DataBreaches
FTC Publishes Blog Post on Data Security Practices for Complex Systems
Caleb Skeath, Shayan Karbassi, and Ashden Fein of Covington & Burling write: In February, the Federal Trade Commission (“FTC”) published a blog...
CyberNews
ALPHV/BlackCat exposes UnitedHealth hack details on leak blog
The ALPHV/BlackCat ransom gang exposes intimate details about the UnitedHealth Group cyberattack it claims to have carried out against UHG subsidiary Change Healthcare.
DataBreaches
The Five Families disrupted after SiegedSec hacked; SiegedSec thrown out, Blog Hijacked
AlphV wasn’t the only group experiencing some disruption this week In August, “The Five Families” announced the collaboration of ThreatSec,...
DataBreaches
FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement”
Joseph Lazarrotti of JacksonLewis writes: On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection...
Ars Technica
Google’s AI Overview is flawed by design, and a new company blog post hints at why
Google: "There are bound to be some oddities and errors" in system that told people to eat rocks.
CyberNews
NHS Scotland allegedly had 3TB of data stolen
NHS Scotland was posted on INC Ransom's dark web blog.
Infosecurity News
Iranian Threat Actor Neptunium Associated With Charlie Hebdo Cyber-Attacks
Microsoft's Digital Threat Analysis Center shared the findings last Friday in a blog post
Trend Micro
Industry 4.0: CNC Machine Security Risks Part 3
This three-part blog series explores the risks associated with CNC machines
Trend Micro
Industry 4.0: CNC Machine Security Risks Part 2
This three-part blog series explores the risks associated with CNC machines
Infosecurity News
Vietnamese Hackers Linked to 'Malverposting' Campaign
Security experts at Guardio Labs discussed the findings in a new blog post
Infosecurity News
Sophisticated Phishing Exploits Zero-Day Salesforce Vulnerability
Guardio Labs detected the campaign and detailed its findings in a technical blog post
Trend Micro
Industry 4.0: CNC Machine Security Risks Part 1
This three-part blog series explores the risks associated with CNC machines
Infosecurity News
Google Chrome Vulnerability Lets Sites Quietly Overwrite Clipboard Contents
The bug was discovered by developer Jeff Johnson, who detailed his findings in a blog post
SecurityWeek
Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw
Adobe patches critical code execution vulnerability in ColdFusion for which a proof-of-concept (PoC) blog exists.
Infosecurity News
Several Flaws Found in CyberPower and Dataprobe Products
Trellix cybersecurity researchers discussed the implications of these flaws in a new blog post published on Sunday
HACKRead
FBI Seizes Dark Web Domain of Blackcat - ALPHV Ransomware
Although the main dark web domain of the ALPHV Ransomware has been seized, the blog remains online.
Security Affairs
Happy birthday Security Affairs … 11 years together!
Happy BirthDay Security Affairs! Eleven years together! I launched Security Affairs for passion in November 2011 and since then the blog was visited by tens of millions of readers. Thank you! Eleven years ago I decided to launch Security Affairs, a blog that is considered today one of the most valuable sources of the cybersecurity […]
DataBreaches
European Parliament Adopts Draft Cybersecurity Directive
Hunton Andrews Kurth blog reports: On October 28, 2021, the European Parliament’s Committee on Industry, Research and Energy adopted a draft directive on...
CyberNews
Platformer leaves Substack over Nazi content
Platformer, a popular technology blog, said it was leaving Substack over its moderation policy that does not explicitly ban pro-Nazi content.
DataBreaches
REvil ransomware group’s infrastructure comes back online hinting at fresh campaign
Connor Jones reports: ….. Some researchers noted the return of REvil’s ‘happy blog’ – the place where it announced its hacks – on 19...
Trend Micro
Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
Our blog entry provides an in-depth analysis of Earth Hundun's Waterbear and Deuterbear malware.
DataBreaches
Disrupting SEABORGIUM’s ongoing phishing operations
From Microsoft’s Blog: The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an...
The Cyber Express
NCSC Issues Guidance to Secure PBX Systems from Cyberattacks
The National Cyber Security Centre (NCSC) in the UK has issued a comprehensive blog aimed at educating individuals and organizations
DataBreaches
Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or...
Bleeping Computer
REvil ransomware shuts down again after Tor sites were hijacked
The REvil ransomware operation has likely shut down once again after an unknown person hijacked their Tor payment portal and data leak blog.
DataBreaches
REvil ransomware’s servers reappear without fanfare or explanation
Brett Callow of Emsisoft broke the unpleasant news on Twitter last night — REvil’s dedicated leak site, “The Happy Blog,” which had...
Trend Micro
WannaRen Returns as Life Ransomware, Targets India
This blog entry looks at the characteristics of a new WannaRen ransomware variant, which we named Life ransomware after its encryption extension.
The Record
FTC fires 'shot across the bow' at automakers over connected-car data privacy
In a blog post, the FTC gave special attention to the sale of geolocation data and what the agency called the “surreptitious disclosure of sensitive information" by automakers.
DataBreaches
Microsoft confirms they were hacked by Lapsus$ extortion group
Lawrence Abrams reports: In a new blog post published tonight, Microsoft has confirmed that one of their employee’s accounts was compromised by Lapsus$,...
DataBreaches
Privacy Updates from China: Proliferation of Sector-Specific Rules As Key Legislation Remains Pending – Part 2: Data Protection in the Financial Sector
Yan Luo, Zhijing Yu, and Vicky Liu of Covington & Burling write: In Part 1 of this blog series (see here), we discussed recent data protection...
DataBreaches
BlackCat (Aka ALPHV) Ransomware Is Increasing Stakes Up To $2.5M In Demands
A new blog post by Resecurity indicates that BlackCat’s average ransom demand is now over $2 million. They write: Based on the recently compromised...
DataBreaches
Personal and sensitive files from Tehama County Social Services leaked on dark web. Have the victims been notified?
On their dark web blog, Quantum threat actors claim to have acquired 32 GB of files from Tehama County Social Services in California. Quantum describes the...
Trend Micro
An Analysis of the BabLock Ransomware
This blog post analyzes a stealthy and expeditious ransomware called BabLock (aka Rorschach), which shares many characteristics with LockBit.
Cyber Security News
Google Shares Details on Accidental File Deletion that Impacts Pension Fund's Accounts
In a recent blog post, Google Cloud has shared details about an incident that impacted one of its Australian customers, UniSuper, a pension fund.
DataBreaches
Is REvil really gone? Lots of speculation, no confirmation of anything yet.
The “Happy Blog” leak site belonging to the Sodinokibi threat actors known as “REvil” (“Are Evil”) is offline, and their...
DataBreaches
Why organizations should (and should not) worry about KillNet
Intel471 has an interesting blog post on KillNet, a group that has declared itself pro-Russian and has been attacking detractors or enemies of Russia. Since...
DataBreaches
L.A. Unified admits that at least 2,000 student records dumped after ransomware attack
Mark Keierleber’s article on The 74, noted on this blog yesterday and discussed by some of us on infosec.exchange, has apparently resulted in the...
DataBreaches
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
Seen on Resecurity’s blog: a reminder that our current defenses fall rapidly as nimble criminals find a work-around and that some developments enable...
CyberNews
TikTok responds to charges of antisemitism as it battles misinformation
A TikTok blog post, released Thursday, aims to dispel accusations that the social app is pushing a political agenda regarding the still unfolding Israel-Hamas conflict.
DataBreaches
FIN7 Recruits Talent For Push Into Ransomware
There’s a fascinating blog post out today by Gemini Advisory. Here are just the key findings to give you a sense of it all: The cybercriminal group...
DataBreaches
True or false, Friday law enforcement edition
From today’s update to the LockBit3.0 blog, now under the control of law enforcement, we read claims that law enforcement knows who and where LockBitSupp...
DataBreaches
A reset on ransomware: Dominant variants differ from prior years
As seen on Intel471’s blog: There’s been a shift in the ransomware-as-a-service ecosystem. Be it due to law enforcement, infighting amongst groups or...
Trend Micro
An Overview of the New Rhysida Ransomware
In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain.
Infosecurity News
Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
As a critical infrastructure service for cybercriminals, bulletproof hosting should be tracked and blocked by defenders, Intel471 argued in a new blog post
DataBreaches
Mullvad VPN was subject to a search warrant, says customer data not compromised.
Mullvad reports on their blog: On April 18 at least six police officers from the National Operations Department (NOA) of the Swedish Police visited the Mullvad...
The Record
Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets
A group that operates through a data leak blog called Ransomed tells its alleged victims that shelling out an extortion payment is smarter than facing a government fine for a data breach.
Trend Micro
Latest Batloader Campaigns Use Pyarmor Pro for Evasion
In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries.
Trend Micro
How Water Labbu Exploits Electron-Based Applications
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.
DataBreaches
Your morning reminder that health data breaches are … everywhere (updated)
Every day, I compile data on breaches or leaks involving medical or health data. Many of them never appear on this blog at all. Others will appear on this...
Trend Micro
Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign
This blog entry details a scheme that exploits the recent Morocco earthquake by impersonating the domain name of a well-known humanitarian organization for financial fraud.
DataBreaches
How to Negotiate with Ransomware Hackers
Rachel Monroe has an interesting profile of a ransom negotiator in The New Yorker. But the piece also provides an answer to a puzzling claim in a blog post by...
Trend Micro
An In-Depth Look at ICS Vulnerabilities Part 1
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.
Trend Micro
Codex Exposed Exploring the Capabilities and Risks of OpenAIs Code Generator
The first of a series of blog posts examines the security risks of Codex, a code generator powered by the GPT-3 engine.
DataBreaches
Bits ‘n Pieces (Trozos y Piezas)
MX: LV threat actors claim to have hacked UnitedAuto On November 19, LV BLog added UnitedAuto, a Mexican automotive company, to its leak site, claiming to have...
The Hacker News
CISO Perspectives on Complying with Cybersecurity Regulations
Navigating cybersecurity compliance just got easier. Our latest blog taps into the wisdom of CISOs to share strategies for managing data security requ
Trend Micro
SMS PVA Part 2: Underground Service for Cybercriminals
In part two of this blog entry, we further investigate the innings of smspva.net and discuss the impact and implications of such services.
DataBreaches
Developing: LockBit disrupted by law enforcement
On Monday afternoon, LockBit3.0’s dark web blog was replaced by a 404 message and then a seizure notice: The notice reads: The Site is Now Under Control...
The Hacker News
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign
MuddyWater, linked to Iran's MOIS, strikes again with DarkBeatC2. Our latest blog unpacks the latest tactics in cyber warfare.
Cyber Security News
Hackers Targeting Exchange Servers to Deploy BlackCat Ransomware
Microsoft has published a blog detailing BlackCat Ransomware, also called ALPHV, a prevalent threat and a major example of the growing ransomware-as-a-service (RaaS) gig economy.
DataBreaches
“REvil” reappears on forum — but not “Unknown?”
As previously noted by this site and others, REvil threat actors appear to have re-emerged after disappearing in July.. Their dedicated leak site and blog are...
Trend Micro
Forward Momentum: Key Learnings From Trend Micro’s Security Predictions for 2024
In this blog entry, we discuss predictions from Trend Micro’s team of security experts about the drivers of change that will figure prominently in 2024.
Trend Micro
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint
Trend Micro
S4x23 Review Part 1: What's New in OT Security
This blog introduces discussions from S4x23, the ICS security conference in Miami over several posts. The first installment will cover two topics from the academic interviews.
Trend Micro
SMS PVA Part 1: Underground Service for Cybercriminals
In this three-part blog entry, our team explored SMS PVA, a service built on top of a global bot network that compromises smartphone cybersecurity as we know it.
Trend Micro
Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™
This blog discusses how CVE-2021-4034 can be detected and blocked using Trend Micro™ Vision One™ and Trend Micro Cloud One™.
Trend Micro
Earth Preta Campaign Uses DOPLUGS to Target Asia
In this blog entry, we focus on Earth Preta's campaign that employed a variant of the DOPLUGS malware to target Asian countries.
The Hacker News
Top Cyber Threats Facing E-Commerce Sites This Holiday Season
Learn more about the risks and vulnerabilities affecting your e-commerce web application this holiday season in our latest blog.
DataBreaches
Adult students’ SSNs from more than 60 years ago caught up in Ohio breach
One of the recurring themes in this site’s blog posts this year has been the fact that way too many entities not only store old data, but fail to secure...
Trend Micro
Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
Trend Micro
Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
Trend Micro
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024.
Trend Micro
CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS
This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files).
Trend Micro
From Bounty to Exploit Observations About Cybercriminal Contests
From articles to hackathons, cybercriminals are resorting to crowdsourcing to find more ways to exploit systems. In this blog, we discuss our takeaways and summarize the results of these contests.
Trend Micro
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
Trend Micro
Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography
In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking.
Trend Micro
Vice Society Ransomware Group Targets Manufacturing Companies
In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
Trend Micro
A Look Into Pikabot’s Spam Wave Campaign
Pikabot is a loader with similarities to Qakbot that was used in spam campaigns during most of 2023. Our blog entry provides a technical analysis of this malware.
Trend Micro
A Technical Analysis of CVE-2022-22583 and CVE-2022-32800
This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report.
Trend Micro
A Deep Dive into the Evolution of Ransomware Part 2
This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.
Trend Micro
A Deep Dive into the Evolution of Ransomware Part 3
This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.
Trend Micro
A Deep Dive into the Evolution of Ransomware Part 1
This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.
Trend Micro
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints.
Latest Hacking News
Understanding the Microsoft Teams Vulnerability: The GIFShell Attack
A new threat has emerged that exploits a vulnerability in Microsoft Teams. This attack, known as the GIFShell attack, allows threat actors to execute commands and steal data using GIFs. This blog post delves into
Latest Hacking News
Serious Account Hijacking Vulnerability Found In TikTok Android App
Microsoft researchers discovered a serious vulnerability in TikTok that threatened user accounts’ security. Specifically, they found an account hijacking vulnerability in the TikTok Android app. TikTok App Account Hijacking Vulnerability As elaborated in a recent blog post,
Latest Hacking News
Peloton Treadmill Vulnerabilities Risk Users Data
Researchers found numerous vulnerabilities affecting Peloton Treadmill systems that allow malware attacks. An adversary may exploit the flaws to access sensitive device data, including users’ information. Multiple Vulnerabilities Affected Peloton Treadmill Firmware According to a recent blog
Trend Micro
Gaps in Azure Service Fabric’s Security Call for User Vigilance
In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications.
Latest Hacking News
Serious XSS Vulnerability Found In Zoom Whiteboard
A researcher found a severe cross-site scripting (XSS) vulnerability in the Zoom Whiteboard app. Zoom patched the flaw in time, preventing any malicious exploitation. Zoom Whiteboard Vulnerability Sharing the details in a blog post, Eugene Lim, aka
Trend Micro
Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
Trend Micro
Expanding Attack Blueprints 2022 Annual Cybersecurity Report
In this blog entry, we shine a spotlight on some of the most critical cybersecurity concerns of 2022, which we discuss in full in our annual cybersecurity report, “Rethinking Tactics: 2022 Annual Security Report.”
Trend Micro
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
Latest Hacking News
Google Account To Support Passwordless Sign-ins With PassKeys
Shortly after last month’s announcement, Google has now rolled out PassKeys for Google Account supporting passwordless sign-in. Google Account PassKeys Arrive For Passwordless Logins According to a recent blog post from Christiaan Brand, Google’s Group Product Manager,
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Trend Micro
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Trend Micro
Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities
More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old exploit chain.
Trend Micro
What Exposed OPA Servers Can Tell You About Your Applications
This blog entry discusses what an OPA is and what it’s for, what we’ve discovered after identifying 389 exposed OPA servers via Shodan, and how exposed OPAs can negatively impact your applications’ overall security.
Saga Security
Incident Response 101 – Introduction -
I have been wanting to write a set of blog posts about this for a while, possibly I will one day turn this into a book! But for now, it can live here. Over the last years , I have given a few presentations and lectures about incident response, some of which live on our
Trend Micro
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
Trend Micro
Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan
In this blog entry, we discuss Trend Micro's contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan.
Trend Micro
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
Loading more articles....