Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say
The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked "Cyber Av3ngers" hackers
Bleeping Computer
US Health Dept urges hospitals to patch critical Citrix Bleed bug
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.
The Hacker News
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.
A mysterious malware called Agent Racoon is infiltrating organizations in the Middle East, Africa, and the U.S.
Security Affairs
Fortune-telling website WeMystic exposes 13M+ user records
WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data.
HACKRead
Particle Network's Intent-Centric Approach Aims to Simplify and Secure Web3
Discover Particle Network’s Web3 evolution! From a Wallet-as-a-Service tool to the Intent-Centric Modular Access Layer, explore the platform’s commitment to empowering developers and enhancing user experiences.
CSO
Is China waging a cyber war with Taiwan?
Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports.
HACKRead
Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm
The targets included the Equipment used by the Municipal Water Authority of Aliquippa, Pennsylvania and Brewmation, a New York-based company specializing in turnkey brewing and distilling equipment.
Bleeping Computer
Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.
Bleeping Computer
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th.
SecurityWeek
Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere
Members of Congress asked the DoJ to investigate how hackers breached the Municipal Water Authority of Aliquippa in Pennsylvania.
PCMag
Is the NSA Buying Data on Americans? Senator Wants Answers From Spy Agency
Senator Ron Wyden is vowing to block the nomination of a new NSA leader until the intelligence agency comes clean on the matter.
SecurityWeek
Staples Confirms ‘Cybersecurity Risk’ Disrupting Online Stores
Office supply retail giant confirms security incident disrupted online orders, communications channels and customer service lines.
Security Affairs
US govt sanctioned North Korea-linked APT Kimsuky
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against North Korea-linked APT group Kimsuky.
Cyber Security News
New Android Malware FjordPhantom Spreads Covertly Via Email, SMS, & Messaging Apps
In the ever-evolving realm of cybersecurity, Promon, a trailblazer in mobile security solutions, has brought a novel adversary—FjordPhantom.
The Cyber Wire
Ukraine at D+685: Influence operations in a winter war.
Russian disinformation seeks to reach anglophone audiences, and makes some claims that would be too far-fetched to get past a science-fiction editor.
Security Affairs
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million.
Cyber Security News
Black Basta Ransomware Received Over $100 Million From Victims
Black Basta, a ransomware strain with more than 329 victims has been reported to have made more than $100 million in ransom payments.
SecurityWeek
US Sanctions North Korean Cyberespionage Group Kimsuky
The US has announced sanctions against North Korean cyberespionage group Kimsuky over its intelligence gathering activities.
The Hacker News
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
Gcore's customer faced two massive DDoS attacks peaking at 1.1 and 1.6 Tbps. Discover the attacker's strategies and how Gcore defended against them.
The Hacker News
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
OFAC sanctions North Korea-linked group Kimsuky and 8 agents for supporting WMD programs.
The Hacker News
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Zyxel released patches for 15 security issues in NAS, firewall, and AP devices. Includes 3 critical flaws allowing authentication bypass and comman
CSO
Conti-linked ransomware takes in $107 million in ransoms: Report
A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks.
The Record
60 credit unions facing outages due to ransomware attack on popular tech provider
The ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.
The Record
Ukraine appoints new cyber chief following ouster of top officials
The Ukrainian government has appointed Yury Myronenko, a decorated serviceman and air defense commander, as head of one of its main cybersecurity agencies amid a corruption probe.
The Record
XDSpy hackers attack military-industrial companies in Russia
A cyberespionage group known as XDSpy recently targeted Russian military-industrial enterprises, according to new research.
The Record
US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch
The U.S. partnered with several nations in the Pacific to hand down sanctions on North Korea — particularly the country’s Kimsuky cyber espionage group — after the country launched a surveillance satellite last week.
Trend Micro
Opening Critical Infrastructure: The Current State of Open RAN Security
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
Bleeping Computer
US govt sanctions North Korea’s Kimsuky hacking group
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals.
SC Magazine
Zoom flaw enabled hijacking of accounts with access to meetings, team chat
Ethical hackers at AppOmni claimed a $5,000 bug bounty for discovering the Zoom Rooms vulnerability, disclosed at a conference last summer.
Security Affairs
Critical Zoom Room bug allowed to gain access to Zoom Tenants
A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data.
HACKRead
Android Banking Malware FjordPhantom Steals Funds Via Virtualization
Currently, the FjordPhantom malware appears to be active in Southeast Asia, covering countries including Malaysia, Thailand, Indonesia, Singapore, and Vietnam.
PCMag
Staples Hit by Cyberattack, Temporarily Halts Online Order Processing
The incident disrupts Staples' customer service and the company's ability to fulfill online orders.
Bleeping Computer
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks.
Bleeping Computer
Staples confirms cyberattack behind service outages, delivery issues
American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data.
Ars Technica
ChatGPT is one year old. Here’s how it changed the tech world.
Examining 365 days with OpenAI's bot: The good, the bad, the ugly—and the productive?
SecurityWeek
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices
Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks.
Cyber Security News
SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data
Law enforcement executed decisive seizure orders against SSNDOB Marketplace's domain names, extinguishing its malevolent presence.
CyberNews
Hacktivism and its impacts on mental health
Hacktivism and its lesser-known impacts on mental health
Infosecurity News
Manufacturing Top Targeted Industry in Record-Breaking Cyber Extortion
Orange Cyberdefense’s Security Navigator listed the manufacturing sector as number one for both detected cyber incidents and confirmed cyber-attacks
Bleeping Computer
FjordPhantom Android malware uses virtualization to evade detection
A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection.
SecurityWeek
Black Basta Ransomware Group Received Over $100 Million From 90 Victims
The Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments.
Cyber Security News
Is Your Online Store Hacked in a Carding Attack? Here's an Action Plan to Protect
Carding attacks primarily target information embedded in payment cards, such as credit or debit cards,The attackers, known as carders.
SecurityWeek
US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers
US Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus.
The Cyber Wire
Ukraine at D+684: A hacktivist auxiliary is actively recruiting.
NATO conducts its annual cyber exercise against a background of hybrid war, heightened cyber espionage, and increased activity on the part of hacktivist auxiliaries.
CyberNews
Fortune-telling website exposes 13M+ user records
WeMystic data leak expose platform's users.
The Hacker News
This Free Solution Provides Essential Third-Party Risk Management for SaaS
Wing Security offers FREE third-party risk assessment for SaaS, enhancing cybersecurity in the digital era. Learn more in this article.
The Hacker News
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
A CACTUS ransomware campaign has been observed exploiting vulnerabilities in the Qlik Sense cloud analytics and business intelligence platform.
CyberNews
Russia-linked Black Basta ransomware has extorted at least $100 million
Black Basta, which is believed to be a faction of the notorious Russian Conti ransomware gang, has raked in at least $107 million in ransom payments.
Infosecurity News
Okta Admits All Customer Support Users Impacted by Breach
Exposure is limited to names and emails for most
The Cyber Express
NoEscape Ransomware Group Strikes Again, Claims Science History Institute Data Breach
NoEscape ransomware group has listed Science History Institute on its dark web portal. Science History Institute shares stories of significant
CyberNews
Crypto Mixer Sinbad hit with OFAC sanctions for helping DPRK hackers
Sinbad operated on the Bitcoin blockchain and was a preferred mixing service for North Korea’s threat actors.
The Cyber Express
US Treasury Sanctions Sinbad.io for Alleged Role in Lazarus Group’s Money Laundering
In a significant move to combat cyber-enabled criminal activities, the U.S. Department of the Treasury's Office of Foreign Assets Control
The Hacker News
U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers
The U.S. Treasury Department has imposed sanctions against a virtual currency mixer called Sinbad.
Security Affairs
Rhysida ransomware group hacked King Edward VII’s Hospital
The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London.....................
The Record
Suspected China-based hackers target Uzbekistan gov’t, South Koreans, Cisco says
Hackers believed to be based in China are targeting the Uzbekistan Ministry of Foreign Affairs, as well as people in South Korea, with a strain of malware called SugarGh0st, according to a new report.
The Record
Russian region launches chatbot to report ‘extremist’ neighbors
Named “The Agent is Writing,” the chatbot is available on Telegram. It was created by the anti-terrorism commission in Primorsky Krai, located in Russia's far east.
Bleeping Computer
Dollar Tree hit by third-party data breach impacting 2 million people
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies.
Bleeping Computer
Dollar Tree hit by third-party data breach impacting 2 million customers
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 customers after the hack of service provider Zeroed-In Technologies.
SC Magazine
Critical ownCloud bug ‘actively exploited’ after disclosure
No confirmed hacking incidents tied to the ownCloud vulnerability has highest severity CVSS score of 10, publicly disclosed Nov. 21.
HACKRead
Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data
The Zoom vulnerability was originally discovered in June 2023. Despite the discovery being made earlier, the details were only publicly disclosed on November 28, 2023.
HACKRead
US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group
According to the US government, Sinbad.io provided its services to the Lazarus group to launder money stolen from numerous data breaches, including those affecting Horizon Bridge, Axie Infinity, and Atomic Wallet.
Bleeping Computer
Black Basta ransomware made over $100 million from extortion
Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic.
Bleeping Computer
Hackers breach US water facility via exposed Unitronics PLCs
CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online.
HACKRead
Cybercriminals Exploit ActiveMQ Flaw to Spread GoTitan Botnet, PrCtrl Rat
The recently discovered GoTitan botnet is built on the Golang programming language, whereas PrCtrl Rat is a .NET program.
Infosecurity News
GoTitan Botnet and PrCtrl RAT Exploit Apache Vulnerability
Fortiguard Labs identified multiple threat actors leveraging CVE-2023-46604, despite patches
Bleeping Computer
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group.
Ars Technica
Report: Apple and Goldman Sachs are breaking up over money-losing Apple Card
Goldman Sachs has lost billions of dollars on its consumer-focused businesses.
Infosecurity News
DeleFriend Weakness Puts Google Workspace Security at Risk
Hunters’ Team Axon said the flaw could lead to the unauthorized access of emails in Gmail and more
PCMag
Okta: October Breach Actually Affected All Customer Support Users
The breach was originally believed to have only hit 134 corporate clients, but Okta now says it involved the 'names and email addresses of all Okta customer support system users.'
CyberNews
Digital wallets and the rise of the identity trojan
Identity trojans in the age of digital wallets and decentralized identity
Bleeping Computer
How Continuous Pen Testing Protects Web Apps from Emerging Threats
The nature and ubiquity of modern web apps make them rife for targeting by hackers. Learn more from Outpost24 about the value of continuous monitoring to secure modern web apps.
CyberNews
Okta breach impacts all of its customers
Okta data breach impacted all of its users.
SecurityWeek
Okta Broadens Scope of Data Breach: All Customer Support Users Affected
Okta expands scope of October breach, saying hackers stole names and email addresses of all its customer support system users.
Cyber Security News
GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ.
The Cyber Wire
Ukraine at D+683: Disinformation operations.
Russian leaders advance an expansive and ethnocentric narrative of the Russian world to justify Russian expansion.
Cyber Security News
Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums for cyberattacks.
Cyber Security News
Vigil: Open-source Security Scanner for LLM Models Like ChatGPT
To analyze the LLM model like ChatGPT open-source, introduced the ‘Vigil’ is a Python module and REST API for security scanner.
CyberNews
Texas water utility claimed by ransom gang
Supplier to nearly two million residents of the Lone Star state has been claimed as a victim by the ransomware gang Daixin.
SecurityWeek
CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack
After hackers compromised ICS at a US water utility, CISA issued a warning over the exploitation of the targeted Unitronics PLC.
CyberNews
China's ride-hailing giant Didi offers coupons to apologize for app glitch
China's Didi Global is offering millions of its customers coupons worth 10 yuan ($1.40) as part of an apology for a glitch that hit its ride-hailing app this week.
The Cyber Express
General Electric Data Breach: Hacker Claims Sale of Leaked GE Information
The notorious hacker, operating under the alias IntelBroker, has purportedly claimed to have successfully sold a collection of allegedly stolen
SecurityWeek
Five Cybersecurity Predictions for 2024
Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape.
Security Affairs
Okta reveals additional attackers' activities in October 2023 Breach
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach.
CyberSecurity Dive
For financial services firms, a pattern of malicious cyber activity is emerging
The suspected ransomware attack against Fidelity National Financial marks the latest in a series of incidents, leading regulators to take additional enforcement actions.
The Hacker News
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn
A new report reveals an ongoing Android malware campaign targeting Iranian banks with over 200 malicious apps.
The Cyber Express
Play Ransomware Group Lists 17 Victims, 14 US-Based Companies Named
Infamous Play ransomware group has extended its list of victims by adding 17 new names of companies based in the
Latest Hacking News
Google Workspace Design Flaw Allows Unauthorized Access
Researchers publicly disclosed a design flaw affecting Google Workspace that allows unauthorized access. While they responsibly disclosed the vulnerability to Google, the bug remained unpatched until public disclosure. The researchers urge the users to implement
Security Affairs
Thousands of secrets lurk in app images on Docker Hub
Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications.
Computerworld
How to go incognito in Chrome, Edge, Firefox, and Safari
While incognito mode in any of the big four web browsers offers a measure of privacy, it doesn’t completely hide your tracks online. Here’s how the feature works in each browser, and how to use it.
CSO
FBI probes into Pennsylvanian water utility hack by pro-Iran group
Federal and state investigations are underway for the recent pro-Iran hack into a Pennsylvania-based water utility targeting Israel-made equipment.
The Cyber Express
LockBit Ransomware Group Claims Cyberattack on India’s National Aerospace Laboratories
India's National Aerospace Laboratories (NAL) faces a serious threat as the notorious LockBit ransomware group has claimed responsibility for a
The Hacker News
Okta Discloses Broader Impact Linked to October 2023 Support System Breach
Okta detected additional malicious activity tied to the October 2023 breach. Names and emails of support system users were compromised.
The Hacker News
DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software
Beware of Xaro! This DJVU ransomware variant spreads through cracked software, endangering users who download from untrusted sources.
The Hacker News
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
🚨 Apache ActiveMQ's CVE-2023-46604 vulnerability is under active exploitation by threat actors, leading to the distribution of a new Go-based botnet
CyberNews
Pennsylvania water facility hit by Iranian hackers
A CISA cybersecurity warning says the Iranian hacker group targeting water and energy facilities in Israel, attacked two townships in Pennsylvania over the weekend.
CyberScoop
Pennsylvania water facility hit by Iran-linked hackers
An anti-Israel hacking group with links to Iran forced a water facility in Pennsylvania to go into manual operations.
Krebs on Security
Okta: Breach Affected All Customer Support Users
When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of…
The Record
US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers
Officials said the Sinbad.io mixer has been used by North Korea’s Lazarus Group to process millions of dollars’ worth of virtual currency stolen during attacks over the last two years.
The Record
Google network displayed ads on sanctioned websites, report shows
The Google Search Partners network showed ads from corporations and government agencies on sites belonging to sanctioned Iranian and Russian entities, according to a report from Adalytics.
Bleeping Computer
Qilin ransomware claims attack on automotive giant Yanfeng
The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors (Yanfeng), one of the world's largest automotive parts suppliers.
Bleeping Computer
DP World confirms data stolen in cyberattack, no ransomware used
International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. However, no ransomware payloads or encryption was used in the attack.
Cyber Security News
Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover - Hunters
BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 – A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. This kind of attack might compromise […]
Bleeping Computer
Hackers start exploiting critical ownCloud flaw, patch now
Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments.
SecurityWeek
Police Dismantle Major Ukrainian Ransomware Operation
Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader.
Latest Hacking News
Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters
BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw in Google Workspace's domain-wide delegation feature discovered by threat hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing
SecurityWeek
Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets
AWS announces Amazon One Enterprise, a palm-based identity service that enables users to easily access physical locations and digital assets.
CyberNews
Thousands of secrets lurk in app images on Docker Hub
The Docker Hub store has at least 5,493 container images that contain secrets and could be considered as exposing sensitive information.
PCMag
Amazon Wants Businesses to Ditch ID Cards and Install Palm Scanners
Amazon One Enterprise replaces employee ID cards, badges, fobs, and passwords.
The Hacker News
Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
Researchers reveal a critical design flaw in Google Workspace, dubbed "DeleFriend," that could allow attackers to steal emails, exfiltrate data.
Security Affairs
Daixin Team group claimed the hack of North Texas Municipal Water District
The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data.
The Cyber Wire
Ukraine at D+682: OSINT on morale, and a coming hacktivist shakeup.
Storms impede ground operations. Smartphones as intelligence sources (and as a security problem). Notes on hacktivist auxiliaries, both Russian and Ukrainian.
The Hacker News
How Hackers Phish for Your Users' Credentials and Sell Them
Did you know that a single stolen credential can jeopardize your entire network? Protect your organization against sophisticated phishing attacks. Lea
CyberNews
Police bust ransomware ring behind attacks in 71 countries
Ransomware gang targeting victims in 71 countries busted in Ukraine.
Bleeping Computer
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
CyberNews
Meta's paid ad-free service targeted in Austrian privacy complaint
Meta’ paid no-ads subscription service launched in Europe this month faces a test as advocacy group NOYB on Tuesday filed a complaint with an Austrian regulator.
CyberNews
North American auto supplier Yanfeng claimed by Qilin ransom group
The ransomware attack on Yanfeng – a North American auto parts supplier for GM and Stellantis' Jeep, Dodge, and Ram in North America is claimed by the Qilin ransom gang.
Krebs on Security
ID Theft Service Resold Access to USInfoSearch Data
One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned.
The Record
North Texas water utility serving 2 million hit with cyberattack
A water utility serving two million people in North Texas is dealing with a cybersecurity incident that caused operational issues.
Ars Technica
Amazon’s $195 thin clients are repurposed Fire TV Cubes
Amazon Workspaces Thin Client is a Fire TV Cube with different software.
Latest Hacking News
Multiple Vulnerabilities Found In ownCloud File Sharing App
Numerous security vulnerabilities riddled the privacy of ownCloud users that the vendor patched recently. Exploiting these vulnerabilities could expose users’ passwords to potential adversaries. ownCloud Vulnerabilities Risked User Accounts According to the recent advisories, ownCloud addressed three
Security Affairs
Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia
Ukraine's intelligence service announced the hack of the Russian Federal Air Transport Agency, 'Rosaviatsia.'
Bleeping Computer
Ukraine says it hacked Russian aviation agency, leaks data
Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector.
Security Affairs
Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania
Threat actors breached the Municipal Water Authority of Aliquippa in Pennsylvania and took control of a booster station
Bleeping Computer
Google Drive users angry over losing months of stored data
Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.
SecurityWeek
Fidelity National Financial Takes Down Systems Following Cyberattack
Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack.
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
SecurityWeek
Hackers Hijack Industrial Control System at US Water Utility
Municipal Water Authority of Aliquippa confirms that hackers took control of a booster station, but says no risk to water supply.
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
CyberSecurity Dive
Fidelity National Financial investigating cyberattack that led to service disruption
AlphV/BlackCat claimed responsibility for the attack on the title insurance giant, which is trying to determine whether the attack will have a material impact.
CSO
GE investigates alleged data breach into confidential projects: Report
General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker.
Security Affairs
The hack of MSP provider CTS potentially impacted hundreds of UK law firms
The cyber attack that hit the managed service provider (MSP) CTS potentially impacted hundreds in the United Kingdom.
.webp)
Cyber Security News
IBM QRadar SIEM Bug Let Remote Attacker Trigger DoS
Multiple vulnerabilities have been found in IBM QRadar Wincollect which were associated with Denial of service that could allow a threat.
The Record
Second top Ukrainian cyber official arrested amid corruption probe
Viktor Zhora, the ex-deputy head of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP), is accused of facilitating a corruption scheme involving the procurement of software.
The Record
Ukraine claims cyber operation against Russian aviation agency
Ukraine's defense intelligence directorate reported that it had completed a “complex special operation in cyberspace” against Rosaviatsia, which oversees Russian civil aviation.
The Record
Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group
A water authority in Pennsylvania reportedly suffered a cyberattack, prompting officials to reassure people in the area that drinking water has not been affected by the incident.
The Record
Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial
The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
General Electric investigates claims of cyber attack, data theft
General Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data.
Security Affairs
Rhysida ransomware gang claimed China Energy hack
The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
The Hacker News
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
A new web shell called HrServ is part of a suspected APT attack in Afghanistan. HrServ can erase tracks and execute code in memory.
Security Affairs
Microsoft launched its new Microsoft Defender Bounty Program
Microsoft announced this week it will pay up to $20,000 for security vulnerabilities in its Defender products.
Bleeping Computer
Critical bug in ownCloud file sharing app exposes admin passwords
Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
Bleeping Computer
Cyberattack on IT provider CTS impacts dozens of UK law firms
A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday.
The Hacker News
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
Beware of Telekopye: The malicious Telegram bot used by the "Neanderthals" for large-scale phishing scams. It crafts phishing websites and emails.
Security Affairs
Exposed Kubernetes secrets can fuel supply chain attacks
Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations.
Infosecurity News
Cyber-Attack Disrupts UK Property Deals
A legal sector specialist infrastructure service provider has experienced a service outage that is impacting up to 200 conveyancing firms across the UK
SecurityWeek
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.
The Hacker News
Tell Me Your Secrets Without Telling Me Your Secrets
GitGuardian launches "HasMySecretLeaked" service to help developers check if their sensitive information has been exposed on GitHub.
Cyber Security News
APT Groups Using HrServ Web Shell to Hack Windows Systems
A HrServ web shell is a malicious script or program that enables remote administration of a server, allowing unauthorized access and control.
The Record
Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS
The managed service provider CTS confirmed it had experienced a "cyber-incident." At least one report said the CitrixBleed bug was involved.
The Record
North Korean supply chain attacks prompt joint warning from Seoul and London
The alert came as the two governments announced a new strategic cyber partnership “to disrupt and deter DPRK malicious cyber capabilities and activities that contribute to its WMD programs.”
The Record
Canada’s privacy watchdog investigating hack affecting military and RCMP personnel
Two contractors that provide relocation services for personnel informed the Canadian government of the breach in October.
The Record
Sacked Ukrainian cyber chief released on bail amid corruption probe
Ukraine's former cybersecurity chief was released from detention on Friday on $700,000 bail, according to Ukraine’s anti-corruption non-profit.
The Record
How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall
A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.
Bleeping Computer
Black Friday 2023: Get 25% off the Zero2Automated malware analysis course
The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
The Hacker News
6 Steps to Accelerate Cybersecurity Incident Response
Effective Incident Response is more than just tools. It's a process. Explore the 6-step framework for successful IR.
The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
CyberNews
Ingo Money claimed by Inc ransomware
Ingo Money suspected to have suffered a ransomware attack.
Infosecurity News
US Seizes $9m From Pig Butchering Scammers
Crypto funds are traced back to dozens of victims
Computerworld
What is Contact Key Verification and how is it used?
Apple’s iMessage will soon offer a new secure identity verification system enterprise professionals might want to use: Contact Key Verification.
CyberNews
DDoS has evolved in 2023: longer, more frequent, and more sophisticated
Novel approaches allow cyberattackers to bypass geoblocking defenses, flooding servers more frequently and for longer.
Cyber Security News
Bug Hunter GPT - AI Assistant that Replies for Hacking Questions
A 23-year-old hacker and CS student, Paolo Arnolfo (@sw33tLie) recently introduced "Bug Hunter GPT," an AI assistant.
CyberNews
FEAM Aero reportedly hit by ransomware
Feam Aero, the global aircraft maintenance and technical services company, has been claimed by the LockBit ransomware gang.
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Ars Technica
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet
Internet scans show 7,000 devices may be vulnerable. The true number could be higher.
PCMag
5 Black Friday Scams to Watch Out For
The scammers are ready. Are you? Keep your personal information, your bank account, and your packages safe this Black Friday with a few simple steps.
Bleeping Computer
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
Bleeping Computer
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
DarkReading
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Bleeping Computer
Open-source Blender project battling DDoS attacks since Saturday
Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday.
CyberScoop
Researchers want more detail on industrial control system alerts
A vulnerability in an industrial control system exploited by a state-backed hacking group illustrate problems in how vendors share data.
SecurityWeek
Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’
Kansas court system said it would take several weeks to return to normal operations after a disruptive ransomware attack hit its systems.
The Hacker News
AI Solutions Are the New Shadow IT
AI Solutions Are the New Shadow IT - Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks
Cyber Security News
Microsoft Defender Bounty Program: Rewards up to $20,000 USD
Microsoft introduced the Defender Bounty Program to enhance the security of customers' experience with rewards to researchers up to USD 20,000.
Security Affairs
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.
Infosecurity News
Microsoft Launches Defender Bug Bounty Program
Ethical hackers could win cash prizes of up to $20,000
Latest Hacking News
Canada Government Admits Data Breach Impacting Public Employees
The Government of Canada recently admitted suffering a security breach that impacted data of current and former public employees. The incident even affected the staff from the Royal Canadian Mounted Police and Canadian Armed Forces. Canada
CyberNews
Law enforcement seizes $9M in crypto stolen during romance scams
Nearly $9 million worth of Tether was seized from a cyber scam network that exploited victims through romance and cryptocurrency confidence scams.
Ars Technica
USB worm unleashed by Russian state hackers spreads worldwide
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
The Record
Federal agencies investigating data breach at nuclear research lab
Idaho National Laboratory, a prominent nuclear research lab within the U.S. Department of Energy, is investigating the breach after a hacktivist group claimed to infiltrate its systems.
Trend Micro
Packet Reflection Threats in Private 5G Networks
Dive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external networks.
The Record
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
CyberNews
OpenAI board, Altman in talks for return of former CEO
Sam Altman and OpenAI's board have opened up discussions to bring back the former CEO and founder of the AI startup, while investors seek legal action.
Bleeping Computer
Microsoft launches Defender Bounty Program with $20,000 rewards
Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000.
Bleeping Computer
Auto parts giant AutoZone warns of MOVEit data breach
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks.
Bleeping Computer
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
Bleeping Computer
Citrix warns admins to kill NetScaler user sessions to block hackers
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.
Infosecurity News
Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities
Fortinet researchers have detected a malicious Word document displaying Russian text
.webp)
Cyber Security News
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Rhysida, a new ransomware group, hit its first victim in May 2023. They use their ransomware, offered as RaaS (Ransomware-as-a-Service), with at least 50 global victims listed on their website.
Cyber Security News
CISA Releases Cyber Attack Mitigation for Healthcare Organizations
CISA has released a Cyber Attack Mitigation Guide specifically tailored for the Healthcare and Public Health (HPH) Sector.
Ars Technica
95% of OpenAI employees have threatened to quit in standoff with board
OpenAI's future hangs in the balance as staff says they'll join former CEO at Microsoft.
Cyber Security News
LummaC2 Employs Trigonometry to Track Mouse Movements
MaaS (Malware-as-a-Service) thrives as a top choice for new cyber threats, offering easy access to powerful tools. Threat actors primarily focus on information theft under Maas, specializing in stealing and leaking sensitive data from hacked devices.
The Hacker News
Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.
SecurityWeek
CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities
New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support.
Bleeping Computer
Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN
Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th.