Today's cybersecurity headlines are brought to you by ThreatPerspective

Biz & IT Ars Technica

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Yep, passwords for administrators can be changed, too. Vulnerability in Cisco Smart Software Manager lets attackers change any user password Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devi...

Published: 2024-07-17T19:47:38

Biz & IT Ars Technica

Rite Aid says breach exposes sensitive details of 2.2 million customers

Stolen data includes customer names, addresses, birth dates, and driver's license numbers. Rite Aid logo displayed at one of its stores. Rite Aid, the third biggest US drug store chain, said that more than 2.2 million of its customers have been swept into a data breach that stole personal information, including driver's license numbers, addresses, and dates of birth. The company sa...

Published: 2024-07-16T22:09:58

Biz & IT Ars Technica

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice

Files available on the open source NPM repository underscore a growing sophistication. A cartoon door leads to a wall of computer code. Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that backdoored developers' computers when executed. The packages img-aws-s3-obje...

Published: 2024-07-15T20:18:50

Biz & IT Ars Technica

Exim vulnerability affecting 1.5M servers lets attackers attach malicious files

Based on past attacks, it wouldn’t be surprising to see active targeting this time, too. Exim vulnerability affecting 1.5M servers lets attackers attach malicious files More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said. The servers run versions of the Exim mail transfer agent that are vulnerable to a critical vulnerabi...

Published: 2024-07-11T20:47:26

Biz & IT Ars Technica

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

The goal of the exploits was to open Explorer and trick targets into running malicious code. Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday. The vulnerability, present in both Windows 10 and ...

Published: 2024-07-10T21:44:12

The Register - Software

CrowdStrike CEO summoned to explain epic fail to US Homeland Security committee

Boss faces grilling before Congress over disastrous software snafu The US House Committee on Homeland Security has requested public testimony from CrowdStrike CEO George Kurtz in the wake of the chaos caused by a faulty update.

Published: 2024-07-23T12:15:10

The Register - Software

Cybercriminals quickly exploit CrowdStrike chaos

Who loves a global outage? Phishers, fraudsters and all manner of creeps Well that was fast. Criminals didn't waste any time taking advantage of the CrowdStrike-Microsoft chaos and quickly got to work phishing organizations and spinning up malicious

Published: 2024-07-19T15:22:07

The Register - Software

Life, interrupted: How CrowdStrike's patch failure is messing up the world

Oh, was it supposed to be Y2K24? Today is one of those days that will go down in history as an unmitigated IT disaster, with CrowdStrike responsible for taking systems down all over the globe. We know airports, hospitals and the usual critical infras

Published: 2024-07-19T14:58:09

The Verge - Securities

CrowdStrike blames test software for taking down 8.5 million Windows machines

Vector illustration of the Crowdstrike logo. CrowdStrike has published a post incident review (PIR) of the buggy update it published that took down 8.5 million Windows machines last week. The detailed post blames a bug in test software for not properly validating the content update th...

Published: 2024-07-24T05:33:54

The Verge - Securities

The 78 minutes that took down millions of Windows machines

Major IT Outage hits banks, airlines, businesses worldwide On Friday morning, shortly after midnight in New York, disaster started to unfold around the world. In Australia, shoppers were met with Blue Screen of Death (BSOD) messages at self-checkout aisles. In the UK, Sky News had to suspend its br...

Published: 2024-07-23T11:40:18

The Verge - Securities

Wiz rejects Google's $23 billion takeover in favor of IPO

An illustration of the Google logo. Cybersecurity startup Wiz has turned down a $23 billion takeover bid from Google’s parent, Alphabet, breaking off what would have been the largest acquisition in the search giant’s history. In an internal memo seen by CNBC, Wiz co-founder A...

Published: 2024-07-23T04:44:06

The Verge - Securities

CrowdStrike CEO to testify about massive outage that halted flights and hospitals

Vector illustration of the Crowdstrike logo. CrowdStrike CEO George Kurtz was called to testify before the House Homeland Security Committee over the major outage affecting Windows PCs spurred by a faulty update that brought flights, hospital procedures, and broadcasters to a halt on ...

Published: 2024-07-22T18:28:11

The Verge - Securities

CrowdStrike and Microsoft: all the latest news on the global IT outage

Vector illustration of the Crowdstrike logo. A global IT outage grounded flights and resulted in outages at the London Stock Exchange and other systems early Friday morning. Industries ranging from healthcare to banking, air travel, and others are struggling with a global IT outage th...

Published: 2024-07-22T10:53:15

The Verge - Securities

CrowdStrike outage: Photos, videos, and tales of IT workers fixing BSODs

Vector illustration of the Crowdstrike logo. The CrowdStrike outage that hit millions of Windows machines on Friday has left IT workers scrambling to get their organizations’ computer infrastructure back up and running. Images and stories shared online are illustrating just how tediou...

Published: 2024-07-21T12:26:59

The Verge - Securities

CrowdStrike has a new guidance hub for dealing with the Windows outage

Vector illustration of the Crowdstrike logo. CrowdStrike has published a new “Remediation and Guidance Hub” that collects details related to its faulty update that crashed 8.5 million Windows computers across the globe on Friday. The page includes technical information on what caused...

Published: 2024-07-21T10:06:18

The Verge - Securities

CrowdStrike's faulty update crashed 8.5 million Windows devices, says Microsoft

Vector illustration of the Crowdstrike logo. CrowdStrike’s faulty update caused a worldwide tech disaster that affected 8.5 million Windows devices on Friday, according to Microsoft. Microsoft says that’s “less than one percent of all Windows machines,” but it was enough to create pro...

Published: 2024-07-20T13:20:45

The Verge - Securities

CrowdStrike outage Blue Screen of Death photos from around the world

Global IT Outage Affects Airlines, Banks And Retailers SLC, Utah. Terminal 1 Guillermo Rauch (@rauchg) July 19, 2024 Everywhere you look: blue screens of death Morning Brew (@MorningBrew) July 19, 2024 ...

Published: 2024-07-19T14:37:09

The Verge - Securities

Microsoft on CrowdStrike outage: have you tried turning it off and on? (15 times)

Have you turned it off and on again? That familiar refrain from IT departments and The IT Crowd is being echoed by Microsoft today as a recommended way of fixing the faulty CrowdStrike update that has taken down thousands of Windows PCs and...

Published: 2024-07-19T11:34:40


Windows July security updates send PCs into BitLocker recovery

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. [...]

Published: 2024-07-24T06:40:19


BreachForums v1 database leak is an OPSEC test for hackers

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. [

Published: 2024-07-24T00:00:00


Chinese hackers deploy new Macma macOS backdoor version

The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. [...]

Published: 2024-07-23T19:33:36


Hamster Kombat’s 250 million players targeted in malware attacks

Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. [...]

Published: 2024-07-23T18:41:55


DeFi exchange dYdX v3 website hacked in DNS hijack attack

Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. [...]

Published: 2024-07-23T16:08:01


BreachForums v1 hacking forum data leak exposes members’ info

The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. [...]

Published: 2024-07-23T15:24:41


FrostyGoop malware attack cut off heat in Ukraine during winter

Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. [...]

Published: 2024-07-23T13:35:04


Verizon to pay $16 million in TracFone data breach settlement

Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021.

Published: 2024-07-23T12:34:56


Fake CrowdStrike repair manual pushes new infostealer malware

CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. [...]

Published: 2024-07-23T10:31:56


Greece’s Land Registry agency breached in wave of 400 cyberattacks

The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week. [...]

Published: 2024-07-22T18:46:31


US sanctions Russian hacktivists who breached water facilities

The US government has imposed sanctions on two Russian cybercriminals for cyberattacks targeting critical infrastructure. [...]

Published: 2024-07-22T14:16:25

Threat Intelligence

APT41 Has Arisen From the DUST

Written by: Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore Executive Summary In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the

Published: 2024-07-18T10:00:00

Threat Intelligence

Scaling Up Malware Analysis with Gemini 1.5 Flash

gemini-for-malware-analysis-part2-fig9 Written by:Bernardo Quintero, Founder of VirusTotal and Security Director, Google Cloud SecurityAlex Berry, Security Manager of the Mandiant FLARE Team, Google Cloud SecurityIlfak Guilfanov, author of IDA Pro and CTO, Hex-RaysVijay Bolina, Chief Info...

Published: 2024-07-15T14:00:00

Krebs on Security

Phish-Friendly Domain Registry “.top” Put on Notice

The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its lic...

Published: 2024-07-23T19:41:51

Krebs on Security

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Expe...

Published: 2024-07-15T15:24:46

Krebs on Security

Microsoft Patch Tuesday, July 2024 Edition

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against ...

Published: 2024-07-09T19:50:33

The Register - Security

School gets an F for using facial recognition on kids in canteen

Watchdog reprimand follows similar cases in 2021 The UK's data protection watchdog has reprimanded a school in Essex for using facial recognition for canteen payments, nearly three years after other schools were warned about doing the same.

Published: 2024-07-24T08:32:09

The Register - Security

Forget security Google's reCAPTCHA v2 is exploiting users for profit

Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them Google promotes its reCAPTCHA service as a security mechanism for websites, but researchers affiliated with the University of California, Irvine, argue it's harvesting information while extracting human labor worth billions.

Published: 2024-07-24T06:33:11

The Register - Security

CrowdStrike blames a test software bug for that giant global mess it made

Something called 'Content Validator' did not validate the content, and the rest is history CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week.

Published: 2024-07-24T05:17:01

The Register - Security

Security biz KnowBe4 hired fake North Korean techie, who got straight to work ... on evil

If it can happen to folks that run social engineering defence training, what hope for the rest of us? Security awareness and training provider KnowBe4 hired a fake North Korean IT worker for a software engineering role on its AI team, and only realized its mistake once the worker started using his company-provided computer for evil.

Published: 2024-07-24T04:57:14

The Register - Security

Philippines wipes out its legit online gambling industry to take down scammers

President apologizes in advance for job losses The Philippines has decided to dismantle the worst of its offshored industries: the bits that run gambling and scam operations.

Published: 2024-07-24T00:30:15

The Register - Security

How did a CrowdStrike config file crash millions of Windows computers? We take a closer look at the code

Maybe next time some staged rollouts? A bit of QA too? Analysis Last week, at 0409 UTC on July 19, 2024, antivirus maker CrowdStrike released an update to its widely used Falcon platform that caused Microsoft Windows machines around the world to crash.

Published: 2024-07-23T20:52:12

The Register - Security

Administrators have update lessons to learn from the CrowdStrike outage

How could this happen to us? We were supposed to be two versions behind? If administrators have learned anything from the CrowdStrike chaos, it's to understand exactly what delayed updates mean or don't mean in the anti-malware world.

Published: 2024-07-23T17:27:09

The Register - Security

Protecting AI systems from cyber threats

Join Intel, DETASAD, Juniper Networks, and Arqit to hear essential strategies in this webinar on July 30th Webinar Artificial Intelligence (AI) is revolutionizing industries worldwide, but with great power comes great responsibility.

Published: 2024-07-23T17:07:02

The Register - Security

Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis

Latest trend follows various malware campaigns that began just hours after IT calamity Thousands of typosquatting domains are now registered to exploit the desperation of IT admins still struggling to recover from last week's CrowdStrike outage, researchers say.

Published: 2024-07-23T15:15:12

The Register - Security

Alphabet's reported $23B bet on Wiz fizzles out

Cybersecurity outfit to go its own way to IPO and $1B ARR On the day of Alphabet's Q2 earnings call, cybersecurity firm Wiz has walked from a $23 billion takeover bid by Google's parent company.

Published: 2024-07-23T14:32:12

The Register - Security

Securing AI around the world

Gain insight by joining this AI security webinar on July 31 Webinar As artificial intelligence (AI) continues to transform industries in the Middle East, protecting systems from cyber threats is critical.

Published: 2024-07-23T08:17:10

The Register - Security

Google's plan to drop third-party cookies in Chrome crumbles

Ad giant promises to protect privacy, as critics say surveillance continues Google no longer intends to drop support for third-party cookies the online identifiers used by the ad industry to track people and target them with ads based on their online activities.

Published: 2024-07-23T00:03:53

The Register - Security

Global cops power down world's 'most prolific' DDoS dealership

One arrest was made weeks ago but no word on the suspect's identity yet A DDoS-for-hire site described by the UK's National Crime Agency (NCA) as the world's most prolific operator in the field is out-of-action following a law enforcement sting dubbed Operation Power Off.

Published: 2024-07-22T20:15:07

The Register - Security

LA County Superior Court closes doors to reboot justice after ransomware attack

Some rest for the wicked? Los Angeles County Superior Court, the largest trial court in America, closed all 36 of its courthouses today following an "unprecedented" ransomware attack on Friday.

Published: 2024-07-22T17:15:13

The Register - Security

Cybercrooks crafting solo careers in wake of ransomware takedowns

More baddies go it alone as trust in big gangs withers, claims Europol A fresh report from Europol suggests that the recent disruption of ransomware-as-a-service (RaaS) groups is fragmenting the threat landscape, making it more difficult to track.

Published: 2024-07-22T16:33:13

The Register - Security

Oracle coughs up $115M to make privacy case go away

Big Red agrees not to capture personal details after two-year class action Oracle has agreed to cough up $115 million to settle a two-year class action lawsuit that alleged misuse of user data.

Published: 2024-07-22T13:45:11

The Register - Security

EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft

Was a 2009 agreement on interoperability to blame? Did the EU force Microsoft to let third parties like CrowdStrike run riot in the Windows kernel as a result of a 2009 undertaking? This is the implication being peddled by the Redmond-based cloud and software titan.

Published: 2024-07-22T13:00:11

The Register - Security

Two Russians sanctioned over cyberattacks on US critical infrastructure

Supposed hacktivist efforts previously linked to the Kremlin's GRU Flying under the radar on Clownstrike day last week, two members of the Cyber Army of Russia Reborn (CARR) hacktivist crew are the latest additions to the US sanctions list.

Published: 2024-07-22T12:02:03

The Register - Security

Cellebrite got into Trump shooter's Samsung device in just 40 minutes

Also: Second-string Russian hackers sanctioned; Senators demand answers from Snowflake, and more Infosec in brief Unable to access the Samsung smartphone of the deceased Trump shooter for clues, the FBI turned to a familiar if controversial source to achieve its goal: digital forensics tools vendor Cellebrite.

Published: 2024-07-22T03:44:10

The Register - Security

CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes

Rapid restore tool being tested as Microsoft estimates 8.5M machines went down CrowdStrike's now-infamous Falcon Sensor software, which last week led to widespread outages of Windows-powered computers, has also caused crashes of Linux machines.

Published: 2024-07-21T23:51:18

The Register - Security

UK cops arrest teen suspect in MGM Resorts cyberattack probe

17-year-old cuffed as FBI says it will 'relentlessly pursue' miscreants around the globe Cops in the UK have arrested a suspected member of the notorious Scattered Spider crime gang, which is accused of crippling MGM Resorts in Las Vegas with ransomware last summer.

Published: 2024-07-19T21:51:06

The Register - Security

CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear

Our vultures gather to review this very freaky Friday Kettle If you're an IT administrator with Windows boxes on your network, Friday can't have been a lot of fun. What's likely millions of systems were or still are stuck in blue-screen boot loop hell, mostly requiring manual intervention to fix.

Published: 2024-07-19T17:54:07

The Register - Security

CrowdStrike file update bricks Windows machines around the world

Falcon Sensor putting hosts into deathloop - but there's a workaround Updated An update to a product from infosec vendor CrowdStrike is bricking computers running Windows globally.

Published: 2024-07-19T06:46:32

The Register - Security

North Korea likely behind takedown of Indian crypto exchange WazirX

Firm halts trades after seeing $230 million disappear Indian crypto exchange WazirX has revealed it lost virtual assets valued at over $230 million after a cyber attack that has since been linked to North Korea.

Published: 2024-07-19T05:59:07

The Register - Security

Beijing's attack gang Volt Typhoon was a false flag inside job conspiracy: China

Run by the NSA, the FBI, and Five Eyes nations, who fooled infosec researchers, apparently China has wildly claimed the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community.

Published: 2024-07-19T05:09:48

The Register - Security

Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin

Russia-invaded software biz 'grateful for the support we have received' A judge has mostly thrown out a lawsuit brought by America's financial watchdog that accused SolarWinds and its chief infosec officer of misleading investors about its computer security practices and the backdooring of its Orion product.

Published: 2024-07-18T21:06:49

The Register - Security

Kaspersky challenges US government to put up or shut up about Kremlin ties

Stick an independent probe in our software, you won't find any Putin.DLL backdoor Kaspersky has hit back after the US government banned its products by proposing an independent verification that its software is above board and not backdoored by the Kremlin.

Published: 2024-07-18T16:29:05

The Register - Security

Russia's FIN7 is peddling its EDR-nerfing malware to ransomware gangs

Major vendors' products scuppered by novel techniques Prolific Russian cybercrime syndicate FIN7 is using various pseudonyms to sell its custom security solution-disabling malware to different ransomware gangs.

Published: 2024-07-18T13:40:24

The Register - Security

Maximum-severity Cisco vulnerability allows attackers to change admin passwords

You re going to want to patch this one Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins.

Published: 2024-07-18T10:37:09

The Register - Security

Firms skip security reviews of major app updates about half the time

Complicated, costly, time-consuming pick three Updated Cybersecurity workers review major updates to software applications only 54 percent of the time, according to a poll of tech managers.

Published: 2024-07-18T07:28:07

The Register - Security

Release the hounds! Securing datacenters may soon need sniffer dogs

Nothing else can detect attackers with implants designed to foil physical security Sniffer dogs may soon become a useful means of improving physical security in datacenters, as increasing numbers of people are adopting implants like NFC chips that have the potential to enable novel attacks on access control tools.

Published: 2024-07-18T00:54:10

The Register - Security

Merged Exabeam and LogRhythm cut jobs, face lawsuit

Unconfirmed reports suggest 30 percent reduction in headcount Exabeam and LogRhythm a pair of cyber security firms finalized their merger on Wednesday, an occasion The Register understands was marked by swift job cuts and shareholder action to investigate the transaction.

Published: 2024-07-17T23:27:13

The Register - Security

Kaspersky gives US customers six months of free updates as a parting gift

So long, farewell, do svidaniya, goodbye Updated Embattled Russian infosec shop Kaspersky is giving US customers six months of security updates for free as a parting gift as Uncle Sam kicks the antivirus maker out of the American market.

Published: 2024-07-17T18:20:07

The Register - Security

Ransomware continues to pile on costs for critical infrastructure victims

Millions more spent without any improvement in recovery times Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year.

Published: 2024-07-17T15:01:13

The Register - Security

London council accuses watchdog of 'exaggerating' danger of 2020 raid on residents' data

You escaped a big fat fine! Take the win and run, won't you? London's inner city district of Hackney says the UK's data protection watchdog has misunderstood and "exaggerated" details surrounding a ransomware attack on its systems in 2020.

Published: 2024-07-17T11:45:06

The Register - Security

Craig Wright admits he isn't the inventor of Bitcoin after High Court judgment in UK

Aussie definitely not Satoshi Nakamoto, faces 6M legal bill and possible perjury trial Australian Craig Wright has finally admitted he is not the inventor of Bitcoin after losing several cases in the High Court of England and Wales, whose judge has suggested he be investigated for perjury.

Published: 2024-07-17T07:33:05

The Register - Security

Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor

India, Turkey, also being targeted by campaign that relies on corporate email compromise MuddyWater, an Iranian government-backed cyber espionage crew, has upgraded its malware with a custom backdoor, which it's used to target Israeli organizations.

Published: 2024-07-17T00:00:51

The Register - Security

Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin

Extortionists left hanging after rivals crawled into the woodwork The Scattered Spider cybercrime group is now using RansomHub and Qilin ransomware variants in its attacks, illustrating a possible power shift among hacking groups.

Published: 2024-07-16T18:05:11

The Register - Security

Don't be complacent on cybersecurity resilience

Read the 2024 Cisco Cybersecurity Readiness Index for tips on how best to prepare Sponsored Post Protecting sensitive data and mission-critical applications, systems and services from the unwanted attention of hackers and cyber criminals is never easy.

Published: 2024-07-16T14:21:13

The Register - Security

Privacy warriors gripe to UK watchdog about Meta harvesting user data to train AI

Move follows Instagram and Facebook giant's decision to reverse direction in EU after protests A UK data rights campaign group has launched a complaint with the data law regulator against Meta's change of privacy policy which allows it to scrape user data to develop AI models.

Published: 2024-07-16T11:25:59

The Register - Security

FBI gains access to Trump rally shooter's phone

Hasn't said how it did it, but has form cracking devices The FBI on Monday revealed it has gained access to a phone it says was used by Thomas Matthew Crooks the man who shot at and wounded former US president Donald Trump on July 13 in an apparent failed assassination attempt.

Published: 2024-07-16T03:16:30

The Register - Security

Kaspersky culls staff, closes doors in US amid Biden's ban

After all we've done for you, America, sniffs antivirus lab Kaspersky has confirmed it will shutter its American operations and cut US-based jobs following President Biden's ban on the Russian business last month.

Published: 2024-07-15T21:32:15

The Register - Security

ZDI shames Microsoft for yet another coordinated vulnerability disclosure snafu

'It seems like they really don't have a full grasp of what's going on with this patch' Exclusive A Microsoft zero-day vulnerability that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday but without any credit given to ZDI.

Published: 2024-07-15T15:00:11

The Register - Security

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms

Company keeps quiet amid high-profile compromises Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace's acquisition of Google Domains last year.

Published: 2024-07-15T13:45:13

The Register - Security

Google reportedly in talks to buy infosec outfit Wiz for $23B

The security industry has never had a clear leader could it be the Chocolate Factory? Ask any techie to name who leads the market for OSes, databases, networks or ERP and the answers are clear: Microsoft, Oracle, Cisco, and SAP.

Published: 2024-07-15T04:39:35

The Register - Security

I spy another mSpy breach: Millions more stalkerware buyers exposed

Also: Velops routers love plaintext; everything is a dark pattern; Internet Explorer rises from the grave, and more Infosec in brief Commercial spyware maker mSpy has been breached again and millions of purchasers can be identified from the spilled records.

Published: 2024-07-15T02:01:14

The Register - Security

UK cyber-boss slams China's bug-hoarding laws

Plus: Japanese scientists ID ancient supernova; AWS dismisses China trouble rumor; and more ASIA IN BRIEF The interim CEO of the UK's National Cyber Security Centre (NCSC) has criticized China's approach to bug reporting.

Published: 2024-07-15T00:03:38

The Register - Security

Three words to send a chill down your spine: Snowflake. Intrusion. Alert

And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical Kettle For this week's Kettle episode, in which our journos as usual get together for an end-of-week chat about the news, it's security, security, security.

Published: 2024-07-13T15:04:12

The Register - Security

Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack

15K dealerships take estimated $600M+ hit CDK Global reportedly paid a $25 million ransom in Bitcoin after its servers were knocked offline by crippling ransomware.

Published: 2024-07-12T23:53:31

The Register - Security

White House urged to double check Microsoft isn't funneling AI to China via G42 deal

Windows maker insisted everything will be locked down and secure which given its reputation, uh-oh! Two House committee chairs have sent a public letter to the White House asking it to look into a deal between AI R&D outfit G42 and Microsoft.

Published: 2024-07-12T20:22:09

Security Latest

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.

Published: 2024-07-24T11:00:00

Security Latest

This Machine Exposes Privacy Violations

A former Google engineer has built a search engine, webXray, that aims to find illicit online data collection and tracking with the goal of becoming “the Henry Ford of tech lawsuits.”

Published: 2024-07-24T10:30:00

Security Latest

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter

The code, the first of its kind, was used to sabotage a heating utility in Lviv at the coldest point in the year what appears to be yet another innovation in Russia’s torment of Ukrainian civilians.

Published: 2024-07-23T09:00:00

Security Latest

The Pentagon Wants to Spend $141 Billion on a Doomsday Machine

The DOD wants to refurbish ICBM silos that give it the ability to end civilization. But these missiles are useless as weapons, and their other main purpose attracting an enemy’s nuclear strikes serves no end.

Published: 2024-07-22T10:30:00

Security Latest

The Feds Say These Are the Russian Hackers Who Attacked US Water Utilities

Plus: The FBI unlocks the Trump shooter’s phone, a security researcher gets legal threats for exposing hackable traffic lights, and more.

Published: 2024-07-20T10:30:00

Security Latest

Don’t Fall for CrowdStrike Outage Scams

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm's catastrophic software update.

Published: 2024-07-19T22:19:42

Security Latest

How One Bad CrowdStrike Update Crashed the World’s Computers

A defective CrowdStrike update sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

Published: 2024-07-19T14:46:19

Security Latest

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World

A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally.

Published: 2024-07-19T08:40:01

Security Latest

J.D. Vance Left His Venmo Public. Here’s What It Shows

The Republican VP nominee's Venmo network reveals connections ranging from the architects of Project 2025 to enemies of Donald Trump and the populist's close ties to the very elites he rails against.

Published: 2024-07-18T17:02:36

Security Latest

Alleged ‘Maniac Murder Cult’ Leader Indicted Over Plot to Kill Jews

US prosecutors have charged Michail Chkhikvishvili, also known as “Commander Butcher,” with a litany of crimes, including alleged attempts to poison Jewish children in NYC.

Published: 2024-07-17T22:02:50

Security Latest

The US Supreme Court Kneecapped US Cyber Strategy

After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact.

Published: 2024-07-17T10:00:00

Security Latest

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art.

Published: 2024-07-15T21:10:24

Security Latest

US Senators Secretly Work to Block Safeguards Against Surveillance Abuse

Senator Mark Warner is trying to pass new limits on when the government can wiretap Americans. At least two senators are quietly trying to stop him.

Published: 2024-07-15T17:48:33

Security Latest

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records

A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped but some risks may remain.

Published: 2024-07-14T17:57:27

Security Latest

Spyware Users Exposed in Major Data Breach

Plus: The Heritage Foundation gets hacked over Project 2025, a car dealership software provider seems to have paid $25 million to a ransomware gang, and authorities disrupt a Russian bot farm.

Published: 2024-07-13T10:30:00

Security Latest

The Sweeping Danger of the AT&T Phone Records Breach

Telecom giant AT&T says a major data breach has exposed the call and text records of “nearly all” of its customers, epitomizing the dire state of data security.

Published: 2024-07-12T17:44:16

Security Latest

Pressure Grows in Congress to Treat Crypto Investigator Tigran Gambaryan, Jailed in Nigeria, as a Hostage

A new resolution echoes what 16 members of Congress have already said to the White House: It must do more to free one of the most storied crypto-focused federal agents in history.

Published: 2024-07-11T19:58:01

Security Latest

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison

The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.

Published: 2024-07-11T16:37:09

Security Latest

Google Is Adding Passkey Support for Its Most Vulnerable Users

Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.

Published: 2024-07-10T10:00:00

Security Latest

The $11 Billion Marketplace Enabling the Crypto Scam Economy

Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.

Published: 2024-07-10T07:00:00

The Hacker News

How a Trust Center Solves Your Security Questionnaire Problem

Security questionnaires aren’t just an inconvenience they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products it’s the

Published: 2024-07-24T16:50:00

The Hacker News

How to Reduce SaaS Spend and Risk Without Impacting Productivity

There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface and with

Published: 2024-07-24T15:31:00

The Hacker News

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week. The activity cluster, also

Published: 2024-07-24T15:13:00

The Hacker News

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company

Published: 2024-07-24T14:02:00

The Hacker News

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity

Published: 2024-07-24T11:45:00

The Hacker News

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure

Published: 2024-07-24T11:26:00

The Hacker News

Chinese Hackers Target Taiwan and U.S. NGO with MgBot and MACMA Malware

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on

Published: 2024-07-23T17:58:00

The Hacker News

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP

Published: 2024-07-23T16:24:00

The Hacker News

How to Securely Onboard New Employees Without Sharing Temporary Passwords

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging in-person meetings to verbally communicate these

Published: 2024-07-23T15:43:00

The Hacker News

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the

Published: 2024-07-23T15:42:00

The Hacker News

Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant that the model adopted for Facebook and Instagram might potentially violate

Published: 2024-07-23T15:07:00

The Hacker News

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware

The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using

Published: 2024-07-23T14:33:00

The Hacker News

Google Abandons Plan to Phase Out Third-Party Cookies in Chrome

Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web

Published: 2024-07-23T09:58:00

The Hacker News

Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking

The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox is tracking the proprietor

Published: 2024-07-22T18:35:00

The Hacker News

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google

Published: 2024-07-22T17:56:00

The Hacker News

How to Set up an Automated SMS Analysis Service with AI in Tines

The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization’s security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already

Published: 2024-07-22T16:55:00

The Hacker News

MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, “Your First 100 Days as a vCISO 5 Steps to Success”, which covers all the phases entailed in launching a successful vCISO engagement, along with recommended

Published: 2024-07-22T16:11:00

The Hacker News

SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer computing" platform maintained by the University of California with an aim to carry out "large-scale

Published: 2024-07-22T12:15:00

The Hacker News

New Linux Variant of Play Ransomware Targeting VMware ESXi Systems

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a

Published: 2024-07-22T09:26:00

The Hacker News

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix. The attack chains involve distributing a ZIP archive file named ","

Published: 2024-07-20T21:31:00

The Hacker News

17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.

Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of

Published: 2024-07-20T09:58:00

The Hacker News

Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide

Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not impacted. This is

Published: 2024-07-19T18:08:00

The Hacker News

Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks

Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario. Astamirov was arrested in Arizona by U.S. law

Published: 2024-07-19T18:00:00

The Hacker News

Safeguard Personal and Corporate Identities with Identity Intelligence

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital.

Published: 2024-07-19T16:30:00

The Hacker News

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future's Insikt Group said. Targets of the ongoing campaign

Published: 2024-07-19T14:59:00

The Hacker News

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group. "APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since

Published: 2024-07-19T12:54:00

The Hacker News

Summary of "AI Leaders Spill Their Secrets" Webinar

Event Overview The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing's Product Manager. Key Speakers and Their

Published: 2024-07-19T12:50:00

The Hacker News

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS

Published: 2024-07-19T12:43:00

The Hacker News

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and

Published: 2024-07-19T09:37:00

The Hacker News

Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET, which

Published: 2024-07-18T18:56:00

The Hacker News

AppSec Webinar: How to Turn Developers into Security Champions

Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs a way to turn developers from

Published: 2024-07-18T17:15:00

The Hacker News

Automated Threats Pose Increasing Risk to the Travel Industry

As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023 a significant jump from 37.4% in 2022. 

Published: 2024-07-18T16:30:00

The Hacker News

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks

Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers

Published: 2024-07-18T15:03:00

The Hacker News

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,

Published: 2024-07-18T14:40:00

The Hacker News

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the

Published: 2024-07-18T11:44:00

The Hacker News

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper

Published: 2024-07-18T11:31:00

The Hacker News

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,

Published: 2024-07-17T21:57:00

The Hacker News

Navigating Insider Risks: Are your Employees Enabling External Threats?

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks,

Published: 2024-07-17T16:39:00

The Hacker News

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a security dodging tool known to be used by ransomware groups like AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been

Published: 2024-07-17T16:03:00

The Hacker News

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second

Published: 2024-07-17T14:17:00

The Hacker News

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of

Published: 2024-07-17T11:20:00

The Hacker News

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are

Published: 2024-07-17T10:55:00

The Hacker News

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins

Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety the Russian word for Candy owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds. "Konfety represents a new form of

Published: 2024-07-16T18:30:00

The Hacker News

Threat Prevention & Detection in SaaS Environments - 101

Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and

Published: 2024-07-16T16:30:00

The Hacker News

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They

Published: 2024-07-16T15:39:00

The Hacker News

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks

The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access. That's according to independent findings from cybersecurity firms Check Point and Sekoia, which have

Published: 2024-07-16T14:43:00

The Hacker News

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, said the vulnerability tracked as CVE-2024-38112 was used as part of a multi-stage

Published: 2024-07-16T14:30:00

The Hacker News

Kaspersky Exits U.S. Market Following Commerce Department Ban

Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also

Published: 2024-07-16T09:46:00

The Hacker News

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open

Published: 2024-07-16T09:31:00

The Hacker News

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. "This case was

Published: 2024-07-15T21:48:00

Security Affairs

China-linked APT group uses new Macma macOS backdoor version

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive Panda has been spotted using an updated version of the macOS backdoor Macma. The China-linked APT group Daggerfly (aka Evasive Panda or Bronze Highland) has significantly updated its malware arsenal, adding a new malware family based on the MgBot framework and an updated Macma macOS backdoor. […]

Published: 2024-07-24T10:09:37

Security Affairs

FrostyGoop ICS malware targets Ukraine

In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024, Dragos researchers discovered a new ICS malware named FrostyGoop that interacts with Industrial Control Systems using the Modbus protocol. FrostyGoop is the ninth ICS malware that was discovered an that a nation-state […]

Published: 2024-07-23T21:47:45

Security Affairs

Hackers abused swap files in e-skimming attacks on Magento sites

Threat actors abused swap files in compromised Magento websites to hide credit card skimmer and harvest payment information. Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information. The attackers used this tactic to maintain persistence and allowing the malware to […]

Published: 2024-07-23T17:28:22

Security Affairs

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities. The United States sanctioned Russian hacktivists Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations against U.S. critical infrastructure. The US […]

Published: 2024-07-23T08:45:36

Security Affairs

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers to send malicious APK payloads disguised as videos. ESET researchers discovered a zero-day exploit named EvilVideo that targets the Telegram app for Android. The exploit was for sale on an underground forum from June 6, 2024, it allows attackers to share malicious […]

Published: 2024-07-22T21:53:20

Security Affairs

SocGholish malware used to spread AsyncRAT malware

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers observed the JavaScript downloader malware SocGholish (aka FakeUpdates) that is being used to deliver remote access trojan AsyncRAT and the legitimate open-source project BOINC (Berkeley Open Infrastructure Network Computing Client). The BOINC project is […]

Published: 2024-07-22T11:20:02

Security Affairs

UK police arrested a 17-year-old linked to the Scattered Spider gang

Law enforcement arrested a 17-year-old boy from Walsall, U.K., for suspected involvement in the Scattered Spider cybercrime syndicate. Law enforcement in the U.K. arrested a 17-year-old teenager from Walsall who is suspected to be a member of the Scattered Spider cybercrime group (also known as UNC3944, 0ktapus). The arrest is the result of a joint international law enforcement […]

Published: 2024-07-22T07:08:42

Security Affairs

Security Affairs Malware Newsletter Round 3

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Hardening of HardBit    10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit This Meeting Should Have Been an Email   Ransomware Detection Model Based on Adaptive Graph Neural Network Learning SEXi ransomware rebrands to APT INC, continues […]

Published: 2024-07-21T13:31:24

Security Affairs

Security Affairs newsletter Round 481 by Pierluigi Paganini INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Threat actors attempted to capitalize CrowdStrike incident Russian nationals plead guilty to participating in the LockBit ransomware group […]

Published: 2024-07-21T11:59:15

Security Affairs

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: […]

Published: 2024-07-21T08:28:59

News Packet Storm

Why CrowdStrike-Style Chaos Is Here To Stay

VMware ESXi Servers Targeted By New Linux Ransomware Variant

Telegram Zero-Day Enabled Malware Delivery

Ransomware Attack Shuts Down Three Dozen Los Angeles Courts

Google Won't Kill Third Party Cookies After All

Global Cops Power Down World's Most Prolific DDoS Dealership

Delta Cancels Another 600 Flights On Monday In Wake Of Cyber Outage

CrowdStrike's Falcon Sensor Also Linked To Linux Kernel Panics

Two Russian Sanctioned Over Cyberattacks On US Critical Infrastructure

Suspected Scattered Spider Suspect Arrested In UK

Judge Mostly Tosses SEC Lawsuit Against SolarWinds

North Korea May Have Hacked Crypto Exchange WazirX

SAP AI Core Flaws Show Risks Of Training AI In Shared Environments

Seems Like CrowdStrike Caused A Global BSOD?

MarineMax Notifying 123,000 Of Data Breach

Recent Adobe Commerce Vulnerability Exploited In Wild

Pentagon Leaker Jack Teixeira To Face Military Court-Martial

Malware Scammers Gearing Up For 2024 Summer Olympics

Vulnerability In Cisco Smart Software Manager Lets Attacker Change Any User Password

FIN7 Is Peddling EDR-Nerfing Malware To Ransomware Operators

Iran Phishes Israeli Orgs With Custom BugSleep Backdoor

Ransomware Continues To Pile On Costs For Critical Infrastructure Victims

Atlassian Patches High Severity Vulns In Bamboo, Confluence, Jira

Rite Aid Says Hack Impacts 2.2 Million People

APT Exploits Windows Zero-Day To Execute Code Via Disabled Internet Explorer


Siemens Patches Power Grid Product Flaw Allowing Backdoor DeploymentIndustry Moves for the week of July 22, 2024 - SecurityWeek

Verizon Subsidiary Settles With FCC for $16M Over Three Data Breaches

Vanta Raises $150 Million at $2.45 Billion Valuation

Chrome 127 Patches 24 Vulnerabilities

CrowdStrike Explains Why Bad Update Was Not Properly Tested

Most Airlines Except One Are Recovering From the CrowdStrike Tech Outage. The Feds Have Noticed

KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware

Canadian Startup Protexxa Attracts $10 Million Series A Financing

Google Will Keep Third-Party Cookies in Chrome

CrowdStrike CEO Called to Testify to Congress Over Cybersecurity Firm’s Role in Global Tech Outage


Statement from CISA Director Easterly on Leadership Changes at CISA

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement

CISA Releases Playbook for Infrastructure Resilience Planning

CISA Releases Guide to Operational Security for Election Officials

CISA Releases the Marine Transportation System Resilience Assessment Guide

CISA and Fauquier County Hold K-12 Active Shooter Exercise

CISA Releases Guide to Enhance Election Security Through Public Communications

CISA, JCDC, Government and Industry Partners Conduct AI Tabletop Exercise

Readout from CISA’s 2024 Second Quarter Cybersecurity Advisory Committee Meeting

CISA Hosts First Annual Information and Communications Technology Supply Chain Risk Management Task Force Conference


NCSWIC Planning Training, and Exercise Committee releases the Human Factors Resource Guide

Continued Progress Towards a Secure Open Source Ecosystem

Looking Ahead to Better Prepare Today

Why SMBs Don’t Deploy Single Sign On (SSO)

CISA, SAFECOM and NCSWIC Publish SAFECOM Guidance on Emergency Communications Grants

CISA Releases the FY 2024 Rural Emergency Medical Communications Demonstration Project (REMCDP) Notice of Funding Opportunity

National Internet Safety Month: This June, Take 4 Easy Steps to Stay Safe Online

NCSWIC releases the NCSWIC Video Series

A Plan to Protect Critical Infrastructure from 21st Century Threats

Prepared Together Cyber Storm IX Recap

All CISA Advisories

Hitachi Energy AFS/AFR Series Products

CISA Adds Two Known Exploited Vulnerabilities to Catalog

National Instruments LabVIEW

National Instruments IO Trace

CISA Releases Four Industrial Control Systems Advisories

Widespread IT Outage Due to CrowdStrike Update

Ivanti Releases Security Updates for Endpoint Manager

Subnet Solutions PowerSYSTEM Center

Cisco Releases Security Updates for Multiple Products

Philips Vue PACS RSS Feed

[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection

[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection

[webapps] Microweber 2.0.15 - Stored XSS

[webapps] Customer Support System 1.0 - Stored XSS

[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition

[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

[webapps] Boelter Blue System Management 1.3 - SQL Injection

[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

[webapps] XMB - Stored XSS

[webapps] Carbon Forum 5.9.0 - Stored XSS

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)

[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)

[webapps] Dotclear 2.29 - Remote Code Execution (RCE)

[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)

[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)

[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)

[webapps] Aquatronica Control System 5.1.6 - Information Disclosure

[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)

[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

[webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

[webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)

[webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE)

[webapps] Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)

[webapps] Apache OFBiz 18.12.12 - Directory Traversal

[webapps] Wordpress Theme XStore 9.3.8 - SQLi

[webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

[webapps] Prison Management System - SQL Injection Authentication Bypass

[webapps] PyroCMS v3.0.1 - Stored XSS

[webapps] CE Phoenix Version - Stored XSS

[webapps] Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)

[webapps] Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)

[remote] CrushFTP < 11.1.0 - Directory Traversal

[local] Plantronics Hub 3.25.1 - Arbitrary File Read

[webapps] Apache mod_proxy_cluster - Stored XSS

[webapps] iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

[webapps] Clinic Queuing System 1.0 - RCE

[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass

Full Disclosure

CyberDanube Security Research 20240722-0 | Multiple Vulnerabilities in Perten/PerkinElmer ProcessPlus

[KIS-2024-06] XenForo <= 2.2.15 (Template System) Remote Code Execution Vulnerability

[KIS-2024-05] XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability





CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100

SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice

SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products

Novel DoS Vulnerability Affecting WebRTC Media Servers

APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8

40 vulnerabilities in Toshiba Multi-Function Printers

17 vulnerabilities in Sharp Multi-Function Printers

SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise)

Open Source Security

CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader

[SECURITY ADVISORY] curl: CVE-2024-6874: macidn punycode buffer overread

[SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str

Re: linux-distros application for CentOS Project's Hyperscale SIG

CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information

Re: linux-distros application for CentOS Project's Hyperscale SIG

CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

[OSSA-2024-002] OpenStack Nova: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors (CVE-2024-40767)

ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076)

GNU C Library version 2.40 released with 5 CVE fixes

CVE-2024-29070: Apache StreamPark: session not invalidated after logout

CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields

CVE-2024-34457: Apache StreamPark IDOR Vulnerability

CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data

Re: Fwd: Node.js security updates for all active release lines, July 2024

Ethical Hacking News

CDK Global attack linked ransomware group "BlackSuit" targets Kadokawa Corp

The CDK Global attack linked BlackSuit ransomware gang has claimed responsibility for a cyberattack on Japanese media conglomerate Kadokawa Corporation. The attack, which occurred in late June, has resulted in significant disruption to Kadokawa's operations, including its popular video-sharing platform Niconico....

Published: 2024-06-28T10:23:14

The Verge - Securities

The CDK Global cyberattack aftermath could be cleared up by July 4th

Car Dealers Reel From Cyberattack On $1.2 Trillion Market Car dealerships hamstrung by outages following two cyberattacks against CDK Global in June might finally be able to use their systems again this week, as the company says it aims to get dealers back online by July 4th. “We are continuing ou...

Published: 2024-07-01T18:04:41

© Ethical Hacking News . All rights reserved.

Privacy | Terms of Use | Contact Us