Category: Attack Feeds

– [[{“value”:”Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. “Sighting this group’s [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them,” Kaspersky”}]] ...

– Starting October 2024, WordPress requires plugin and theme authors to enable two-factor authentication (2FA) and use SVN-specific passwords…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of four blog posts is meant to supplement the talk and provide additional technical details. For those who did not attend OffensiveCon, you can also watch the full talk here: “Half Measures and Full Compromise: Exploiting Microsoft Exchange PowerShell Remoting”. This blog post...

– [[{“value”:”Cicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024. Read more in my article on the Tripwire State of Security blog.”}]]  – Read More  – Graham Cluley 

– Boston, MA, 5th September 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” It was probably only a matter of time, after a quiet spell, before the Predator spyware showed new signs of life. Recorded Future’s Insikt Group, in research published Thursday and shared exclusively with CyberScoop, said  it has observed new infrastructure and domains connected to the infamous spyware, which has targeted members of the U.S. Congress, United Nations officials...

– [[{“value”:” Planned Parenthood of Montana confirmed Wednesday that it was targeted in a late-August “cybersecurity incident” and that it is investigating the matter.  The statement from Planned Parenthood of Montana CEO & President Martha Fuller said the organization identified the incident Aug. 28 and “immediately implemented our incident response protocols, including taking portions of our network offline as a...

– [[{“value”:” Special budget powers that Congress gave Cyber Command have allowed it to swiftly accomplish tasks that would’ve once taken years, its commander Gen. Timothy Haugh said Thursday. The authority over its own budget means Cyber Command is able to respond quickly to changing conditions in the cyber landscape, Haugh said. “Now with budget authority, we really have the...

– [[{“value”:”The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design Agency (SDA),”}]]  – Read...

– OnlyFans account hackers are finding themselves on the receiving end of a nasty cyber surprise.  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally  – Read More  –...

– As part of its mission to protect investors and maintain efficient markets, the US Securities and Exchange Commission (SEC) released a new set of final rules[1] on July 26, 2023, which changed how publicly traded companies in the U.S. must disclose information about cybersecurity risks, governance, and incidents. Specifically, the new rules require “disclosure of […]  – Read More ...

– [[{“value”:”Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed”}]]  –...

– [[{“value”:”The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems. “KTLVdoor is a highly obfuscated...

– [[{“value”:”Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below – CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user credential for an administrative account”}]]  – Read More ...

– JFrog’s cybersecurity researchers have identified a new PyPI attack technique called “Revival Hijack,” which exploits package deletion policies. Over 22,000 packages are at risk, potentially impacting thousands of users. Stay informed!  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”There’s a whole new dating scam that could mean you end up out of pocket (or beaten up) after a first date with a glamorous admirer, and a woman in Los Alamos uses an Air Tag to entrap a thief. Plus – don’t miss our featured interview with Maya Irvine of Sysdig. All this, and a very bad Cockney...

– [[{“value”:” The U.S. government formally accused Russia of attempting to interfere in the 2024 elections, as the Department of Justice unveiled charges Wednesday against multiple individuals and seized dozens of domains they say were part of a wide-ranging campaign to influence American voters. During a press conference, Attorney General Merrick Garland said the operations “make clear the ends to...

– Hacktivists unite for the #FreeDurov campaign to launch a massive cyber campaign against France in response to Telegram…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” A Nigerian man who pleaded guilty to participating in multiple business email compromise schemes over several years was sentenced to five years in prison Tuesday and ordered to pay nearly $5 million in restitution. Franklin Ifeanyichukwu Okwanna, 34, pleaded guilty May 20 to his role in the operation, federal prosecutors said in a statement. Ebuka Raphael Umeti, 35,...

– [[{“value”:”North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for”}]]  – Read More  – The Hacker...

– Beware of “Angry Stealer,” a new malware targeting your online accounts. This rebranded version of Rage Stealer steals…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the...

– Torrance, United States / California, 4th September 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in “hundreds of thousands”...

– Cary, North Carolina, 4th September 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection. “The improper neutralization of special elements in the”}]]  – Read...

– Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, “Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” argues that the  –...

– [[{“value”:”The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an “illegal database with billions of photos of faces,” including those of Dutch citizens. “Facial recognition is a highly intrusive technology that...

– Beware of fake GlobalProtect VPN downloads! A new malware campaign uses SEO poisoning and spoofed websites to deliver…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”A new malware campaign is spoofing Palo Alto Networks’ GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers”}]]  –...

– Singapore, Singapore, 4th September 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” Leaders at the Cybersecurity and Infrastructure Security Agency continue to express confidence that the nation’s election infrastructure is well-protected for the 2024 elections, citing a litany of improvements to election security made since 2016.  One thing you shouldn’t expect CISA to continue this cycle? Petitioning social media platforms to take down false or inaccurate posts about elections. In...

– [[{“value”:” A White House plan for strengthening routing security that the Biden administration released on Tuesday looks to build on a growing body of executive branch work to fortify a vulnerable element of the internet. Administration officials have warned that a set of technical rules for internet data routing, known as Border Gateway Protocol, are a target for hackers...

– [[{“value”:”In episode 14 of “The AI Fix”, Graham makes an apology, Mark wonders if suicide drones have second thoughts, people pretend to be robots, and some researchers prove that all you need for an AI to generate a somewhat usable version of the computer game Doom out of thin air is to already have a fully-working copy of the...

– Miami, New York, Paris, Worldwide, 3rd September 2024, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:” An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing. This week, several readers reported receiving sextortion emails that...

– [[{“value”:” This version of the blog is preserved for archival purposes only. An updated version of this blog, including links to new PoC code, can be found here. What do you do when you’ve found an arbitrary file delete as NT AUTHORITYSYSTEM? Probably just sigh and call it a DoS. Well, no more. In this article, we’ll show you...

– [[{“value”:” A critical vulnerability in VMWare Fusion that allows code execution in the program with standard user privileges was released last Wednesday, according to Broadcom. The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug — CVE-2024-38811 — has a CVSSv3 base score of 8.8 and is caused by an insecure...

– Three men plead guilty to running OTP Agency, a website that enabled criminals to bypass banking security and…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

– [[{“value”:”Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. “It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector,” cybersecurity”}]]  – Read More  – The Hacker News 

– [[{“value”:”A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. “Head Mare uses more up-to-date methods for obtaining initial access,” Kaspersky said in a Monday analysis of the group’s tactics and tools. “For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which”}]] ...

– [[{“value”:” A new ransomware variant that emerged two months ago names itself after a decade-old internet mystery known as Cicada 3301, according to new research from the cybersecurity firm Morphisec. The Rust-based ransomware variant also bears significant resemblance to the BlackCat malware, also known as ALPHV, that has wreaked havoc due to the operators’ aggressive tactics. Though the Cicada3301...

– [[{“value”:”Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. “This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks,” Dutch security company ThreatFabric said. “Finally, it can use...

– [[{“value”:” Working for Donald Trump during his term as president left a number of his top officials embittered.  The tumult sometimes trickled down among cybersecurity officials who served under him, with Trump famously firing the head of the Cybersecurity and Infrastructure Security Agency, Chris Krebs, and infighting on the National Security Council pushing some cyber officials aside. Despite the...

– [[{“value”:” A prolific disinformation group linked to the Chinese government has stepped up its efforts to impersonate Americans this year in an attempt to degrade and diminish U.S. politicians and institutions in the eyes of voters. Spamouflage — also known as Dragonbridge, Taizi Flood and Empire Dragon —  produces high-volumes of spammy, inauthentic content online in an effort to...

– [[{“value”:”In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It’s a typical Tuesday in June 2024. Your dev...

– [[{“value”:”Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework. “If successful, the adversary could gain any privileges already granted to the affected”}]]  – Read More  – The Hacker...