Infosecurity News
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds
AI-powered tools are among the top fraud techniques used by threat actors in 2023, according to Sumsub’s third annual Identity Fraud Report
SecurityWeek
Exploitation of Critical ownCloud Vulnerability Begins
Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.
-1.webp)
Cyber Security News
APT Hackers Behind SysJoker Attacking Critical Industrial Sectors
SysJoker malware was initially discovered to be used by the APT group dubbed "WildCard" and was targeting the educational sector of Israel.
SecurityWeek
Critical Vulnerability Found in Ray AI Framework
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.
SecurityWeek
Los Angeles SIM Swapper Sentenced to 8 Years in Prison
Amir Golshan of Los Angeles was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes.
The Hacker News
How Hackers Phish for Your Users' Credentials and Sell Them
Did you know that a single stolen credential can jeopardize your entire network? Protect your organization against sophisticated phishing attacks. Lea
Infosecurity News
Americans Receive Two Billion Spam Calls Per Month
Truecaller warns malicious calls make up the majority
The Hacker News
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
A vulnerability in Microsoft Access that could be exploited to leak a Windows user’s NTLM tokens.
Security Affairs
Healthcare provider Ardent Health Services disclosed a ransomware attack
The US Healthcare provider Ardent Health Services disclosed that it was the victim of a ransomware attack last week.
Cyber Security News
OwnCloud Critical Vulnerability Exploited in the Wild
Owncloud was discovered with a new vulnerability which was associated with the exposure of sensitive information.
CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
The Hacker News
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
Lazarus Group's evolving cyber tactics target macOS systems by combining elements from multiple malware campaigns for better effectiveness and to avoi
The Record
English council spent £1.1 million recovering from ransomware attack
Gloucester's local government released the expense figures related to a 2021 attack. The council had received a formal reprimand from the Information Commissioner's Office in August.
Bleeping Computer
Ransomware attack on indie game maker wiped all player accounts
A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game.
Security Affairs
Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia
Ukraine's intelligence service announced the hack of the Russian Federal Air Transport Agency, 'Rosaviatsia.'
Bleeping Computer
Ukraine says it hacked Russian aviation agency, leaks data
Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector.
Bleeping Computer
Ardent hospital ERs disrupted in 6 states after ransomware attack
Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.
Infosecurity News
Cybersecurity Incident Hits Fidelity National Financial
The Alphv/BlackCat ransomware group has claimed responsibility for the attack
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
Bleeping Computer
Slovenia's largest power provider HSE hit by ransomware attack
Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production.
Bleeping Computer
Google Drive users angry over losing months of stored data
Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.
SecurityWeek
Hacktivism: What’s in a Name… It May be More Than You Expect
Hacktivists should be treated as malicious hackers because the distance between hacking/activism, malevolence, and damage is too small and too vague.
-1.webp)
Cyber Security News
Researcher Discloses OpenCart Vulnerability; Company Reacts Aggressively
A security researcher who goes under the name “0xbro” discovered a Static code injection vulnerability in OpenCart.
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
Latest Hacking News
New Alerts Issued For CitrixBleed Flaw Following Active Exploits
Given the continuous rise in active exploitation of the now-known CitrixBleed flaw, governments issued new alerts to patch unpatched Netscaler systems. The recent alerts originate from the Government of Australia and the United States, alongside
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
-1.webp)
Cyber Security News
New GPS Attacks Targeting Commercial Flights Navigation Systems
A disquieting wave of GPS spoofing attacks has swept through the Middle East, leaving commercial air crews grappling with an unforeseen menace.
Security Affairs
The hack of MSP provider CTS potentially impacted hundreds of UK law firms
The cyber attack that hit the managed service provider (MSP) CTS potentially impacted hundreds in the United Kingdom.
.webp)
Cyber Security News
IBM QRadar SIEM Bug Let Remote Attacker Trigger DoS
Multiple vulnerabilities have been found in IBM QRadar Wincollect which were associated with Denial of service that could allow a threat.
CyberSecurity Dive
The top cybersecurity events and conferences in 2024, according to security pros
Which security conferences are teams prioritizing in 2024? A new report reveals the 7 most popular events in the cybersecurity calendar.
Trend Micro
Cloud Security Predictions at AWS re:Invent 2023
Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response (CDR) and what’s trending in cloud security.
Jule-Nisserne
Sandheden bag EucalyptusNet Afsløret: Et Værktøj for Julemagi
Ny indsigt i EucalyptusNet afslører dets sande formål som et kommunikationsværktøj for at bevare julehemmeligheder og spillede en nøglerolle i at afværge et angreb på julenisserne i 2023.
The Record
Multiple hospitals divert ambulances after ransomware attack on parent company
Ardent Health Services confirmed that it was responding to an incident. Hospitals in Texas, Idaho, Oklahoma, New Mexico and New Jersey reported problems over several days.
The Record
KyberSwap says $54.7 million of user cryptocurrency stolen during attack
The cryptocurrency platform KyberSwap said on Friday that around $54 million worth of cryptocurrency was stolen during a cyberattack announced earlier in the week.
The Record
Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial
The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Rhysida ransomware gang claimed China Energy hack
The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
Bleeping Computer
Atomic Stealer malware strikes macOS via fake browser updates
The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware.
The Hacker News
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
ownCloud, an open-source file-sharing software, has disclosed 3 critical vulnerabilities.
Bleeping Computer
Critical bug in ownCloud file sharing app exposes admin passwords
Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
CyberNews
Spotify’s new royalties scheme angers indie musicians
Tech has waded into another feud with artists – and for once, it’s not related to the use of AI. Musicians aren’t happy with Spotify’s new royalty scheme.
The Record
How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall
A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.
Infosecurity News
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
Security Affairs
Welltok data breach impacted 8.5 million patients in the U.S.
Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S.
The Hacker News
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.
CyberNews
Big Brothers Big Sisters of America targeted by cybercriminals
Cybercriminals have attacked the non-profit Big Brothers Big Sisters of America (BBBSA) stealing private user data from the organization's network.
Bleeping Computer
Black Friday 2023: Get 25% off the Zero2Automated malware analysis course
The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses.
The Hacker News
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
New Malware Alert: WailingCrab, a sophisticated loader, is spreading via shipping-themed email messages.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
Cyber Security News
Hackers using Weaponized Office Document to Exploit Windows Search RCE
A new attack chain campaign has been discovered which involves the exploitation of CVE-2023-36884 and CVE-2023-36584. CVE-2023-36884.
Security Affairs
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack.
Infosecurity News
University of Manchester CISO Speaks Out on Summer Cyber-Attack
University of Manchester CISO Heather Lowrie shared how the institution tackled a major data breach earlier in 2023
Cyber Security News
Firefox 120 Released With Security Updates: What’s New!
10 vulnerabilities are patched, including six 'High Severity' issues and two moderate and low severity issues are fixed.
Cyber Security News
North Korean Hackers Targeting CyberLink Users in Supply-chain Attack
Microsoft Threat Intelligence has uncovered a sophisticated supply chain attack orchestrated by the North Korean Hackers Diamond Sleet (ZINC)
The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
CyberNews
City in Texas attacked by Akira ransomware gang
Nassau Bay has admitted to having suffered a ransomware attack, leaving more than 8,000 affected.
CyberNews
Tri Counties Bank breach exposes user financial data
Tri Counties Bank data breach expose customer financial details.
CyberNews
DDoS has evolved in 2023: longer, more frequent, and more sophisticated
Novel approaches allow cyberattackers to bypass geoblocking defenses, flooding servers more frequently and for longer.
Security Affairs
Automotive parts giant AutoZone disclosed data breach after MOVEit hack
American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack
Cyber Security News
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability to Deploy Remcos RAT
Microsoft released multiple security patches as part of their Patch Tuesday in which three zero-day vulnerabilities were also patched.
Cyber Security News
Citrix Warns Admin to Kill Active or Persistent Sessions to Thwart Hackers
This vulnerability affected Citrix NetScaler Gateway and ADC devices. Following this, AssetNote published a proof-of-concept for this vulnerability named “CitrixBleed.”
The Hacker News
North Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
North Korean hackers, aka Diamond Sleet, spread a trojanized version of CyberLink's legit app.
Jule-Nisserne
Hygge Bjørn forårsager Strømafbrydelser i Norge
Et koordineret angreb fra Hygge Bjørn har lammet elnettet i flere norske byer, muligvis rettet mod it-sikkerhedsgruppen Fjeld Elg.
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Security Affairs
New InfectedSlurs Mirai-based botnet exploits two zero-days
Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices.
DarkReading
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Bleeping Computer
Kansas courts confirm data theft, ransom demand after cyberattack
The Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems.
Bleeping Computer
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
Bleeping Computer
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
Bleeping Computer
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
Infosecurity News
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
Identified as CVE-2023-46604, the vulnerability has a CVSS score of 9.8
Bleeping Computer
The Black Friday 2023 Security, IT, VPN, & Antivirus Deals
Black Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software.
The Hacker News
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
🔒 Multiple vulnerabilities found in laptop fingerprint sensors—allowing attackers to bypass Windows Hello authentication on Dell, Lenovo, and Microso
Security Affairs
SiegedSec hacktivist group hacked Idaho National Laboratory (INL)
The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec hacktivist group leaked stolen human resources data.
Infosecurity News
Why Ensuring Supply Chain Security in the Space Sector is Critical
Cybersecurity challenges facing the space sector are unique and securing the supply chain is a high priority
SecurityWeek
185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone
Car parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack.
CyberNews
Netflix renews Black Mirror for season 7, Brooker teases surprises
Black Mirror, the mind-bending sci-fi show created by Charlie Brooker, is coming back to Netflix for a seventh season. Moreover, there are rumors of upcoming surprises.
SecurityWeek
Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board
OpenAI reached an agreement for Sam Altman to return to OpenAI as CEO with a new initial board of directors, after he was fired a week prior.
The Hacker News
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean hackers posing as recruiters infect software developers with cross-platform malware.
Infosecurity News
LockBit Affiliates Exploiting Citrix Bleed, Government Agencies Warn
Multiple threat actor groups are found to be exploiting a vulnerability in Citrix NetScaler gateway appliances, government agencies have warned
Cyber Security News
Hackers Exploiting 0-day RCE Flaws in the Wild to Deploy Mirai Malware
The Mirai botnet is a malicious network of infected computers, routers, and IoT devices harnessed by cybercriminals to launch large-scale DDoS attacks.
The Hacker News
AI Solutions Are the New Shadow IT
AI Solutions Are the New Shadow IT - Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks
SecurityWeek
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it.
Security Affairs
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.
Security Affairs
Enterprise software provider TmaxSoft leaks 2TB of data
TmaxSoft , a Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records.
Security Affairs
Citrix provides additional measures to address Citrix Bleed
Citrix urges admins to kill NetScaler user sessions after patching their appliances against the CVE-2023-4966 Citrix Bleed vulnerability.
CSO
Flaw in Citrix software led to the recent cyberattack on Boeing: Report
Malicious elements, including LockBit 3.0, managed to exploit vulnerabilities in Citrix software even after they were fixed.
The Hacker News
ClearFake Campaign Expands to Deliver Atomic Stealer on Mac Systems
macOS users beware! Atomic Stealer, a $1,000/month malware, is now spreading through deceptive web browser updates via ClearFake.
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
The Record
Cyberattackers leaked data of 27,000 NYC Bar Association membersers
The Clop ransomware gang claimed to have attacked the organization in January. Eleven months later, the New York City Bar Association has finally acknowledged the incident.
DarkReading
Exploit for Critical Windows Defender Bypass Goes Public
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
Bleeping Computer
Auto parts giant AutoZone warns of MOVEit data breach
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks.
Bleeping Computer
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
Bleeping Computer
Citrix warns admins to kill NetScaler user sessions to block hackers
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.
DarkReading
Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
Infosecurity News
Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities
Fortinet researchers have detected a malicious Word document displaying Russian text
.webp)
Cyber Security News
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Rhysida, a new ransomware group, hit its first victim in May 2023. They use their ransomware, offered as RaaS (Ransomware-as-a-Service), with at least 50 global victims listed on their website.
Bleeping Computer
DarkGate and Pikabot malware emerge as Qakbot’s successors
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled.
Infosecurity News
DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown
DarkGate and PikaBot have been observed as part of phishing campaigns using the same tactics as the ones used by QakBot perpetrators
Bleeping Computer
Criminal IP Becomes VirusTotal IP and URL Scan Contributor
The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you.
Ars Technica
95% of OpenAI employees have threatened to quit in standoff with board
OpenAI's future hangs in the balance as staff says they'll join former CEO at Microsoft.
Infosecurity News
Black Friday: Significant Security Gaps in E-Commerce Web Apps
Millions of consumers’ PII could be at risk due to exploitable vulnerabilities and a lack of basic security protocols in e-commerce web apps
Bleeping Computer
Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN
Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th.
CyberNews
Enterprise software provider Tmax leaks 2TB of data
Tmax has leaked over 50 million sensitive records.
The Hacker News
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
New variant of Agent Tesla malware identified. It's a keylogger and remote access trojan (RAT) offered as part of a malware-as-a-service (MaaS) model.
The Hacker News
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are getting smarter! Cybercriminals are now using QR codes, CAPTCHAs, and steganography to trick victims. Learn how to stay safe.
Cyber Security News
Nessus Vulnerability Let Attackers Alter Rules Variables
An arbitrary file write vulnerability has been discovered in Nessus which allows an authenticated, attacker to perform a denial of service.
Cyber Security News
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
Trend Micro researchers recently revealed Apache ActiveMQ vulnerability (CVE-2023-46604) was actively exploited.
The Hacker News
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency mi
CyberNews
Americans view conspiracy theories as dangerous but still believe them
An overwhelming majority of Americans believe misinformation is an existential threat to society. But a solid chunk of the nation accepts conspiracy theories as true.
CyberNews
Fake online stores flood the internet ahead of Black Friday
The number of blocked fake retail sites has more than doubled compared to the previous year, urging shoppers to be cautious.
CyberSecurity Dive
SMBs hit by rise in legitimate tool-based attacks
Attackers are moving away from malware and evading detection by abusing remote monitoring and management software, according to Huntress research.
The Hacker News
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and persona
CSO
MOVEit carnage continues with over 2600 organizations and 77M people impacted so far
The number of companies impacted by one of the biggest cyberattack incidents of the year continues to grow.
The Hacker News
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
China-linked Mustang Panda cyber actor targets Philippines government entity amid South China Sea tensions.
DarkReading
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
The Record
‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA
The bug has caused alarm for weeks as cybersecurity experts warned that many government agencies and major companies were leaving their appliances exposed to the internet — opening themselves up to attacks.
The Record
Crypto firm Kronos Research says $26 million stolen after cyberattack
Cryptocurrency trading and investment firm Kronos Research said $26 million worth of cryptocurrency was stolen from its systems following a cyberattack.
The Record
Binance agrees to pay $4.3 billion for money laundering violations, CEO steps down
Binance, the largest cryptocurrency exchange in the world, agreed to pay more than $4 billion in settlements with several U.S. law enforcement agencies after years of investigations uncovered widespread criminal use of the platform.
CyberScoop
Detailed data on employees of U.S. national security lab leak online
The hacking group SiegedSed released personal data on thousands of employees at the Idaho National Laboratory, the nuclear research lab.
Security Affairs
Canadian government impacted by data breaches of its contractors
The Canadian government discloses a data breach after threat actors hacked two of its contractors.
Bleeping Computer
VX-Underground malware collective framed by Phobos ransomware
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.
CyberNews
British Library ransom attack claimed, data leak confirmed
The British Library confirms data has been leaked as it struggles to recover from a November 6 ransomware attack claimed by the e Rhysida ransom gang.
Security Affairs
Rhysida ransomware gang is auctioning data stolen from the British Library
The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage.
Bleeping Computer
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
SecurityWeek
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations.
The Hacker News
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
New high-volume phishing campaigns mimic tactics of defunct QakBot trojan, hijacking email threads and using unique URLs to deliver DarkGate & PikaBot
SecurityWeek
Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing
Microsoft hired ex-Open AI chief Sam Altman and another architect of OpenAI for a new venture after their sudden departures.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
Cyber Security News
Splunk RCE Vulnerability Let Attackers Upload Malicious File
A high-severity Remote Code Execution (RCE) flaw in Splunk Enterprise has been discovered, enabling an attacker to upload malicious files.
SecurityWeek
Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products
Johnson Controls patches a critical vulnerability that can be exploited to take complete control of Frick industrial refrigeration products
SecurityWeek
Yamaha Motor Confirms Data Breach Following Ransomware Attack
Yamaha Motor discloses ransomware attack impacting the personal information of its Philippines subsidiary’s employees.
Latest Hacking News
Intel Released Urgent Patch For Reptar Vulnerability In Its CPUs
Intel recently released a critical security fix for a newly discovered vulnerability affecting its CPUs. Dubbed “Reptar,” the vulnerability affects most modern Intel chips, attracting attention from numerous security researchers. Considering its severity, patching the
The Hacker News
Why Defenders Should Embrace a Hacker Mindset
Prioritizing cybersecurity is key. Learn how to prioritize remediation based on impact and protect your organization's crown jewels.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
CyberNews
Most cyberattacks in Russia come from China and North Korea
China and North Korea were behind most of state-sponsored cyberattacks in Russia, according to the country’s security firm Solar.
Security Affairs
DarkCasino joins the list of APT groups exploiting WinRAR 0day
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831.
Security Affairs
US teen pleads guilty to his role in credential stuffing attack on betting site
US teenager Joseph Garrison pleads guilty to carrying out a credential-stuffing attack on a betting website.
.webp)
Cyber Security News
Hackers Exploiting Zimbra 0-day to Attack Government Organizations
Zimbra Collaboration is an open-source solution software suite with an email server and web client for collaboration.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
The Record
British Library says ransomware hackers stole data from HR files
The British Library — one of the largest libraries in the world and the national library of the United Kingdom — said the ransomware gang behind a recent attack on its systems appeared to leak data stolen from its human resources files.
The Record
Personal info of Canadian Armed Forces, RCMP stolen in cyberattack
A cyberattack on the systems of a Canadian government contractor used for relocation services has compromised data belonging to service members and the Royal Canadian Mounted Police.
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
Security Affairs
Security Affairs newsletter Round 446 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
8Base ransomware operators use a variant of Phobos ransomware
8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Bleeping Computer
Windows 10 to let admins control how optional updates are deployed
Microsoft announced a new policy that allows admins to control how optional updates are deployed on Windows 10 enterprise endpoints on their networks.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
Bleeping Computer
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
Ars Technica
Details emerge of surprise board coup that ousted CEO Sam Altman at OpenAI
Microsoft CEO Nadella "furious"; OpenAI President and three senior researchers resign.
The Hacker News
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are utilizing a variant of the Phobos ransomware for their attacks.
SecurityWeek
ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company
Open AI fired CEO Sam Altman, Mira Murati, OpenAI’s chief technology officer, will take over as interim CEO effective immediately.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
Ars Technica
OpenAI President Greg Brockman quits as nervous employees hold all-hands meeting
After Altman firing, Microsoft has "utmost confidence" in partner OpenAI.
Jule-Nisserne
Mystisk Netværksangreb Lammer Julegavefabrikken
Et omfattende cyberattack har forårsaget et produktionsstop i Julenissernes Julegavefabrik, hvilket skabte kaos op til julen 2023. Grumme panda er mistænkt.
Bleeping Computer
The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.
Bleeping Computer
Bloomberg Crypto X account snafu leads to Discord phishing attack
The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack.
Security Affairs
The board of directors of OpenAI fired Sam Altman
OpenAI fired its CEO Sam Altman, and the Chief technology officer Mira Murati appointed interim CEO to lead the company.
CyberNews
North American grid regulator tests physical, cybersecurity preparedness
US Regulators held a two-day simulation to stress-test the North American grid's physical and cybersecurity preparedness, emergency response, and recovery plans.
DarkReading
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
Ars Technica
“Hallucinating” AI models help coin Cambridge Dictionary’s word of the year
Cambridge: "When an artificial intelligence hallucinates, it produces false information."
Bleeping Computer
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information.
Bleeping Computer
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs
Hackers leveraged a medium-severity security issue now identified as CVE-2023-37580 since June 29, nearly a month before the vendor addressed it in version 8.8.15 Patch 41of the software on July 25.
SecurityWeek
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website
Wisconsin teenager Joseph Garrison has admitted in court to launching a credential stuffing attack on a betting website.
SecurityWeek
In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit
Noteworthy stories that might have slipped under the radar: top law firm hacked, Chinese bank pays ransom, PyPI conducts first security audit
SecurityWeek
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools
Bug hunters uncover over a dozen exploitable vulnerabilities in tools used to build chatbots and other types of AI/ML models.
CyberNews
No, Osama bin Laden’s “Letter to America” did not go viral on TikTok
TikTok has scrambled to prohibit content that promotes Osama bin Laden’s 2002 "Letter to America" after users started talking about it. But these videos weren't viral.
Bleeping Computer
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
The Hacker News
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
Operation SEO#LURKER: Cybercriminal are using fake Google ads to trick users searching for software into downloading malware.
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
The Hacker News
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
FCC mandates that wireless providers authenticate customers before transferring phone numbers, thereby protecting against SIM-swapping attacks and por
SecurityWeek
CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability
CISA adds Sophos, Oracle and Microsoft product security holes to its Known Exploited Vulnerabilities (KEV) catalog.
Security Affairs
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
US CISA added 3 vulnerabilities (tracked as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities catalog.
CyberSecurity Dive
FCC proposes 3-year cybersecurity pilot for schools, libraries
The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.
Infosecurity News
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
Check Point Research say these latest luxury brand scams are a wake-up call for shoppers to stay vigilant online
The Hacker News
Discover 2023's Cloud Security Strategies in Our Upcoming Webinar - Secure Your Spot
The cloud isn't just tech—it's a battleground. Join us for an exclusive webinar with Lacework Labs to explore the latest trends, and techniques.
SecurityWeek
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
Toyota Financial Services has been hit by a ransomware attack that may have involved exploitation of the CitrixBleed vulnerability.
Infosecurity News
Royal Mail to Spend £10m on Ransomware Remediation
Postal service was breached in January 2023
The Hacker News
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
Beware of fake Python libraries! 27 malicious packages found on PyPI, disguised as legitimate ones.
Security Affairs
A critical OS command injection flaw affects Fortinet FortiSIEM
Fortinet warns of a critical OS command injection flaw in FortiSIEM report server that could be exploited to execute arbitrary commands
Cyber Security News
FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands
Cybersecurity researchers identified a FortiSIEM injection flaw that lets execute malicious commands & tracked as "CVE-2023-36553."
The Hacker News
U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem
U.S. agencies warn about Scattered Spider cybercriminals using advanced phishing to steal data and extort victims.
The Hacker News
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.
Ars Technica
Ransomware group reports victim it breached to SEC regulators
Group tells SEC that the victim is in violation for not reporting it was hacked.
The Record
Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks
A ransomware group that has been exploiting a vulnerability in Citrix products posted both companies to its leak site.
The Record
‘Sex life data’ stolen from UK government among record number of ransomware attacks
The latest data released by the Information Commissioner’s Office (ICO) includes an attack that breached data on the sex lives of up to 10,000 people, from an unspecific government department.
Trend Micro
ALPHV/BlackCat Take Extortion Public
Learn more about ALPHV filing a complaint with the Security and Exchange Commission (SEC) against their victim, which appears to be an attempt to influence MeridianLink to pay the ransom sooner than later.
Bleeping Computer
Long Beach, California turns off IT systems after cyberattack
The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread.
Bleeping Computer
FBI shares tactics of notorious Scattered Spider hacker collective
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..
Security Affairs
Zimbra zero-day exploited to steal government emails by 4 groups
Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day (CVE-2023-37580) to steal emails from governments.
Bleeping Computer
Toyota confirms breach after Medusa ransomware threatens to leak data
Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.
Bleeping Computer
Microsoft confirms Copilot AI assistant coming to Windows 10
Microsoft will roll out the Copilot AI-powered assistant to Windows 10 systems enrolled in the Insider Program over the coming months.
Latest Hacking News
Microsoft Patch Tuesday November Fixes 63 Flaws, Including 5 Zero-Days
This week marked the Redmond giant Microsoft’s monthly security updates for its products. With Patch Tuesday November, Microsoft addressed fewer vulnerabilities – over 60 only, including five zero-day flaws. Five Zero-Days Patched With Latest Microsoft Updates Microsoft
The Hacker News
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
Zero-day flaw ( CVE-2023-37580) in Zimbra Collaboration email software was exploited by 4 groups, exposing email data and credentials.
SecurityWeek
Zimbra Zero-Day Exploited to Hack Government Emails
Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails.