos Firewall v21.  – Read More  – Sophos News 

– [[{“value”:” The Department of Commerce took another step Monday in its push to scrutinize supply chains by proposing a ban on Chinese and Russian components deemed a national security threat from connected and automated vehicles. The White House and Commerce Department are looking for comments on a rule that would prohibit the sale or importation of vehicles outfitted with...

– Healthcare organizations face a 32% surge in cyberattacks, with sensitive patient data being sold on the Dark Web.…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” The tech giant with the figurative and often literal keys to everyone’s kingdom released a progress report Monday on the cyber overhaul it has undertaken following a spree of major security failures. Microsoft — which is branding the effort as a “Secure Future Initiative” — first launched the cultural shift in November 2023 amid increasing criticism for multiple...

– Sophos has been recognized by Gartner as a Leader in the Endpoint Protection Platforms (EPP) category for the 15th consecutive time.  – Read More  – Sophos News 

– Hackers stole $243M from a single victim by posing as Google and Gemini support, resetting 2FA to access…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News