Custom search

Cybersecurity Incident Hits Fidelity National Financial

The Alphv/BlackCat ransomware group has claimed responsibility for the attack

Bleeping Computer

Leveraging Wazuh to combat insider threats

Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform.

Cyber Security News

Broadcom Acquires VMware in a $61 Billion Deal

Broadcom has announced the triumphant acquisition of VMware, heralding a watershed moment in the sphere of infrastructure technology.

SecurityWeek

US, UK Cybersecurity Agencies Publish AI Development Guidance

New guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development.

SecurityWeek

Hacktivism: What’s in a Name… It May be More Than You Expect

Hacktivists should be treated as malicious hackers because the distance between hacking/activism, malevolence, and damage is too small and too vague.

SecurityWeek

UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws

UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.

Latest Hacking News

New Alerts Issued For CitrixBleed Flaw Following Active Exploits

Given the continuous rise in active exploitation of the now-known CitrixBleed flaw, governments issued new alerts to patch unpatched Netscaler systems. The recent alerts originate from the Government of Australia and the United States, alongside

CyberScoop

Shadowy hacking group targeting Israel shows outsized capabilities

A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.

Infosecurity News

UK Publishes First Guidelines on Safe AI Development

NCSC and CISA effort endorsed by 18 countries

Cyber Security News

New GPS Attacks Targeting Commercial Flights Navigation Systems

A disquieting wave of GPS spoofing attacks has swept through the Middle East, leaving commercial air crews grappling with an unforeseen menace.

The Hacker News

U.S., U.K., and Global Partners Release Secure AI System Development Guidelines

U.K., U.S., and 16 other international partners have released new guidelines for the development of secure artificial intelligence (AI) systems.

Cyber Security News

Loader Malware Steal Sensitive System Data & Installs Other Malware

Loader malware emerges as a silent force, discreetly breaching unsuspecting systems and setting the stage for more sophisticated onslaughts.

CyberSecurity Dive

The top cybersecurity events and conferences in 2024, according to security pros

Which security conferences are teams prioritizing in 2024? A new report reveals the 7 most popular events in the cybersecurity calendar.

SecurityWeek

Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons

The U.S. military is increasing use of artificial intelligence (AI) technology that will fundamentally alter the nature of war.

The Record

Suspected Hamas-linked hackers target Israel with new version of SysJoker malware

Cybersecurity companies Check Point and Intezer analyzed what appears to be a rewrite of backdoor malware that targeted Israel's education sector as early as 2021.

The Record

AI systems ‘subject to new types of vulnerabilities,’ British and US cyber agencies warn

British and U.S. cybersecurity authorities published guidance on Monday about how to develop artificial intelligence systems in a way that will minimize the risks they face from mischief-makers through to state-sponsored hackers.

Trend Micro

Cloud Security Predictions at AWS re:Invent 2023

Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response (CDR) and what’s trending in cloud security.

The Record

Multiple hospitals divert ambulances after ransomware attack on parent company

Ardent Health Services confirmed that it was responding to an incident. Hospitals in Texas, Idaho, Oklahoma, New Mexico and New Jersey reported problems over several days.

The Record

Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial

The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.

The Record

Second top Ukrainian cyber official arrested amid corruption probe

Viktor Zhora, the ex-deputy head of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP), is accused of facilitating a corruption scheme involving the procurement of software.

The Record

Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group

A water authority in Pennsylvania reportedly suffered a cyberattack, prompting officials to reassure people in the area that drinking water has not been affected by the incident.

Security Affairs

2 days ago

Security Affairs newsletter Round 447 by Pierluigi Paganini

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.

Security Affairs

2 days ago

Rhysida ransomware gang claimed China Energy hack

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.

Security Affairs

2 days ago

Lazarus is using a MagicLine4NX zero-day in supply chain attack

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.

The Hacker News

3 days ago

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

A new web shell called HrServ is part of a suspected APT attack in Afghanistan. HrServ can erase tracks and execute code in memory.

Bleeping Computer

3 days ago

UK and South Korea: Hackers use zero-day in supply-chain attack

A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou

The Hacker News

Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

Beware of Telekopye: The malicious Telegram bot used by the "Neanderthals" for large-scale phishing scams. It crafts phishing websites and emails.

SecurityWeek

North Korean Software Supply Chain Attack Hits North America, Asia

North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack.

SecurityWeek

In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking

Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.

The Hacker News

Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel

Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict

Infosecurity News

CISA Launches Project to Assess Effectiveness of Security Controls

Relaunched working group aims to tackle scourge of ransomware

Cyber Security News

APT Groups Using HrServ Web Shell to Hack Windows Systems

A HrServ web shell is a malicious script or program that enables remote administration of a server, allowing unauthorized access and control.

The Hacker News

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Cybersecurity researchers have discovered publicly exposed Kubernetes configuration secrets, posing a risk of supply chain attacks.

The Record

Vanderbilt University Medical Center investigating cybersecurity incident

Vanderbilt University Medical Center said it is investigating a cybersecurity incident that led to the compromise of a database.

The Record

Sacked Ukrainian cyber chief released on bail amid corruption probe

Ukraine's former cybersecurity chief was released from detention on Friday on $700,000 bail, according to Ukraine’s anti-corruption non-profit.

The Record

Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS

The managed service provider CTS confirmed it had experienced a "cyber-incident." At least one report said the CitrixBleed bug was involved.

The Record

How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall

A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.

Infosecurity News

InfectedSlurs Botnet Resurrects Mirai With Zero-Days

The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path

Security Affairs

Welltok data breach impacted 8.5 million patients in the U.S.

Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S.

The Hacker News

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.

CyberNews

MadCat ransom gang caught stealing from other criminals

New ransomware linked by security researchers to suspected scammers who pretended to sell passport details on the dark web.

Infosecurity News

North Korean Supply Chain Threat is Booming, UK and South Korea Warn

The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks

Cyber Security News

North Korean Hackers Targeting CyberLink Users in Supply-chain Attack

Microsoft Threat Intelligence has uncovered a sophisticated supply chain attack orchestrated by the North Korean Hackers Diamond Sleet (ZINC)

The Hacker News

6 Steps to Accelerate Cybersecurity Incident Response

Effective Incident Response is more than just tools. It's a process. Explore the 6-step framework for successful IR.

The Hacker News

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.

CyberNews

City in Texas attacked by Akira ransomware gang

Nassau Bay has admitted to having suffered a ransomware attack, leaving more than 8,000 affected.

CyberNews

Microsoft alerts CyberLink to North Korean threat

Microsoft has alerted software company CyberLink to the misuse of its software by North Korean group Diamond Sleet.

Security Affairs

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack

Cyber Security News

Bug Hunter GPT - AI Assistant that Replies for Hacking Questions

A 23-year-old hacker and CS student, Paolo Arnolfo (@sw33tLie) recently introduced "Bug Hunter GPT," an AI assistant.

CSO

Cyberattacks on Israel intensify as the war against Hamas rages: Check Point

Cyberattacks have grown in frequency as well as sophistication as the Israel-Hamas conflict intensifies.

The Record

Kansas Supreme Court: Hackers stole records, confidential files in October attack

Hackers who attacked the Kansas court system last month stole records and confidential files, according to the state's Supreme Court.

Bleeping Computer

New botnet malware exploits two zero-days to infect NVRs and routers

A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.

CSO

9 in 10 organizations have embraced zero-trust security globally

Nearly all of them still have a long way to go according to a new Cisco report.

Infosecurity News

Employee Policy Violations Cause 26% of Cyber Incidents

Kaspersky said the figure closely rivals the 20% attributed to external hacking attempts

Bleeping Computer

The Black Friday 2023 Security, IT, VPN, & Antivirus Deals

Black Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software.

CyberScoop

Researchers want more detail on industrial control system alerts

A vulnerability in an industrial control system exploited by a state-backed hacking group illustrate problems in how vendors share data.

Infosecurity News

Why Ensuring Supply Chain Security in the Space Sector is Critical

Cybersecurity challenges facing the space sector are unique and securing the supply chain is a high priority

SecurityWeek

185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone

Car parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack.

The Hacker News

North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns

North Korean hackers posing as recruiters infect software developers with cross-platform malware.

Infosecurity News

LockBit Affiliates Exploiting Citrix Bleed, Government Agencies Warn

Multiple threat actor groups are found to be exploiting a vulnerability in Citrix NetScaler gateway appliances, government agencies have warned

The Hacker News

AI Solutions Are the New Shadow IT

AI Solutions Are the New Shadow IT - Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks

SecurityWeek

Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability

Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it.

Security Affairs

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.

Infosecurity News

Europol Launches OSINT Taskforce to Hunt For Russian War Crimes

New unit will scour the internet for evidence

CyberNews

MacOS targeted by ClearFake malware campaign

A data-stealing program that targets Mac operating systems (OS) is being distributed by means of fake web browser updates.

Security Affairs

Citrix provides additional measures to address Citrix Bleed

Citrix urges admins to kill NetScaler user sessions after patching their appliances against the CVE-2023-4966 Citrix Bleed vulnerability.

CSO

Flaw in Citrix software led to the recent cyberattack on Boeing: Report

Malicious elements, including LockBit 3.0, managed to exploit vulnerabilities in Citrix software even after they were fixed.

The Hacker News

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.

The Record

Federal agencies investigating data breach at nuclear research lab

Idaho National Laboratory, a prominent nuclear research lab within the U.S. Department of Energy, is investigating the breach after a hacktivist group claimed to infiltrate its systems.

The Record

Australia drops plans to ban ransomware payments in new national cyber strategy

The Australian government had floated the idea of criminalizing ransomware payments by businesses. Instead, it plans to require them to disclose when they have been hit by a ransomware attack.

The Record

North Korean attack on CyberLink impacted devices around the world, Microsoft says

Microsoft has uncovered a supply chain attack by North Korean hackers who attached a malicious file to a CyberLink photo and video editing application installer.

The Record

Report claims to reveal identity of Russian hacktivist leader

Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.

Trend Micro

Packet Reflection Threats in Private 5G Networks

Dive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external networks.

The Record

Cyberattackers leaked data of 27,000 NYC Bar Association membersers

The Clop ransomware gang claimed to have attacked the organization in January. Eleven months later, the New York City Bar Association has finally acknowledged the incident.

DarkReading

Exploit for Critical Windows Defender Bypass Goes Public

Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.

Bleeping Computer

Hacktivists breach U.S. nuclear research lab, steal employee data

The Idaho National Laboratory (INL) confirms they suffered a cyberattack after 'SiegedSec' hacktivists leaked stolen human resources data online.

DarkReading

Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto

Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.

Cyber Security News

Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP

Rhysida, a new ransomware group, hit its first victim in May 2023. They use their ransomware, offered as RaaS (Ransomware-as-a-Service), with at least 50 global victims listed on their website.

Infosecurity News

DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown

DarkGate and PikaBot have been observed as part of phishing campaigns using the same tactics as the ones used by QakBot perpetrators

CyberNews

Cybersec executive caught hacking hospitals to boost business

Cybersecurity exec plead guilty to hacking hospitals to boost business.

Bleeping Computer

Criminal IP Becomes VirusTotal IP and URL Scan Contributor

The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you.

Cyber Security News

CISA Releases Cyber Attack Mitigation for Healthcare Organizations

CISA has released a Cyber Attack Mitigation Guide specifically tailored for the Healthcare and Public Health (HPH) Sector.

Cyber Security News

LummaC2 Employs Trigonometry to Track Mouse Movements

MaaS (Malware-as-a-Service) thrives as a top choice for new cyber threats, offering easy access to powerful tools. Threat actors primarily focus on information theft under Maas, specializing in stealing and leaking sensitive data from hacked devices.

Infosecurity News

Black Friday: Significant Security Gaps in E-Commerce Web Apps

Millions of consumers’ PII could be at risk due to exploitable vulnerabilities and a lack of basic security protocols in e-commerce web apps

The Hacker News

Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.

SecurityWeek

CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities

New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support.

CyberNews

The Grinch stole the Holidays: how bots affect Black Friday

Bot use in online shopping is driving prices far above the rate of inflation. During the busiest shopping season of the year, bots are causing headaches for both shoppers and retailers.

CyberNews

Ransomware that all the script kiddies want to Play with

The Russian-affiliated threat actor Play ransomware gang is now a service for sale, according to cybersecurity analyst Adlumin.

SecurityWeek

Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges

Interview with Craig Martell, Chief Digital and AI Officer (CDAO) for the U.S. Department of Defense, about AI use in the military.

SecurityWeek

Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program 10 Years Ago

Over the past ten years, Microsoft has handed out $63 million in rewards as part of its bug bounty programs.

CyberNews

US nuclear lab confirms data breach

Attackers claim to have breached the Idaho National Laboratory, a nuclear facility.

Infosecurity News

Cybersecurity Executive Pleads Guilty to Hacking Hospitals

Securolytics COO wanted to drum up custom

CyberNews

Appin group legacy: Indian cyber mercenaries will hack for coin

Researchers from SentilenLabs with a high confidence level attributed intrusions in Norway, Pakistan, China, and India to Appin.

Cyber Security News

Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability

Trend Micro researchers recently revealed Apache ActiveMQ vulnerability (CVE-2023-46604) was actively exploited.

Infosecurity News

Ukraine Sacks Two Senior Cyber Officials

Duo linked to corruption investigation

Infosecurity News

US Cybersecurity Lab Suffers Major Data Breach

Idaho National Laboratory is also a center for nuclear research

CyberNews

Cybersecurity analyst disowns threat actor ‘twin’

Vx-Underground is a regular fixture on Twitter, aka X, regularly posting bulletins regarding threat actors.

CyberSecurity Dive

SMBs hit by rise in legitimate tool-based attacks

Attackers are moving away from malware and evading detection by abusing remote monitoring and management software, according to Huntress research.

CSO

MOVEit carnage continues with over 2600 organizations and 77M people impacted so far

The number of companies impacted by one of the biggest cyberattack incidents of the year continues to grow.

The Record

‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA

The bug has caused alarm for weeks as cybersecurity experts warned that many government agencies and major companies were leaving their appliances exposed to the internet — opening themselves up to attacks.

The Record

Crypto firm Kronos Research says $26 million stolen after cyberattack

Cryptocurrency trading and investment firm Kronos Research said $26 million worth of cryptocurrency was stolen from its systems following a cyberattack.

The Record

Navy unveils its first cyber strategy

The U.S. Navy on Tuesday released its long-awaited cyber strategy, as the service tries to revamp its efforts in the digital domain after years of personnel and readiness issues.

DarkReading

Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw

Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.

CyberNews

Ukraine’s top two cybersecurity officials axed amid embezzlement probe

Two heads of Ukraine’s national cybersecurity agency were fired Monday amid accusations of participating in an embezzlement scheme involving millions in state funds.

CyberScoop

Detailed data on employees of U.S. national security lab leak online

The hacking group SiegedSed released personal data on thousands of employees at the Idaho National Laboratory, the nuclear research lab.

Bleeping Computer

VX-Underground malware collective framed by Phobos ransomware

A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.

CyberNews

British Library ransom attack claimed, data leak confirmed

The British Library confirms data has been leaked as it struggles to recover from a November 6 ransomware attack claimed by the e Rhysida ransom gang.

Bleeping Computer

Cybersecurity firm executive pleads guilty to hacking hospitals

The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company's business.

Security Affairs

Rhysida ransomware gang is auctioning data stolen from the British Library

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage.

CyberScoop

Senior Ukrainian cybersecurity officials sacked amid corruption probe

Yurii Shchyhol and Victor Zhora were accused of participating in a scheme to contract software at inflated prices.

Infosecurity News

CISA Unveils Healthcare Cybersecurity Guide

The guide outlines mitigation strategies and best practices to counteract prevalent cyber-threats

The Hacker News

NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors

Education, government, and businesses are under attack by NetSupport RAT, a dangerous remote access trojan.

CyberNews

Best botnet ad? An attack on OpenAI

Anonymous Sudan attacks on OpenAI and Cloudlfare are meant to show the groups' capabilities.

SecurityWeek

CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations

New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations.

The Hacker News

Product Walkthrough: Silverfort's Unified Identity Protection Platform

Silverfort's Unified Identity Protection Platform: A game-changer in cybersecurity. Discover how it protects organizations from identity-based attacks

Security Affairs

APT29 group exploited WinRAR 0day in attacks against embassies

Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.

SecurityWeek

Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products

Johnson Controls patches a critical vulnerability that can be exploited to take complete control of Frick industrial refrigeration products

SecurityWeek

5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms

Secure Services Edge (SSE) platforms can introduce loopholes & vulnerabilities; it's crucial to assess the risk profiles of SSE platforms.

SecurityWeek

Russia's LitterDrifter USB Worm Spreads Beyond Ukraine

Russian Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries.

The Hacker News

Why Defenders Should Embrace a Hacker Mindset

Prioritizing cybersecurity is key. Learn how to prioritize remediation based on impact and protect your organization's crown jewels.

SecurityWeek

250 Organizations Take Part in Electrical Grid Security Exercise

Over 250 organizations take part in GridEx VII, the largest North American exercise focusing on the security of the electrical grid.

SecurityWeek

US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities

The US Department of Energy is offering $70 million in funding to improve the cybersecurity of rural and municipal utilities.

Infosecurity News

Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit

Threat group may be looking for intel on Azerbaijan

SecurityWeek

K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs

K-12 schools improve protection against cyberattacks, but many are still vulnerable to ransomware gangs, says Biden administration

Infosecurity News

NCSC Announces New Standard For Indicators of Compromise

Security agency authors first RFC document for IETF

CyberNews

Most cyberattacks in Russia come from China and North Korea

China and North Korea were behind most of state-sponsored cyberattacks in Russia, according to the country’s security firm Solar.

Security Affairs

DarkCasino joins the list of APT groups exploiting WinRAR 0day

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831.

The Record

CISA launches pilot program offering ‘cutting-edge’ services to critical infrastructure orgs

The U.S. government is offering “cutting-edge cybersecurity shared services” to critical infrastructure organizations that need it most.

The Record

Two top Ukrainian cyber officials dismissed amid embezzlement probe

Two high-ranking cybersecurity officials in Ukraine were dismissed on Monday, according to a senior government official, amid an investigation into suspected embezzlement of state funds.

The Record

In recent interview, ousted Ukrainian cyber official spoke about new Russian attacks, long-term plans

Ukraine's anti-corruption agency sent shockwaves through the country's cybersecurity agencies on Monday morning, when it announced that it had launched an investigation into the procurement practices of a handful of its top cyber officials.

The Record

Greater Paris wastewater agency dealing with cyberattack

The organization that manages wastewater for nine million people in and around Paris was hit with a cyberattack last week.

The Record

British Library says ransomware hackers stole data from HR files

The British Library — one of the largest libraries in the world and the national library of the United Kingdom — said the ransomware gang behind a recent attack on its systems appeared to leak data stolen from its human resources files.

The Record

Nearly 9 million patients' records compromised in data breach

The attack on a medical transcription company is one of the worst healthcare-related data breaches in recent years, according to U.S. Department of Health and Human Services records.

Trend Micro

CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits

We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.

Bleeping Computer

9 days ago

Russian hackers use Ngrok feature and WinRAR exploit to attack embassies

After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.

Security Affairs

9 days ago

Security Affairs newsletter Round 446 by Pierluigi Paganini

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.

Cyber Security News

9 days ago

Weekly Cyber Security News Roundup for the Week of November 13th to 18th

Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.

The Hacker News

8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader

The threat actors behind the 8Base ransomware are utilizing a variant of the Phobos ransomware for their attacks.

The Hacker News

Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks

Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.

Bleeping Computer

The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs

Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.

CyberNews

North American grid regulator tests physical, cybersecurity preparedness

US Regulators held a two-day simulation to stress-test the North American grid's physical and cybersecurity preparedness, emergency response, and recovery plans.

DarkReading

Scattered Spider Casino Hackers Evade Arrest in Plain Sight

The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?

DarkReading

Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks

For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.

DarkReading

Actions to Take to Defeat Initial Access Brokers

Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.

SecurityWeek

In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit

Noteworthy stories that might have slipped under the radar: top law firm hacked, Chinese bank pays ransom, PyPI conducts first security audit

Bleeping Computer

CISA warns of actively exploited Windows, Sophos, and Oracle bugs

The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.

Bleeping Computer

British Library: Ongoing outage caused by ransomware attack

The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations.

The Hacker News

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

Operation SEO#LURKER: Cybercriminal are using fake Google ads to trick users searching for software into downloading malware.

Cyber Security News

FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group

Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.

SecurityWeek

CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability

CISA adds Sophos, Oracle and Microsoft product security holes to its Known Exploited Vulnerabilities (KEV) catalog.

CyberSecurity Dive

Threat actors behind Las Vegas casino attacks are social-engineering mavens

Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.

CyberSecurity Dive

FCC proposes 3-year cybersecurity pilot for schools, libraries

The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.

Infosecurity News

FBI Lifts the Lid on Notorious Scattered Spider Group

Security advisory details TTPs of prolific threat actors

SecurityWeek

CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack

Toyota Financial Services has been hit by a ransomware attack that may have involved exploitation of the CitrixBleed vulnerability.

CyberNews

Change of tactics: ALPHV reports target to SEC for failing to disclose breach

In what’s probably a first, the ALPHV/BlackCat ransomware gang has filed a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims.

The Hacker News

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

Beware of fake Python libraries! 27 malicious packages found on PyPI, disguised as legitimate ones.

Cyber Security News

FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands

Cybersecurity researchers identified a FortiSIEM injection flaw that lets execute malicious commands & tracked as "CVE-2023-36553."

The Hacker News

U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem

U.S. agencies warn about Scattered Spider cybercriminals using advanced phishing to steal data and extort victims.

The Hacker News

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.

CyberNews

City of Long Beach declares local emergency after cyberattack

The City of Long Beach, California declares a Local Emergency after a 'network security incident' on November 14th, forcing the city to shut down some systems..

CSO

CrowdStrike’s new Falcon Go delivers AI security to SMBs

CrowdStrike has released a new version of its Falcon platform designed to give small and medium-size businesses a new option for out-of-the-box security.

Ars Technica

Ransomware group reports victim it breached to SEC regulators

Group tells SEC that the victim is in violation for not reporting it was hacked.

The Record

Russian analysts point finger at China, North Korea over cyber activity

Despite the countries' warm relationship, Russia is being targeted by North Korean and Chinese state hacking groups, a cybersecurity firm connected to Rostelecom claims.

The Record

CISA, FBI warn of Scattered Spider expertise with social engineering, SIM swapping

The leading cybersecurity officials in the U.S. published a stark warning on Thursday about a group of hackers who have disrupted some of the largest companies in the country through social engineering and other tactics.

The Record

More than 330,000 Medicare recipients affected by MOVEit breach

In the latest disclosures related to a Russian ransomware gang’s exploitation of the popular MOVEit file transfer service, more than 330,000 Medicare recipients were confirmed affected in a leak of sensitive data from the government agency that oversees the program.

The Record

The United States has a new cyber czar — for a little while, anyway

Drenan Dudley, currently ONCD's deputy for strategy and budget, will take over the office temporarily with the departure of Kemba Walden, its acting director.

The Record

Remcos, again: Ukrainian agencies targeted in a new spying campaign

In a recent campaign, the hacking group tracked as UAC-0050 attempted to spread the Remcos remote access tool, according to research by Ukraine's computer emergencies response team (CERT-UA).

The Record

Multiple colleges, K-12 schools facing outages after cyberattacks

North Carolina Central University is investigating a cyberattack this week, as are school districts in Michigan, Oregon and Atlanta.

Trend Micro

ALPHV/BlackCat Take Extortion Public

Learn more about ALPHV filing a complaint with the Security and Exchange Commission (SEC) against their victim, which appears to be an attempt to influence MeridianLink to pay the ransom sooner than later.

The Record

Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks

A ransomware group that has been exploiting a vulnerability in Citrix products posted both companies to its leak site.

Bleeping Computer

Long Beach, California turns off IT systems after cyberattack

The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread.

Bleeping Computer

FBI shares tactics of notorious Scattered Spider hacker collective

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..

CyberNews

FBI warning on MGM hacker group Scattered Spider, urges victims to come forward

The FBI is warning organizations to guard against the Scattered Spider ransom group, responsible for the MGM and Caesars hacks, plus dozens more US attacks this year.

Bleeping Computer