Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws.
Bleeping Computer
US Health Dept urges hospitals to patch critical Citrix Bleed bug
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.
The Hacker News
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
Russian national Vladimir Dunaev found guilty for developing TrickBot malware, facing up to 35 years in prison.
HACKRead
Particle Network's Intent-Centric Approach Aims to Simplify and Secure Web3
Discover Particle Network’s Web3 evolution! From a Wallet-as-a-Service tool to the Intent-Centric Modular Access Layer, explore the platform’s commitment to empowering developers and enhancing user experiences.
CSO
Is China waging a cyber war with Taiwan?
Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports.
HACKRead
Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm
The targets included the Equipment used by the Municipal Water Authority of Aliquippa, Pennsylvania and Brewmation, a New York-based company specializing in turnkey brewing and distilling equipment.
Bleeping Computer
TrickBot malware dev pleads guilty, faces 35 years in prison
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide.
Ars Technica
1960s chatbot ELIZA beat OpenAI’s GPT-3.5 in a recent Turing test study
AI chatbot deception paper suggests that some bots (and people) aren't very persuasive.
PCMag
A Lucrative Scam: Black Basta Ransomware Gang Rakes in $107 Million
The Russian-speaking group has received Bitcoin payments totaling $107 million since 2022, according to a blockchain tracking firm.
SecurityWeek
Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere
Members of Congress asked the DoJ to investigate how hackers breached the Municipal Water Authority of Aliquippa in Pennsylvania.
HACKRead
Google to Delete Inactive Gmail Accounts From Today
According to Google, once your Gmail account is deleted, it will not be possible to recover photos, files, emails, contact information, or purchases such as music, apps, movies, or books that you may have acquired using your Google account.
Security Affairs
US govt sanctioned North Korea-linked APT Kimsuky
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against North Korea-linked APT group Kimsuky.
The Cyber Express
Manipulating Hacktivist Propaganda to Collect Cyber Behavioral Threat Information
The broader government and commercial cyber threat intelligence community is missing an opportunity to not only diffuse hacktivist propaganda, but
SecurityWeek
In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked
Utilities in the US and Europe targeted in cyberattacks, aerospace hacking, and Killnet Russian leader unmasked.
The Hacker News
New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
Researchers uncover FjordPhantom, a sophisticated malware targeting users in Southeast Asia.
SC Magazine
Black Basta’s ransom haul tops $100M in less than 2 years
Analysis reveals 18 of ransomware gang Black Basta’s 300-plus victims were extorted over $1 million each, with one handed over $9 million.
SecurityWeek
New 'Turtle’ macOS Ransomware Analyzed
New Turtle macOS ransomware is not sophisticated but shows that cybercriminals continue to target Apple devices.
Cyber Security News
Black Basta Ransomware Received Over $100 Million From Victims
Black Basta, a ransomware strain with more than 329 victims has been reported to have made more than $100 million in ransom payments.
The Hacker News
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
Chinese-speaking threat actor targeting Uzbekistan Ministry of Foreign Affairs and South Korean users with dangerous SugarGh0st RAT.
The Hacker News
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
Gcore's customer faced two massive DDoS attacks peaking at 1.1 and 1.6 Tbps. Discover the attacker's strategies and how Gcore defended against them.
The Hacker News
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password
WhatsApp's new Secret Code feature adds an extra layer of security to your private chats by setting unique passwords for locked chats.
SecurityWeek
Simple Attack Allowed Extraction of ChatGPT Training Data
Researchers found that a ‘silly’ attack method could have been used to trick ChatGPT into handing over training data.
The Hacker News
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
OFAC sanctions North Korea-linked group Kimsuky and 8 agents for supporting WMD programs.
Bleeping Computer
LogoFAIL attack can install UEFI bootkits through bootup logos
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits.
CSO
Conti-linked ransomware takes in $107 million in ransoms: Report
A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks.
HACKRead
Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities
Apple has recently released security updates to tackle two zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that hackers are actively exploiting.
The Record
XDSpy hackers attack military-industrial companies in Russia
A cyberespionage group known as XDSpy recently targeted Russian military-industrial enterprises, according to new research.
The Record
IoT vulnerability reporting obligations set to apply in EU from 2027
The new Cyber Resilience Act is intended to increase security standards for the Internet of Things. Manufacturers would face penalties for not properly reporting actively exploited vulnerabilities.
The Record
iPhones and Macs get patches for two vulnerabilities
The bugs affect iPhone XS and later; several models of iPads; and Macs running macOS Monterey, Ventura or Sonoma.
Trend Micro
Opening Critical Infrastructure: The Current State of Open RAN Security
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
The Record
60 credit unions facing outages due to ransomware attack on popular tech provider
The ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.
Bleeping Computer
Get 20% off Emsisoft's Enterprise Security EDR solution for the holidays
Emsisoft is having a holiday deal where you can get 20% off 1-year licenses of the Emsisoft Enterprise Security EDR solution through December 17th, 2023, with no license limits.
Bleeping Computer
Capital Health Hospitals hit by cyberattack causing IT outages
Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week.
HACKRead
Android Banking Malware FjordPhantom Steals Funds Via Virtualization
Currently, the FjordPhantom malware appears to be active in Southeast Asia, covering countries including Malaysia, Thailand, Indonesia, Singapore, and Vietnam.
Ars Technica
ChatGPT is one year old. Here’s how it changed the tech world.
Examining 365 days with OpenAI's bot: The good, the bad, the ugly—and the productive?
CyberNews
Hacktivism and its impacts on mental health
Hacktivism and its lesser-known impacts on mental health
Ars Technica
How Huawei made a cutting-edge chip in China and surprised the US
China's flagship smartphone maker pulled off the feat despite sanctions.
Infosecurity News
FjordPhantom Android Malware Targets Banks With Virtualization
Promon said one FjordPhantom attack resulted in a substantial loss of approximately $280,000
Infosecurity News
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool
The new ScrubCrypt obfuscation tool is designed to avoid antivirus protections
SecurityWeek
Qlik Sense Vulnerabilities Exploited in Ransomware Attacks
Qlik Sense vulnerabilities CVE-2023-41266, CVE-2023-41265 and CVE-2023-48365 exploited for initial access in Cactus ransomware attacks.
SecurityWeek
Black Basta Ransomware Group Received Over $100 Million From 90 Victims
The Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments.
Cyber Security News
Is Your Online Store Hacked in a Carding Attack? Here's an Action Plan to Protect
Carding attacks primarily target information embedded in payment cards, such as credit or debit cards,The attackers, known as carders.
CyberNews
Fortune-telling website exposes 13M+ user records
WeMystic data leak expose platform's users.
The Hacker News
This Free Solution Provides Essential Third-Party Risk Management for SaaS
Wing Security offers FREE third-party risk assessment for SaaS, enhancing cybersecurity in the digital era. Learn more in this article.
CyberNews
Russia-linked Black Basta ransomware has extorted at least $100 million
Black Basta, which is believed to be a faction of the notorious Russian Conti ransomware gang, has raked in at least $107 million in ransom payments.
SecurityWeek
Google's RETVec Open Source Text Vectorizer Bolsters Malicious Email Detection
Google shows how RETVec, a new and open source text vectorizer, can improve the detection of phishing attacks and spam.
Infosecurity News
Okta Admits All Customer Support Users Impacted by Breach
Exposure is limited to names and emails for most
The Cyber Express
NoEscape Ransomware Group Strikes Again, Claims Science History Institute Data Breach
NoEscape ransomware group has listed Science History Institute on its dark web portal. Science History Institute shares stories of significant
The Cyber Express
US Treasury Sanctions Sinbad.io for Alleged Role in Lazarus Group’s Money Laundering
In a significant move to combat cyber-enabled criminal activities, the U.S. Department of the Treasury's Office of Foreign Assets Control
Cyber Security News
Okta Hack: Threat Actors Downloaded all Customer Support System Users' Data
Okta Security has unearthed additional intricacies surrounding the unauthorized intrusion into its customer support system.
The Cyber Express
Honey Birdette Data Breach Linked to 8Base Hacker Group, Lingerie Brand Yet to Confirm
Luxury lingerie brand Honey Birdette seems to have become the latest target of the notorious 8Base ransomware group. The hacker
CyberNews
US car dealer admits data breach
Berglund Management Group has disclosed a data breach that may have affected more than 50,000 people in the US.
CSO
Okta confirms recent hack affected all customers within the affected system
Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident.
The Hacker News
U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers
The U.S. Treasury Department has imposed sanctions against a virtual currency mixer called Sinbad.
CyberNews
Elon Musk says "Go F**k Yourself" to advertisers who left X over antisemitic content
Billionaire Elon Musk told advertisers that have fled his social media platform X over antisemitic content to "Go fuck yourself" in a fiery Wednesday interview.
CSO
Amazon debuts biometric security device, updates Detective and GuardDuty
Amazon’s latest security offerings, announced at its re:Invent conference, cover everything from advanced biometrics to new tools for defeating runtime and cloud threats, including identity and access management (IAM) capabilities.
CSO
Almost all developers are using AI despite security concerns, survey suggests
About 96% of developers are using AI tools and nearly eight out of 10 coders are bypassing security policies to use them, while placing unfounded trust into AI’s competence and security, according to the report by Snyk.
The Record
Suspected China-based hackers target Uzbekistan gov’t, South Koreans, Cisco says
Hackers believed to be based in China are targeting the Uzbekistan Ministry of Foreign Affairs, as well as people in South Korea, with a strain of malware called SugarGh0st, according to a new report.
The Record
Latest severe Chrome bug prompts CISA warning
A severe vulnerability that led Google to issue an emergency update of the Chrome browser has been exploited on the open internet, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed Thursday.
The Record
Thanksgiving hack on North Carolina city caused leak of employee data
A city in North Carolina is warning government employees that data from its systems may have been accessed in a pre-Thanksgiving holiday incident.
The Record
Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta
Influence operations from Russia and China are ramping up on social media in the run-up to several key elections that will take place in 2024, Meta said in a new report.
The Record
More than $100 million in ransom paid to Black Basta gang over nearly 2 years
Research from blockchain security company Elliptic and Corvus Insurance tracks payments made to the Black Basta group since its apparent inception in early 2022.
PCMag
US Warns of Iranian Hackers Targeting Water Facilities
The US Cybersecurity and Infrastructure Security Agency issues the warning after Iranian hackers reportedly breached a water supplier in Pennsylvania.
Bleeping Computer
Dollar Tree hit by third-party data breach impacting 2 million people
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies.
Bleeping Computer
Dollar Tree hit by third-party data breach impacting 2 million customers
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 customers after the hack of service provider Zeroed-In Technologies.
Ars Technica
Stable Diffusion Turbo XL can generate AI images as fast as you can type
Even at home, SDXL Turbo can create detailed images with startling speed.
HACKRead
Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data
The Zoom vulnerability was originally discovered in June 2023. Despite the discovery being made earlier, the details were only publicly disclosed on November 28, 2023.
HACKRead
US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group
According to the US government, Sinbad.io provided its services to the Lazarus group to launder money stolen from numerous data breaches, including those affecting Horizon Bridge, Axie Infinity, and Atomic Wallet.
Bleeping Computer
SIM swapper gets 8 years in prison for account hacks, crypto theft
Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft.
SC Magazine
All Okta customer support users exposed in October breach, company discloses
While Okta did not report how many customers were affected, the company’s website says more than 18,000 customers use its platform.
Bleeping Computer
Black Basta ransomware made over $100 million from extortion
Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic.
HACKRead
Cybercriminals Exploit ActiveMQ Flaw to Spread GoTitan Botnet, PrCtrl Rat
The recently discovered GoTitan botnet is built on the Golang programming language, whereas PrCtrl Rat is a .NET program.
Bleeping Computer
Japanese Space Agency JAXA hacked in summer cyberattack
The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, potentially compromising sensitive space-related technology and data.
Infosecurity News
GoTitan Botnet and PrCtrl RAT Exploit Apache Vulnerability
Fortiguard Labs identified multiple threat actors leveraging CVE-2023-46604, despite patches
SecurityWeek
Keyless Goes Independent, Raises $6M for Biometric Authentication
British startup building biometric authentication technology has snagged $6 million in a new round of funding led by Rialto Ventures.
PCMag
Okta: October Breach Actually Affected All Customer Support Users
The breach was originally believed to have only hit 134 corporate clients, but Okta now says it involved the 'names and email addresses of all Okta customer support system users.'
CyberNews
Digital wallets and the rise of the identity trojan
Identity trojans in the age of digital wallets and decentralized identity
Bleeping Computer
How Continuous Pen Testing Protects Web Apps from Emerging Threats
The nature and ubiquity of modern web apps make them rife for targeting by hackers. Learn more from Outpost24 about the value of continuous monitoring to secure modern web apps.
CyberNews
Okta breach impacts all of its customers
Okta data breach impacted all of its users.
SecurityWeek
Okta Broadens Scope of Data Breach: All Customer Support Users Affected
Okta expands scope of October breach, saying hackers stole names and email addresses of all its customer support system users.
Cyber Security News
GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ.
The Cyber Wire
Ukraine at D+683: Disinformation operations.
Russian leaders advance an expansive and ethnocentric narrative of the Russian world to justify Russian expansion.
Bleeping Computer
Okta: October data breach affects all customer support system users
Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users.
CyberNews
KidSecurity’s user data compromised after app failed to set password
KidSecurity tracking app exposed sensitive data.
SecurityWeek
CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack
After hackers compromised ICS at a US water utility, CISA issued a warning over the exploitation of the targeted Unitronics PLC.
The Cyber Express
General Electric Data Breach: Hacker Claims Sale of Leaked GE Information
The notorious hacker, operating under the alias IntelBroker, has purportedly claimed to have successfully sold a collection of allegedly stolen
SecurityWeek
Five Cybersecurity Predictions for 2024
Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape.
CyberNews
In the age of AI, “authentic” is Merriam-Webster’s word of 2023
Merriam-Webster, a publishing company known for its dictionaries, has chosen “authentic” as its word of the year, highlighting the impact of the rise of AI.
The Cyber Express
First American Title Insurance Settles $1M Breach Case with NY Authorities
The NY State Department of Financial Services has reached a $1 million settlement with First American Title Insurance Co. for
Security Affairs
Okta reveals additional attackers' activities in October 2023 Breach
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach.
SecurityWeek
Google Will Start Deleting ‘Inactive’ Accounts in December. Here’s What You Need to Know
Under Google’s updated inactive-account policy, accounts that haven’t been used in at least two years can be deleted.
HACKRead
OwnCloud "graphapi" App Vulnerability Exposes Sensitive Data
OwnCloud has fixed the issue in version 10.9.01 but urges customers to change their OwnCloud admin password, database and mail server credentials.
The Hacker News
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn
A new report reveals an ongoing Android malware campaign targeting Iranian banks with over 200 malicious apps.
The Cyber Express
Play Ransomware Group Lists 17 Victims, 14 US-Based Companies Named
Infamous Play ransomware group has extended its list of victims by adding 17 new names of companies based in the
The Hacker News
Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions
Don't Rely on Antivirus Alone. Discover why proactive web security is crucial in the ever-changing digital landscape.
Latest Hacking News
Google Workspace Design Flaw Allows Unauthorized Access
Researchers publicly disclosed a design flaw affecting Google Workspace that allows unauthorized access. While they responsibly disclosed the vulnerability to Google, the bug remained unpatched until public disclosure. The researchers urge the users to implement
The Cyber Express
Okta Data Breach: Hackers Access Data of All Customer Support Users, Says Firm
In a letter to clients, Okta revealed that hackers who breached the cybersecurity firm's customer support system had obtained data
Security Affairs
Thousands of secrets lurk in app images on Docker Hub
Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications.
Computerworld
GenAI is highly inaccurate for business use — and getting more opaque
As generative AI platforms ingest greater oceans of data and get connected to more and more corporate databases, researchers are sounding an alarm: the tools are highly inaccurate and becoming more inscrutable.
Computerworld
How to go incognito in Chrome, Edge, Firefox, and Safari
While incognito mode in any of the big four web browsers offers a measure of privacy, it doesn’t completely hide your tracks online. Here’s how the feature works in each browser, and how to use it.
CSO
FBI probes into Pennsylvanian water utility hack by pro-Iran group
Federal and state investigations are underway for the recent pro-Iran hack into a Pennsylvania-based water utility targeting Israel-made equipment.
The Cyber Express
Cyberattack on Japan’s Space Agency JAXA Confirmed!
Japan's space agency, JAXA, confirmed that it had been the subject of a cyberattack. On Wednesday, a spokesperson from Japan's
The Cyber Express
LockBit Ransomware Group Claims Cyberattack on India’s National Aerospace Laboratories
India's National Aerospace Laboratories (NAL) faces a serious threat as the notorious LockBit ransomware group has claimed responsibility for a
The Hacker News
Okta Discloses Broader Impact Linked to October 2023 Support System Breach
Okta detected additional malicious activity tied to the October 2023 breach. Names and emails of support system users were compromised.
The Hacker News
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
🚨 Apache ActiveMQ's CVE-2023-46604 vulnerability is under active exploitation by threat actors, leading to the distribution of a new Go-based botnet
The Hacker News
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
Google released security updates for Chrome to fix seven issues, including an actively exploited zero-day vulnerability (CVE-2023-6345).
CSO
Amazon’s AWS Control Tower aims to help secure your data’s borders
As digital compliance tasks and data sovereignty rules get ever more complicated, Amazon wants automation to help.
Ars Technica
ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
Easy-to-exploit flaw can give hackers passwords and cryptographic keys to vulnerable servers.
CyberScoop
Pennsylvania water facility hit by Iran-linked hackers
An anti-Israel hacking group with links to Iran forced a water facility in Pennsylvania to go into manual operations.
Krebs on Security
Okta: Breach Affected All Customer Support Users
When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of…
The Record
Okta security breach affected all customer support system users
A breach announced by Okta last month was far larger than previously understood.
The Record
Japan's space agency hit by cyberattack
Japan's aerospace exploration agency (JAXA) was hit by a cyberattack, a government representative said during the briefing on Wednesday.
The Record
Cybercriminals expand targeting of Iranian bank customers with known mobile malware
A campaign first noted in July has expanded to 200 fake mobile apps targeting customers of about a dozen banks, according to researchers at Zimperium.
The Record
Google network displayed ads on sanctioned websites, report shows
The Google Search Partners network showed ads from corporations and government agencies on sites belonging to sanctioned Iranian and Russian entities, according to a report from Adalytics.
Security Affairs
International police operation dismantled prominent Ukraine-based Ransomware group
An international law enforcement operation dismantled the core of a ransomware group operating from Ukraine.
Bleeping Computer
DP World confirms data stolen in cyberattack, no ransomware used
International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. However, no ransomware payloads or encryption was used in the attack.
Cyber Security News
Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover - Hunters
BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 – A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. This kind of attack might compromise […]
The Cyber Wire
Ransomware attacks against healthcare organizations.
Why criminals find healthcare organizations attractive targets.
Infosecurity News
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds
AI-powered tools are among the top fraud techniques used by threat actors in 2023, according to Sumsub’s third annual Identity Fraud Report
SecurityWeek
Police Dismantle Major Ukrainian Ransomware Operation
Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader.
Latest Hacking News
Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters
BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw in Google Workspace's domain-wide delegation feature discovered by threat hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing
SecurityWeek
Critical Vulnerability Found in Ray AI Framework
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.
SecurityWeek
Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets
AWS announces Amazon One Enterprise, a palm-based identity service that enables users to easily access physical locations and digital assets.
CyberNews
Thousands of secrets lurk in app images on Docker Hub
The Docker Hub store has at least 5,493 container images that contain secrets and could be considered as exposing sensitive information.
Ars Technica
Hackers spent 2+ years looting secrets of chipmaker NXP before being detected
Chipmaker claims breach had no "material adverse effect."
The Hacker News
Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
Researchers reveal a critical design flaw in Google Workspace, dubbed "DeleFriend," that could allow attackers to steal emails, exfiltrate data.
The Cyber Wire
Ukraine at D+682: OSINT on morale, and a coming hacktivist shakeup.
Storms impede ground operations. Smartphones as intelligence sources (and as a security problem). Notes on hacktivist auxiliaries, both Russian and Ukrainian.
Infosecurity News
Cybercriminals Hesitant About Using Generative AI
An analysis of dark web forums revealed many threat actors are skeptical about using tools like ChatGPT to launch attacks
Infosecurity News
Americans Receive Two Billion Spam Calls Per Month
Truecaller warns malicious calls make up the majority
CyberSecurity Dive
NY reaches $1M breach settlement with First American Title Insurance
The company exposed millions of documents of non-public customer data, through a vulnerability in a proprietary application.
The Hacker News
Stop Identity Attacks: Discover the Key to Early Threat Detection
Account takeover: the new favorite tool for hackers. Discover the latest strategies in identity protection and why traditional methods might not be en
Infosecurity News
CISA Warns Congress on Chemical Industry Terror Attacks
Security agency wants to resume critical CFATS inspections
SecurityWeek
Ardent Hospitals Diverting Patients Following Ransomware Attack
Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations.
CyberNews
Almost two million affected by data company Zeroed-In Technologies breach
HR data analytics company Zeroed-In Technologies was hacked in August this year.
CyberNews
Meta's paid ad-free service targeted in Austrian privacy complaint
Meta’ paid no-ads subscription service launched in Europe this month faces a test as advocacy group NOYB on Tuesday filed a complaint with an Austrian regulator.
The Cyber Wire
Iran hits Pennsylvania water utility.
Iranian hacktivists claim an attack on a Pennsylvania water utility.
CyberNews
North American auto supplier Yanfeng claimed by Qilin ransom group
The ransomware attack on Yanfeng – a North American auto parts supplier for GM and Stellantis' Jeep, Dodge, and Ram in North America is claimed by the Qilin ransom gang.
The Hacker News
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
Lazarus Group's evolving cyber tactics target macOS systems by combining elements from multiple malware campaigns for better effectiveness and to avoi
Krebs on Security
ID Theft Service Resold Access to USInfoSearch Data
One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned.
Bleeping Computer
Microsoft deprecates Defender Application Guard for Office
Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an alternative.
DarkReading
General Electric, DARPA Hack Claims Raise National Security Concerns
Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.
Ars Technica
Amazon’s $195 thin clients are repurposed Fire TV Cubes
Amazon Workspaces Thin Client is a Fire TV Cube with different software.
The Hacker News
How to Handle Retail SaaS Security on Cyber Monday
Cyber Monday Alert: $13.7 billion in spending today! Retailers, safeguard your SaaS apps to protect customer data.
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
CyberNews
Ardent confirms hospitals disrupted over ransomware attack
Ardent Health Services hospitals deal with disruptions.
Bleeping Computer
Leveraging Wazuh to combat insider threats
Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform.
Bleeping Computer
Google Drive users angry over losing months of stored data
Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.
CyberNews
Children in UK abusing AI to create explicit images of classmates
Children in the UK are using AI image generators to make indecent images of other children. It’s a concerning – and illegal – trend, an internet safety group has warned.
The Hacker News
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
The study highlights a vulnerability in SSH servers that allows passive attackers to obtain private RSA host keys.
CyberSecurity Dive
Authorities pushing for secure AI development practices
CISA and the U.K.’s cyber agency released the guidelines as part of a global effort to ensure AI is developed using security as a core component.
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
CyberSecurity Dive
Fidelity National Financial investigating cyberattack that led to service disruption
AlphV/BlackCat claimed responsibility for the attack on the title insurance giant, which is trying to determine whether the attack will have a material impact.
CyberNews
Hackers target Europe’s grid, Ukraine to use new Cisco device for protection
Since Russia's invasion of Ukraine, Europe’s energy grids have been targeted by thousands of cyberattacks.
CyberSecurity Dive
SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers
Each business stakeholder has a different cyber risk management responsibility. Given the SEC’s coming disclosure rules, it’s even more important to outline who owns what.
CyberNews
Robeson Health Care admits data breach
A healthcare provider in the US has disclosed a data breach that may have exposed the sensitive data of tens of thousands.
CSO
GE investigates alleged data breach into confidential projects: Report
General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker.
-1.webp)
Cyber Security News
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive
SysJoker malware, a multi-platform backdoor with several variants for Windows, Linux, and Mac, has been observed being used by a Hamas-affiliated APT to target Israel. This malware was first identified by Intezer in 2021 and was recently used in targeted attacks. Checkpoint researchers disclosed the malware’s growth, variations in the intricacy of its execution flow, and […]
CyberSecurity Dive
The top cybersecurity events and conferences in 2024, according to security pros
Which security conferences are teams prioritizing in 2024? A new report reveals the 7 most popular events in the cybersecurity calendar.
SecurityWeek
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons
The U.S. military is increasing use of artificial intelligence (AI) technology that will fundamentally alter the nature of war.
The Record
Tao Thomsen and the effort to back up what makes Ukraine uniquely Ukrainian
Since the beginning of Russia’s invasion of Ukraine, government officials, independent media organizations, and nonprofits have accused Russia of deliberately targeting churches and libraries and looting its most important museums.
The Record
Second top Ukrainian cyber official arrested amid corruption probe
Viktor Zhora, the ex-deputy head of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP), is accused of facilitating a corruption scheme involving the procurement of software.
The Record
Multiple hospitals divert ambulances after ransomware attack on parent company
Ardent Health Services confirmed that it was responding to an incident. Hospitals in Texas, Idaho, Oklahoma, New Mexico and New Jersey reported problems over several days.
The Record
Suspected Hamas-linked hackers target Israel with new version of SysJoker malware
Cybersecurity companies Check Point and Intezer analyzed what appears to be a rewrite of backdoor malware that targeted Israel's education sector as early as 2021.
The Record
Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial
The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
-1.webp)
Cyber Security News
Hackers Using Malicious Browser Extensions to Steal Facebook Business Accounts
Ducktail is a specifically designed information stealer that can have severe consequences, such as privacy breaches and identity theft.
The Hacker News
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
A new web shell called HrServ is part of a suspected APT attack in Afghanistan. HrServ can erase tracks and execute code in memory.
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
Security Affairs
App used by hundreds of schools leaking children's data
Almost a million files with minors' data, including home addresses and photos were left open to anyone on the internet.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
Bleeping Computer
Cyberattack on IT provider CTS impacts dozens of UK law firms
A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday.
SecurityWeek
North Korean Software Supply Chain Attack Hits North America, Asia
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack.
Infosecurity News
Cyber-Attack Disrupts UK Property Deals
A legal sector specialist infrastructure service provider has experienced a service outage that is impacting up to 200 conveyancing firms across the UK
SecurityWeek
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.
CyberNews
Pro-Russian disinfo campaign using Israel-Hamas war to stir chaos
A disinformation campaign, run or backed by Russia, has been using the Israel-Hamas war to try to create tensions elsewhere in the world.
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
Cyber Security News
APT Groups Using HrServ Web Shell to Hack Windows Systems
A HrServ web shell is a malicious script or program that enables remote administration of a server, allowing unauthorized access and control.
The Record
North Korean supply chain attacks prompt joint warning from Seoul and London
The alert came as the two governments announced a new strategic cyber partnership “to disrupt and deter DPRK malicious cyber capabilities and activities that contribute to its WMD programs.”
The Record
Vanderbilt University Medical Center investigating cybersecurity incident
Vanderbilt University Medical Center said it is investigating a cybersecurity incident that led to the compromise of a database.
The Record
Sacked Ukrainian cyber chief released on bail amid corruption probe
Ukraine's former cybersecurity chief was released from detention on Friday on $700,000 bail, according to Ukraine’s anti-corruption non-profit.
The Record
How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall
A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.
Infosecurity News
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
Security Affairs
Welltok data breach impacted 8.5 million patients in the U.S.
Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S.
CyberNews
MadCat ransom gang caught stealing from other criminals
New ransomware linked by security researchers to suspected scammers who pretended to sell passport details on the dark web.
CyberNews
Big Brothers Big Sisters of America targeted by cybercriminals
Cybercriminals have attacked the non-profit Big Brothers Big Sisters of America (BBBSA) stealing private user data from the organization's network.
The Hacker News
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
New Malware Alert: WailingCrab, a sophisticated loader, is spreading via shipping-themed email messages.
CyberNews
Cyber pros avoid smart devices: there is a good reason
Each new smart device creates a new vulnerability at home by providing a fresh attack vector for attackers. And some devices could cause actual physical harm.
SecurityWeek
Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK
Broadcom has cleared all regulatory hurdles and will complete its $69 billion acquisition of cloud technology company VMware.
The Hacker News
6 Steps to Accelerate Cybersecurity Incident Response
Effective Incident Response is more than just tools. It's a process. Explore the 6-step framework for successful IR.
The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
CyberNews
Ingo Money claimed by Inc ransomware
Ingo Money suspected to have suffered a ransomware attack.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
CyberNews
App used by hundreds of schools leaking children's data
Almost a million files with minors' data, including home addresses, photos, and information about the school they attend, were left open to anyone on the internet, posing a threat to children.
CyberNews
City in Texas attacked by Akira ransomware gang
Nassau Bay has admitted to having suffered a ransomware attack, leaving more than 8,000 affected.
Computerworld
What is Contact Key Verification and how is it used?
Apple’s iMessage will soon offer a new secure identity verification system enterprise professionals might want to use: Contact Key Verification.
CyberNews
Tri Counties Bank breach exposes user financial data
Tri Counties Bank data breach expose customer financial details.
Security Affairs
Automotive parts giant AutoZone disclosed data breach after MOVEit hack
American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack
Cyber Security News
Bug Hunter GPT - AI Assistant that Replies for Hacking Questions
A 23-year-old hacker and CS student, Paolo Arnolfo (@sw33tLie) recently introduced "Bug Hunter GPT," an AI assistant.