SecurityWeek
Exploitation of Critical ownCloud Vulnerability Begins
Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.
The Hacker News
Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
A coordinated effort led to the arrest of key figures in Ukraine linked to various ransomware attacks, involving LockerGoga, MegaCortex, and Dharma.
The Hacker News
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
A vulnerability in Microsoft Access that could be exploited to leak a Windows user’s NTLM tokens.
Bleeping Computer
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
The Hacker News
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
Lazarus Group's evolving cyber tactics target macOS systems by combining elements from multiple malware campaigns for better effectiveness and to avoi
Security Affairs
Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia
Ukraine's intelligence service announced the hack of the Russian Federal Air Transport Agency, 'Rosaviatsia.'
Bleeping Computer
Ukraine says it hacked Russian aviation agency, leaks data
Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector.
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
Latest Hacking News
Konni RAT Malware Campaign Spreads Via Malicious Word Files
Researchers caught a new campaign from the notorious Konni RAT malware exploiting malicious Word files. The threat actors distribute the malware via malicious macros embedded in Word files that infect the target systems. Konni RAT Malware
SecurityWeek
Hacktivism: What’s in a Name… It May be More Than You Expect
Hacktivists should be treated as malicious hackers because the distance between hacking/activism, malevolence, and damage is too small and too vague.
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
SecurityWeek
Hackers Hijack Industrial Control System at US Water Utility
Municipal Water Authority of Aliquippa confirms that hackers took control of a booster station, but says no risk to water supply.
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
SecurityWeek
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons
The U.S. military is increasing use of artificial intelligence (AI) technology that will fundamentally alter the nature of war.
The Record
Suspected Hamas-linked hackers target Israel with new version of SysJoker malware
Cybersecurity companies Check Point and Intezer analyzed what appears to be a rewrite of backdoor malware that targeted Israel's education sector as early as 2021.
The Record
Tao Thomsen and the effort to back up what makes Ukraine uniquely Ukrainian
Since the beginning of Russia’s invasion of Ukraine, government officials, independent media organizations, and nonprofits have accused Russia of deliberately targeting churches and libraries and looting its most important museums.
The Record
AI systems ‘subject to new types of vulnerabilities,’ British and US cyber agencies warn
British and U.S. cybersecurity authorities published guidance on Monday about how to develop artificial intelligence systems in a way that will minimize the risks they face from mischief-makers through to state-sponsored hackers.
The Record
Ukraine claims cyber operation against Russian aviation agency
Ukraine's defense intelligence directorate reported that it had completed a “complex special operation in cyberspace” against Rosaviatsia, which oversees Russian civil aviation.
The Record
Second top Ukrainian cyber official arrested amid corruption probe
Viktor Zhora, the ex-deputy head of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP), is accused of facilitating a corruption scheme involving the procurement of software.
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
-1.webp)
Cyber Security News
Hackers Using Malicious Browser Extensions to Steal Facebook Business Accounts
Ducktail is a specifically designed information stealer that can have severe consequences, such as privacy breaches and identity theft.
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
Security Affairs
Exposed Kubernetes secrets can fuel supply chain attacks
Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations.
SecurityWeek
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.
CyberNews
Pro-Russian disinfo campaign using Israel-Hamas war to stir chaos
A disinformation campaign, run or backed by Russia, has been using the Israel-Hamas war to try to create tensions elsewhere in the world.
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
Security Affairs
North Korea-linked Konni APT uses Russian-language documents
North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware .............
The Record
How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall
A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.
The Record
North Korean supply chain attacks prompt joint warning from Seoul and London
The alert came as the two governments announced a new strategic cyber partnership “to disrupt and deter DPRK malicious cyber capabilities and activities that contribute to its WMD programs.”
The Record
Sacked Ukrainian cyber chief released on bail amid corruption probe
Ukraine's former cybersecurity chief was released from detention on Friday on $700,000 bail, according to Ukraine’s anti-corruption non-profit.
Infosecurity News
Rug Pull Schemes: Crypto Investor Losses Near $1M
New scam identified by Check Point Threat Intelligence Blockchain system
The Hacker News
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.
CyberNews
MadCat ransom gang caught stealing from other criminals
New ransomware linked by security researchers to suspected scammers who pretended to sell passport details on the dark web.
CyberNews
X bringing headlines back to news links
X owner Elon Musk has had a change of heart about the platform’s new headline policy after his own recent post didn’t make sense.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
Security Affairs
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack.
The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
Infosecurity News
US Seizes $9m From Pig Butchering Scammers
Crypto funds are traced back to dozens of victims
CyberNews
Microsoft alerts CyberLink to North Korean threat
Microsoft has alerted software company CyberLink to the misuse of its software by North Korean group Diamond Sleet.
CSO
Cyberattacks on Israel intensify as the war against Hamas rages: Check Point
Cyberattacks have grown in frequency as well as sophistication as the Israel-Hamas conflict intensifies.
CyberNews
FEAM Aero reportedly hit by ransomware
Feam Aero, the global aircraft maintenance and technical services company, has been claimed by the LockBit ransomware gang.
Bleeping Computer
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
Bleeping Computer
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
Infosecurity News
Employee Policy Violations Cause 26% of Cyber Incidents
Kaspersky said the figure closely rivals the 20% attributed to external hacking attempts
The Hacker News
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean hackers posing as recruiters infect software developers with cross-platform malware.
Cyber Security News
Hackers Exploiting 0-day RCE Flaws in the Wild to Deploy Mirai Malware
The Mirai botnet is a malicious network of infected computers, routers, and IoT devices harnessed by cybercriminals to launch large-scale DDoS attacks.
CyberNews
Killmilk allegedly identified as 30-year-old ex-convict – media
Killnet leader, Killmlilk, had his identity revealed.
Infosecurity News
Europol Launches OSINT Taskforce to Hunt For Russian War Crimes
New unit will scour the internet for evidence
CSO
Flaw in Citrix software led to the recent cyberattack on Boeing: Report
Malicious elements, including LockBit 3.0, managed to exploit vulnerabilities in Citrix software even after they were fixed.
The Record
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
The Record
Serbian civilians targeted with Pegasus on eve of national elections
Two international NGOs analyzed mobile devices belonging to two Serbians and found traces of spyware attack attempts.
The Record
North Korean attack on CyberLink impacted devices around the world, Microsoft says
Microsoft has uncovered a supply chain attack by North Korean hackers who attached a malicious file to a CyberLink photo and video editing application installer.
.webp)
Cyber Security News
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Rhysida, a new ransomware group, hit its first victim in May 2023. They use their ransomware, offered as RaaS (Ransomware-as-a-Service), with at least 50 global victims listed on their website.
DarkReading
AI Helps Uncover Russian State-Sponsored Disinformation in Hungary
Researchers used machine learning to analyze Hungarian media reports and found Russian narratives soured the nation's perspective on EU sanctions and arms deliveries months before the Ukraine invasion.
CyberNews
Ransomware that all the script kiddies want to Play with
The Russian-affiliated threat actor Play ransomware gang is now a service for sale, according to cybersecurity analyst Adlumin.
CyberNews
US nuclear lab confirms data breach
Attackers claim to have breached the Idaho National Laboratory, a nuclear facility.
Infosecurity News
Ukraine Sacks Two Senior Cyber Officials
Duo linked to corruption investigation
CyberNews
AutoZone adds itself to MOVEit victim list
US automotive parts giant says up to nearly 185,000 people may have been affected by cyberattack earlier this year.
CSO
MOVEit carnage continues with over 2600 organizations and 77M people impacted so far
The number of companies impacted by one of the biggest cyberattack incidents of the year continues to grow.
The Hacker News
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
China-linked Mustang Panda cyber actor targets Philippines government entity amid South China Sea tensions.
Bleeping Computer
Tor Project removes relays because of for-profit, risky activity
The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users.
Bleeping Computer
Microsoft fixes ‘Something Went Wrong’ Office sign-in errors
Microsoft is rolling out fixes for known Microsoft 365 issues causing 'Something Went Wrong [1001]' sign-in errors and rendering desktop applications unusable for many customers.
DarkReading
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
CyberNews
Best botnet ad? An attack on OpenAI
Anonymous Sudan attacks on OpenAI and Cloudlfare are meant to show the groups' capabilities.
.webp)
Cyber Security News
LitterDrifter Powershell Worm Rapidly Spreads on USB Drives by Itself
Gamaredon (aka Primitive Bear, ACTINIUM, and Shuckworm), stands out in Russian espionage by exclusively targeting Ukrainian entities.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
SecurityWeek
Russia's LitterDrifter USB Worm Spreads Beyond Ukraine
Russian Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries.
CyberSecurity Dive
CISA explains how to apply secure-by-design principles
The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said.
SecurityWeek
250 Organizations Take Part in Electrical Grid Security Exercise
Over 250 organizations take part in GridEx VII, the largest North American exercise focusing on the security of the electrical grid.
SecurityWeek
K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs
K-12 schools improve protection against cyberattacks, but many are still vulnerable to ransomware gangs, says Biden administration
CyberNews
Canadian Armed Forces, Mounties exposed in data breach
Members of the Canadian Armed Forces members, public servans, Mounties were exposed in a massive data breach.
CyberNews
Most cyberattacks in Russia come from China and North Korea
China and North Korea were behind most of state-sponsored cyberattacks in Russia, according to the country’s security firm Solar.
CyberNews
Welltok MOVEit hack impacts 1.6M individuals
Welltok MOVEit Trasnfer breach impacted millions of individuals.
The Record
In recent interview, ousted Ukrainian cyber official spoke about new Russian attacks, long-term plans
Ukraine's anti-corruption agency sent shockwaves through the country's cybersecurity agencies on Monday morning, when it announced that it had launched an investigation into the procurement practices of a handful of its top cyber officials.
Security Affairs
Security Affairs newsletter Round 446 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
SecurityWeek
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks.
CyberNews
European Commission, IBM pull ads from Elon Musk’s X
The EU’s executive branch said advertising on X posed “reputational damage” while IBM pulled ads after they were displayed next to Nazi content.
-1-1.webp)
Cyber Security News
Malware Discovered in Kids' Tablet steals sensitive data
In the ever-expanding market of Android devices, the allure of budget-friendly options can sometimes conceal unforeseen risks.
SecurityWeek
CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability
CISA adds Sophos, Oracle and Microsoft product security holes to its Known Exploited Vulnerabilities (KEV) catalog.
Infosecurity News
FBI Lifts the Lid on Notorious Scattered Spider Group
Security advisory details TTPs of prolific threat actors
The Hacker News
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
Beware of fake Python libraries! 27 malicious packages found on PyPI, disguised as legitimate ones.
Ars Technica
Ransomware group reports victim it breached to SEC regulators
Group tells SEC that the victim is in violation for not reporting it was hacked.
The Record
Russian analysts point finger at China, North Korea over cyber activity
Despite the countries' warm relationship, Russia is being targeted by North Korean and Chinese state hacking groups, a cybersecurity firm connected to Rostelecom claims.
The Record
Remcos, again: Ukrainian agencies targeted in a new spying campaign
In a recent campaign, the hacking group tracked as UAC-0050 attempted to spread the Remcos remote access tool, according to research by Ukraine's computer emergencies response team (CERT-UA).
Security Affairs
Zimbra zero-day exploited to steal government emails by 4 groups
Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day (CVE-2023-37580) to steal emails from governments.
CyberNews
US prison allegedly hit by ransomware attack
The Play ransomware gang claims to have successfully hit the maximum-security Donald W. Wyatt Detention Facility, located in the City of Central Falls, Rhode Island.
SecurityWeek
Biden Campaign Looking for CISO
The Biden for President campaign is looking for a cybersecurity chief to “define the organization's risk appetite” and run the IT operations.
The Hacker News
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
Zero-day flaw ( CVE-2023-37580) in Zimbra Collaboration email software was exploited by 4 groups, exposing email data and credentials.
SecurityWeek
Zimbra Zero-Day Exploited to Hack Government Emails
Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails.
SecurityWeek
State-Sponsored Online Spies Likely to Target Australian Submarine Program, Spy Agency Says
Australian submarines powered by U.S. nuclear technology is a likely target of state-sponsored hackers, the nation’s digital spy agency said.
CyberNews
MESVision attack exposes nearly 350K individuals
MESVision fell victim in MOVEit Trasnfer hack, exposing hundreds of thousands of victims.
Bleeping Computer
How DDoS attacks are taking down even the largest tech companies
DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets.
SecurityWeek
Bad Bots Account for 73% of Internet Traffic: Analysis
A new report estimates that 73% of all internet traffic currently (Q3, 2023) comprises bad bots and related fraud farm traffic.
Infosecurity News
Sandworm Linked to Attack on Danish Critical Infrastructure
A report described the coordinated attack, in which 22 critical infrastructure firms were targeted
The Hacker News
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
DarkCasino: From Zero-Day Exploit to APT Threat! Cybersecurity experts classify DarkCasino as a powerful APT group after exploiting a WinRAR flaw
The Hacker News
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.
The Record
Hackers target Greece, Tunisia, Moldova, Vietnam and Pakistan with Zimbra zero-day
The attacks targeting government agencies were carried out by four different groups throughout the summer, Google's Threat Analysis Group found.
The Record
MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC
Ransomware group AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission (SEC) for not informing the regulator of a cyberattack.
The Record
Customs and Border Protection acquired ‘huge amount of surveillance power’
LexisNexis Risk Solutions provided CBP with capabilities such as collecting geolocation data, monitoring social media accounts and tracking cell phone call histories for non-U.S. and U.S. residents alike, according to documents obtained by an advocacy group.
Bleeping Computer
Toronto Public Library confirms data stolen in ransomware attack
The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack.
CyberNews
Henry Schein data breach: banking details exposed
Henry Schein confirms an October data breach, claimed by APLHV/BlackCat ransom group, and reveals that customer bank account and credit card numbers were likely exposed.
The Hacker News
U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty
U.S. Government Dismantles Global IPStorm Botnet Network! From Windows to Linux, Mac, and Android, the botnet turned infected devices into proxies for
Cyber Security News
FBI Dismantled Notorious IPStorm Botnet Infrastructure
The FBI has achieved a remarkable feat in the fight against cybercrime, dismantling the infamous IPStorm botnet network.
SecurityWeek
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
The rise of AI-powered disinformation presents an immense challenge to society’s ability to discern fact from fiction.
SecurityWeek
State-Backed Hackers a Threat to Australia, Agency Warns
The Australian Signals Directorate singled out Russia and China as among the country's greatest cyber threats in its latest threat report.
CyberNews
Alien Illuminati Lizard stirs skepticism in its newly launched conspiracy test
Academics have launched an interactive game to promote critical thinking and debunk some of the most prominent conspiracy theories.
CyberNews
LockBit ransom gang behind mass exploitation of Citrix bug, researchers say
Security researchers are blaming a now-patched Citrix zero-day vulnerability for a recent spate of ransomware attacks said to be carried out by the LockBit gang.
The Record
NSA's Joyce: Israel faces 'enormous amount of cyber pressure' from Iran, hacktivists
Israel is experiencing direct cyber and misinformation attacks from a variety of adversaries as it battles Hamas, according to NSA’s Rob Joyce.
The Record
UK National Cyber Force operations to become ‘more embedded’ with policing
The elite U.K. hacking unit eventually will be more integrated into police operations, alongside military and intelligence ones, according to Gen. Sir Jim Hockenhull, the chief of Strategic Command.
The Record
Nearly two dozen Danish energy companies hacked through firewall bug in May
Denmark's critical infrastructure experienced the largest cyberattack in the country's history this spring, with 22 energy companies breached in just a few days, according to a new report from one of the country’s top cyber agencies.
Security Affairs
Danish critical infrastructure hit by the largest cyber attack in Denmark's history
Danish critical infrastructure was hit by the largest cyber attack on record that hit the country, according to Denmark's SektorCERT.
Infosecurity News
82% of Attacks Show Cyber-Criminals Targeting Telemetry Data
Sophos report based on 232 IR cases across 25 sectors from January 1 2022 to June 30 2023
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
Bleeping Computer
Meet the Unique New "Hacking" Group: AlphaLock
A Russian hacking group known as AlphaLock is launching a "pentest" marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group.
Cyber Security News
Ransomedvc to Shutdown Operations, Selling Out Infrastructure
Ransomed[.]vc, a notorious ransomware and data extortion group, has recently announced the end of its operations
SecurityWeek
Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide
CISA says Royal ransomware has targeted 350 organizations to date, demanding over $275 million in ransoms.
CyberNews
Pro-Hamas cybergang develops complex infection tactics with new downloader
A threat actor targeting West Asian governments now uses a labyrinthine infection chain based on delivering a new initial access downloader dubbed IronWind
CyberSecurity Dive
File-transfer services, rich with sensitive data, are under attack
This year has seen a trio of supply-chain attacks that created turmoil for thousands of corporate victims and their customers.
The Hacker News
New Campaign Targets Middle East Governments with IronWind Malware
Government entities in the Middle East are under attack by a new phishing campaign employing the IronWind downloader.
CyberNews
Denmark hit with largest cyberattack on record
Hackers potentially linked to Russia’s military intelligence carried out a series of highly coordinated cyberattacks on Danish energy infrastructure, a report says.
The Hacker News
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
Vietnamese hackers behind Ducktail malware launch a new campaign targeting Indian marketing pros.
The Record
Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers
Targets in Azerbaijan and Italy bore the brunt of the operation by the Kremlin-backed hackers of APT29, also known as Cozy Bear, according to Ukraine's National Cyber Security Coordination Center.
The Record
Cyber incident reports hit ‘all-time high,’ warns UK NCSC
The National Cyber Security Centre said that it received 2,005 voluntary reports over the past year, a 64% increase on last year’s figures. Nearly 400 of those were so serious that the agency's incident management team had to triage the response.
The Record
Cyberattack on North Carolina county allowed hackers to access data
A cyberattack on a North Carolina county has forced officials to call in the state’s national guard for assistance.
The Record
FBI takes down IPStorm malware botnet as hacker behind it pleads guilty
The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation.
Ars Technica
Nvidia introduces the H200, an AI-crunching monster GPU that may speed up ChatGPT
The H200 will likely power the next generation of AI chatbots and art generators.
Bleeping Computer
FBI: Royal ransomware asked 350 victims to pay $275 million
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.
Infosecurity News
Python Malware Poses DDoS Threat Via Docker API Misconfiguration
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks
Ars Technica
In a first, cryptographic keys protecting SSH connections stolen in new attack
An error as small as a single flipped memory bit is all it takes to expose a private key.
CyberSecurity Dive
Weeks after Boeing attack, ransomware group leaks allegedly stolen files
The company’s data was leaked two weeks after the prolific Russia-affiliated group, LockBit, claimed responsibility for the attack.
Infosecurity News
EU Formalizes Cybersecurity Support For Ukraine
Bloc signs working arrangement with war-torn country
CyberSecurity Dive
Dragos again targeted by ransomware group, this time from AlphV
The industrial cybersecurity specialist previously thwarted a shakedown attempt in May and says the current threat has not been substantiated.
Infosecurity News
Malaysian Police Dismantle “BulletProftLink” Phishing Operation
Several arrested and servers seized
The Hacker News
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations
Chinese nation-state hackers are targeting 24 Cambodian government organizations in a long-term espionage campaign.
The Record
Boeing investigating leaked data after LockBit allegedly publishes stolen info
Airplane maker Boeing said it is investigating data leaked by a prominent Russia-based ransomware gang that was allegedly stolen from the company.
The Record
Ransomware tracker: The latest figures [November 2023]
The number of ransomware attacks targeting educational institutions shot up to a record high in June, with ransomware gangs publicly claiming more than one attack against a school per day on average.
Bleeping Computer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Bleeping Computer
Police takes down BulletProftLink large-scale phishing provider
The notorious BulletProftLink phishing-as-a-service (PhaaS) platform that provided more than 300 phishing templates has been seized, the Royal Malaysian Police announced.
Cyber Security News
Hackers Exploit Microsoft Access Feature to Steal Windows User’s NTLM Tokens
Microsoft Access is a relational database management system which is developed by Microsoft that allows users to store and manage data.
Bleeping Computer
Microsoft: BlueNoroff hackers plan new crypto-theft attacks
Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn.
DarkReading
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank
Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.
Cyber Security News
Russian Threat Actor “farnetwork” Linked With 5 Ransomware Strains
Group-IB's Threat Intelligence team delved into the clandestine world of farnetwork, an elusive threat actor 5 strains of ransomware.
SecurityWeek
In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying
EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying.
CyberSecurity Dive
As Congress weighs budget priorities, top cyber execs urge CISA funding support
The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.
Cyber Security News
SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT
SideCopy, the Pakistani-based threat actor, has been using the WinRAR vulnerability (CVE-2023-38831) to target Indian government entities.
Cyber Security News
Watch Out For Malicious Python Packages That Can Hijack Your Computer
Attackers have been observed spreading malicious Python packages disguised as legitimate obfuscation tools that contain malicious code.
CyberNews
McLaren Health Care breach exposes medical data of 2.3M+ individuals
McLaren Health Care breach exposed millions of individuals' sensitive medical data.
CyberNews
1.3M impacted in the State of Maine data breach
The State of Maine data breach exposed over a million of its residents.
The Hacker News
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
Iranian hacker group Imperial Kitten launches cyberattacks on transportation, logistics, and tech sectors, including Israel.
Bleeping Computer
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.
CyberScoop
Cyber ops linked to Israel-Hamas conflict largely improvised, researchers say
Microsoft and Mandiant researchers believe Iranian hackers were not prepared for the initial Hamas attack.
The Hacker News
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
Microsoft exposes Lace Tempest's latest move: exploiting a zero-day flaw in SysAid IT support software.
Infosecurity News
New Kamran Spyware Targets Urdu-Speaking Users in Pakistan
ESET said the attack affects Android users accessing the Urdu version of the Hunza News website
CyberNews
Be careful what you scan: QR scams increase by 51%
Threat actors are using malicious QR codes to steal valuable data and money. Experts say it’s still difficult to detect and mitigate the threats spread by this method.
Bleeping Computer
Russian hackers switch to LOTL technique to cause power outage
Russian state hackers have evolved their methods for breaching industrial control systems by adopting living-off-the-land techniques that enable reaching the final stage of the attack quicker and with less resources
CyberSecurity Dive
Ransomware targeting casinos is on the rise, FBI warns
Threat actors have used phishing attacks and exploited vulnerabilities in third-party vendor remote access tools to target the casino gaming industry.
Infosecurity News
OpenAI Reveals ChatGPT Is Being DDoS-ed
OpenAI has admitted DDoS attacks are the cause of intermittent ChatGPT outages since November 8
Bleeping Computer
OpenAI confirms DDoS attacks behind ongoing ChatGPT outages
During the last 24 hours, OpenAI has been addressing what it describes as "periodic outages" linked to DDoS attacks affecting its API and ChatGPT services.
Infosecurity News
Russian APT Sandworm Disrupted Power in Ukraine Using OT Techniques
Sandworm conducted a disruptive cyber-attack targeting a Ukrainian critical infrastructure organization in late 2022
CyberScoop
Russian hackers disrupted Ukrainian electrical grid last year
The notorious Russian hacking group known as Sandworm took down a substation that caused a brief outage, according to a new Mandiant report.
Cyber Security News
Google Calendar RAT Abusing Calendar Events to Create Red Teaming Infrastructure
Google Calendar RAT is a proof of concept for Command & Control . It's useful when setting up a full red teaming infrastructure.
The Record
Ukraine energy facility took unique Sandworm hit on day of missile strikes, report says
Researchers from Mandiant reported on an October 2022 incident involving Russian nation-state hackers that included multiple rare or previously unseen elements.
The Record
Iranian Charming Kitten hackers targeted Israeli organizations in October
The Iranian hacking group targeted organizations in Israel’s transportation, logistics and technology sectors amid an uptick in Iranian cyber activity since the start of Israel’s war with Hamas.
The Record
Biden AI order could lead to reforms in how federal agencies work with data brokers
A little-noticed provision of the Biden administration’s recently issued executive order on artificial intelligence could lead to important reforms of the federal government’s data collection practices, experts say.
Bleeping Computer
Signal tests usernames that keep your phone number private
Signal is now testing public usernames that allow users to conceal the phone numbers linked to their accounts while communicating with others.
CSO
Generative AI to fuel stronger phishing campaigns, information operations at scale in 2024
Google Cloud forecasts continued use of gen AI to create smarter campaigns while cybersecurity pros will use the same tools to defend and close the skills gap.
Ars Technica
Highly invasive backdoor snuck into open source packages targets developers
Packages downloaded thousands of times targeted people working on sensitive projects.
Bleeping Computer
Russian state-owned Sberbank hit by 1 million RPS DDoS attack
Russian financial organization Sberbank states in a press release that two weeks ago it faced the most powerful distributed denial of service (DDoS) attack in recent history.
Infosecurity News
Predator AI ChatGPT Integration Poses Risk to Cloud Services
This integration reduces reliance on OpenAI’s API while streamlining the tool’s functionality
The Hacker News
Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI
Python developers, watch out! Malicious Python packages sneak onto PyPI to steal sensitive data.
CyberNews
Despite pledges not to pay, ransoms are here to stay
Cybernews asked more than 30 experts from various fields if they’d be willing to pay a ransom in the event of a cybersecurity breach.
CyberSecurity Dive
CitrixBleed sparks race to patch, hunt for malicious activity
CISA urged organizations to patch, mitigate and report any positive findings as Citrix NetScaler ADC and NetScaler Gateway users remain exposed to session hijack.
Bleeping Computer
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs
The operator of the Nokoyawa ransomware-as-a-service (RaaS), a threat actor known as 'farnetwork', built experience over the years by helping the JSWORM, Nefilim, Karma, and Nemty affiliate programs with malware development and operation management.
Infosecurity News
Threat Actor Farnetwork Linked to Five Ransomware Schemes
Group-IB lifts the lid on prolific cyber-criminal
The Hacker News
Experts Expose Farnetwork's Ransomware-as-a-Service Business Model
Cybersecurity experts unmask 'farnetwork', a Russian-speaking cybercriminal linked to 5 different ransomware-as-a-service (RaaS) programs.
The Record
Russian ‘influence-for-hire’ firms spread propaganda in Latin America: US State Department
The U.S. government has uncovered an ongoing Russia-funded disinformation campaign across Latin America aimed at undermining support for Ukraine and discrediting the U.S. and NATO.
Bleeping Computer
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
CyberNews
Russia teaching students to hack infrastructure, Ukraine says
Students in Russia are now taught to launch cyberattacks against Ukrainian and Western infrastructure, according to Ukraine’s intelligence.
The Hacker News
N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware
BlueNoroff, linked to North Korea's Lazarus Group, is behind a new macOS malware called ObjCShellz.
The Hacker News
New GootLoader Malware Variant Evades Detection and Spreads Rapidly
A variant of GootLoader, known as GootBot, is enabling hackers to sneak past defenses, spreading rapidly through networks.
The Hacker News
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities
Pakistani threat actor SideCopy exploiting recent WinRAR vulnerability in attacks on Indian government entities.
The Hacker News
Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
Ransomware groups are actively exploiting critical flaws in Atlassian Confluence & Apache ActiveMQ.
The Record
North Korean ‘BlueNoroff’ group targeting financial institutions with macOS malware
BlueNoroff is believed to be affiliated with the notorious Lazarus hacking group and has targeted cryptocurrency exchanges, venture capital firms and banks with malware.
Bleeping Computer
Veeam warns of critical bugs in Veeam ONE monitoring platform
Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical.
DarkReading
Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks
Previously limited to initial access brokering, the Gootloader group has pivoted to a nasty post-compromise "GootBot" attack, each implant with its own C2.
Latest Hacking News
Discord Adopts Temporary CDN Links To Prevent Malware
After inadvertently becoming the vector to spread malware several times, Discord has devised a strategy to prevent it. Reportedly, Discord now switches to temporary CDN links for all files, preventing abuse of its network. Discord To
DarkReading
US Sanctions Ryuk Ransomware’s Russian Money Launderer
Woman is accused of assisting Russian oligarchs and ransomware affiliates with schemes to evade sanctions.
Infosecurity News
Russian National Sanctioned For Virtual Currency Money Laundering
Zhdanova reportedly utilized cash, international money laundering associates and businesses fronts
Cyber Security News
4,076,530 Systems Hacked Using Gaming-related Cyber Attacks
As the gaming industry grows in income and player base, cybercriminals find it an attractive target. Anticipated and already well-known games are frequently utilized as a lure in malicious campaigns.
Cyber Security News
Okta Employee's Use of Personal Google Account Leads to Security Breach
A threat actor obtained unauthorized access to files connected to 134 Okta customers, or less than 1% of Okta customers.
The Hacker News
Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors
Iranian-linked Agonizing Serpens APT group using novel wiper malware and tactics to target Israeli education and tech sectors.