Security Affairs
Daixin Team group claimed the hack of North Texas Municipal Water District
The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data.
The Hacker News
Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
A coordinated effort led to the arrest of key figures in Ukraine linked to various ransomware attacks, involving LockerGoga, MegaCortex, and Dharma.
Bleeping Computer
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
Cyber Security News
CISA & NCSC Discloses Guidelines for Secure AI System Development
New security flaws in AI systems must be taken into account in addition to the usual cyber security risks,security is frequently neglected.
The Record
High-profile ransomware gang suspects arrested in Ukraine
The international operation, centered on Kyiv, essentially neutralized a group known for deploying variants of LockerGoga, MegaCortex, Hive and Dharma ransomware, authorities said.
Bleeping Computer
Healthcare giant Henry Schein hit twice by BlackCat ransomware
American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October.
The Hacker News
How to Handle Retail SaaS Security on Cyber Monday
Cyber Monday Alert: $13.7 billion in spending today! Retailers, safeguard your SaaS apps to protect customer data.
Bleeping Computer
Ardent hospital ERs disrupted in 6 states after ransomware attack
Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.
Bleeping Computer
Slovenia's largest power provider HSE hit by ransomware attack
Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production.
The Hacker News
U.S., U.K., and Global Partners Release Secure AI System Development Guidelines
U.K., U.S., and 16 other international partners have released new guidelines for the development of secure artificial intelligence (AI) systems.
SecurityWeek
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons
The U.S. military is increasing use of artificial intelligence (AI) technology that will fundamentally alter the nature of war.
The Record
AI systems ‘subject to new types of vulnerabilities,’ British and US cyber agencies warn
British and U.S. cybersecurity authorities published guidance on Monday about how to develop artificial intelligence systems in a way that will minimize the risks they face from mischief-makers through to state-sponsored hackers.
The Record
Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group
A water authority in Pennsylvania reportedly suffered a cyberattack, prompting officials to reassure people in the area that drinking water has not been affected by the incident.
The Record
Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial
The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.
The Record
Second top Ukrainian cyber official arrested amid corruption probe
Viktor Zhora, the ex-deputy head of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP), is accused of facilitating a corruption scheme involving the procurement of software.
The Record
Multiple hospitals divert ambulances after ransomware attack on parent company
Ardent Health Services confirmed that it was responding to an incident. Hospitals in Texas, Idaho, Oklahoma, New Mexico and New Jersey reported problems over several days.
The Record
North Korean supply chain attacks prompt joint warning from Seoul and London
The alert came as the two governments announced a new strategic cyber partnership “to disrupt and deter DPRK malicious cyber capabilities and activities that contribute to its WMD programs.”
The Record
Sacked Ukrainian cyber chief released on bail amid corruption probe
Ukraine's former cybersecurity chief was released from detention on Friday on $700,000 bail, according to Ukraine’s anti-corruption non-profit.
The Record
Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS
The managed service provider CTS confirmed it had experienced a "cyber-incident." At least one report said the CitrixBleed bug was involved.
Security Affairs
Welltok data breach impacted 8.5 million patients in the U.S.
Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S.
SecurityWeek
Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK
Broadcom has cleared all regulatory hurdles and will complete its $69 billion acquisition of cloud technology company VMware.
Security Affairs
Automotive parts giant AutoZone disclosed data breach after MOVEit hack
American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack
The Hacker News
North Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
North Korean hackers, aka Diamond Sleet, spread a trojanized version of CyberLink's legit app.
The Record
Kansas Supreme Court: Hackers stole records, confidential files in October attack
Hackers who attacked the Kansas court system last month stole records and confidential files, according to the state's Supreme Court.
Bleeping Computer
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
CyberScoop
Researchers want more detail on industrial control system alerts
A vulnerability in an industrial control system exploited by a state-backed hacking group illustrate problems in how vendors share data.
Security Affairs
SiegedSec hacktivist group hacked Idaho National Laboratory (INL)
The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec hacktivist group leaked stolen human resources data.
SecurityWeek
Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board
OpenAI reached an agreement for Sam Altman to return to OpenAI as CEO with a new initial board of directors, after he was fired a week prior.
The Hacker News
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean hackers posing as recruiters infect software developers with cross-platform malware.
Security Affairs
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.
CyberNews
OpenAI reinstates Sam Altman as CEO
Sam Altman to return as CEO of OpenAI.
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
The Record
Federal agencies investigating data breach at nuclear research lab
Idaho National Laboratory, a prominent nuclear research lab within the U.S. Department of Energy, is investigating the breach after a hacktivist group claimed to infiltrate its systems.
The Record
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
The Record
Rebel offensive in Myanmar takes aim at online scam industry
An alliance of rebel groups in northern Myanmar is preparing to lay siege to the city of Laukkaing — a hub of the country’s flourishing cyber-scamming industry that has drawn criticism from Beijing.
Bleeping Computer
Hacktivists breach U.S. nuclear research lab, steal employee data
The Idaho National Laboratory (INL) confirms they suffered a cyberattack after 'SiegedSec' hacktivists leaked stolen human resources data online.
Bleeping Computer
Auto parts giant AutoZone warns of MOVEit data breach
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks.
Bleeping Computer
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
SecurityWeek
Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges
Interview with Craig Martell, Chief Digital and AI Officer (CDAO) for the U.S. Department of Defense, about AI use in the military.
The Record
Binance agrees to pay $4.3 billion for money laundering violations, CEO steps down
Binance, the largest cryptocurrency exchange in the world, agreed to pay more than $4 billion in settlements with several U.S. law enforcement agencies after years of investigations uncovered widespread criminal use of the platform.
The Record
Navy unveils its first cyber strategy
The U.S. Navy on Tuesday released its long-awaited cyber strategy, as the service tries to revamp its efforts in the digital domain after years of personnel and readiness issues.
The Record
‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA
The bug has caused alarm for weeks as cybersecurity experts warned that many government agencies and major companies were leaving their appliances exposed to the internet — opening themselves up to attacks.
CyberScoop
Detailed data on employees of U.S. national security lab leak online
The hacking group SiegedSed released personal data on thousands of employees at the Idaho National Laboratory, the nuclear research lab.
The Hacker News
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
Indian Hack-for-Hire Group targeted U.S., China, Pakistan, and more for over a decade.
The Record
CISA launches pilot program offering ‘cutting-edge’ services to critical infrastructure orgs
The U.S. government is offering “cutting-edge cybersecurity shared services” to critical infrastructure organizations that need it most.
The Record
Nearly 9 million patients' records compromised in data breach
The attack on a medical transcription company is one of the worst healthcare-related data breaches in recent years, according to U.S. Department of Health and Human Services records.
The Record
Greater Paris wastewater agency dealing with cyberattack
The organization that manages wastewater for nine million people in and around Paris was hit with a cyberattack last week.
The Record
British Library says ransomware hackers stole data from HR files
The British Library — one of the largest libraries in the world and the national library of the United Kingdom — said the ransomware gang behind a recent attack on its systems appeared to leak data stolen from its human resources files.
Security Affairs
8Base ransomware operators use a variant of Phobos ransomware
8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Security Affairs
Israeli man sentenced to 80 months in prison for providing hacker-for-hire services
An Israeli hacker has been sentenced to 80 months in prison in the US for his role in a massive spear-phishing campaign
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
The Hacker News
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are utilizing a variant of the Phobos ransomware for their attacks.
SecurityWeek
ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company
Open AI fired CEO Sam Altman, Mira Murati, OpenAI’s chief technology officer, will take over as interim CEO effective immediately.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
Bleeping Computer
The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.
CyberNews
North American grid regulator tests physical, cybersecurity preparedness
US Regulators held a two-day simulation to stress-test the North American grid's physical and cybersecurity preparedness, emergency response, and recovery plans.
SecurityWeek
2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim
Two environmentalists who were targeted by a hacking network run by an Israeli man say the public is the real victim
SecurityWeek
FCC Tightens Telco Rules to Combat SIM-Swapping
With cyberattacks rising, new FCC rules will require wireless carriers to notify customers of any SIM transfer requests
Bleeping Computer
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
The Hacker News
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
Operation SEO#LURKER: Cybercriminal are using fake Google ads to trick users searching for software into downloading malware.
SecurityWeek
Key GOP Lawmaker Calls for Renewal of Surveillance Tool as He Proposes Changes to Protect Privacy
A Key GOP lawmaker has called for the renewal of surveillance tool as he proposes changes to protect privacy
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
The Hacker News
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
FCC mandates that wireless providers authenticate customers before transferring phone numbers, thereby protecting against SIM-swapping attacks and por
Security Affairs
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
US CISA added 3 vulnerabilities (tracked as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities catalog.
The Hacker News
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
Beware of fake Python libraries! 27 malicious packages found on PyPI, disguised as legitimate ones.
The Hacker News
U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem
U.S. agencies warn about Scattered Spider cybercriminals using advanced phishing to steal data and extort victims.
The Hacker News
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.
The Record
CISA, FBI warn of Scattered Spider expertise with social engineering, SIM swapping
The leading cybersecurity officials in the U.S. published a stark warning on Thursday about a group of hackers who have disrupted some of the largest companies in the country through social engineering and other tactics.
The Record
More than 330,000 Medicare recipients affected by MOVEit breach
In the latest disclosures related to a Russian ransomware gang’s exploitation of the popular MOVEit file transfer service, more than 330,000 Medicare recipients were confirmed affected in a leak of sensitive data from the government agency that oversees the program.
The Record
Multiple colleges, K-12 schools facing outages after cyberattacks
North Carolina Central University is investigating a cyberattack this week, as are school districts in Michigan, Oregon and Atlanta.
The Record
Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks
A ransomware group that has been exploiting a vulnerability in Citrix products posted both companies to its leak site.
SecurityWeek
State-Sponsored Online Spies Likely to Target Australian Submarine Program, Spy Agency Says
Australian submarines powered by U.S. nuclear technology is a likely target of state-sponsored hackers, the nation’s digital spy agency said.
Bleeping Computer
Fortinet warns of critical command injection bug in FortiSIEM
Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.
The Hacker News
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
U.S. agencies warn of Rhysida ransomware double extortion attacks on multiple industries, including education, manufacturing and IT.
The Hacker News
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.
CyberNews
FAA clears Musk's SpaceX for Starship rocket lift off
The US Federal Aviation Administration (FAA) grants Elon’s Musk’s SpaceX a license to launch 2nd test flight of its Starship and “Super Heavy” lift rocket.
Bleeping Computer
Ransomware gang files SEC complaint over victim’s undisclosed breach
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
The Record
Customs and Border Protection acquired ‘huge amount of surveillance power’
LexisNexis Risk Solutions provided CBP with capabilities such as collecting geolocation data, monitoring social media accounts and tracking cell phone call histories for non-U.S. and U.S. residents alike, according to documents obtained by an advocacy group.
The Record
House Intelligence panel proposes its own rewrite of surveillance powers
Chairman Mike Turner and colleagues issued the second proposal in as many weeks to rewrite federal surveillance authorities known as Section 702. A deadline to renew those powers is approaching soon.
The Record
Long Beach is latest California city facing cybersecurity incident
Long Beach's office of the city manager released a statement saying officials within the government were investigating the issue alongside a cybersecurity firm and had contacted the FBI for assistance.
The Record
MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC
Ransomware group AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission (SEC) for not informing the regulator of a cyberattack.
Bleeping Computer
New Samsung data breach impacts UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Bleeping Computer
Samsung hit by new data breach impacting UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Bleeping Computer
Toronto Public Library confirms data stolen in ransomware attack
The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack.
Bleeping Computer
PJ&A says cyberattack exposed data of nearly 9 million patients
PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients.
The Hacker News
U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty
U.S. Government Dismantles Global IPStorm Botnet Network! From Windows to Linux, Mac, and Android, the botnet turned infected devices into proxies for
Cyber Security News
FBI Dismantled Notorious IPStorm Botnet Infrastructure
The FBI has achieved a remarkable feat in the fight against cybercrime, dismantling the infamous IPStorm botnet network.
Bleeping Computer
Fraud researchers impersonated on X to push crypto-stealing sites
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Bleeping Computer
Fraudsters make $50,000 a day by spoofing crypto researchers
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
SecurityWeek
RADICL Adds $9 Million in Funding to Fortify Cyber Defenses of SMBs in Defense Industrial Base
RADICL, a cybersecurity firm providing threat protection to SMBs operating in the DIB, announced $9M of additional early-stage funding.
Security Affairs
Law enforcement agencies dismantled botnet proxy service IPStorm
The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm.
CyberSecurity Dive
Palo Alto Networks’ largest customers get no-cost incident response
Available through January, the response program comes at a time of heightened demand for rapid forensic services, particularly in light of the coming SEC incident response enforcement.
The Hacker News
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
Bleeping Computer
IPStorm botnet with 23,000 proxies for malicious traffic dismantled
The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm.
The Record
CISA adds three Microsoft Patch Tuesday bugs to vulnerability list
The top cybersecurity agency in the U.S. warned that hackers are exploiting three vulnerabilities disclosed by Microsoft on Tuesday.
The Record
CISA's Goldstein: Ukrainian response to Viasat hack proves need for redundancy, resilience
The Ukrainian military’s ability to recover from the Russian attack on satellite company Viasat is an example of the need for redundant systems and resilient organizations, according to a top U.S. government cybersecurity official.
The Record
SEC official defends new cyber disclosure rule that some lawmakers seek to overturn
A top U.S. Securities and Exchange Commission (SEC) official on Wednesday defended the agency’s new cybersecurity disclosure rule in the face of withering criticism from Congressional Republicans and industry groups.
The Record
Privacy watchdog chair Sharon Bradford Franklin on the fraught surveillance renewal debate
Recorded Future News speaks with Sharon Bradford Franklin, chair of the Privacy and Civil Liberties Oversight Board (PCLOB), about the watchdog's recommendations on the renewal of the powerful surveillance program and what the board is working on next.
The Record
Intel patches high-severity vulnerability affecting central processing units
The vulnerability, codenamed Reptar, affects central processing units (CPUs) in Intel's desktop, mobile and server products.
The Record
NSA's Joyce: Israel faces 'enormous amount of cyber pressure' from Iran, hacktivists
Israel is experiencing direct cyber and misinformation attacks from a variety of adversaries as it battles Hamas, according to NSA’s Rob Joyce.
The Record
Chairman of House cybersecurity panel wants to overturn SEC disclosure rules
Rep. Andrew Garbarino proposed legislation that would block the Securities and Exchange Commission (SEC) from requiring companies that it regulates to quickly disclose “material” cybersecurity incidents.
The Record
Coker nomination for cyber director role advances to Senate
The Senate Homeland Security & Governmental Affairs Committee advanced the nomination of Harry Coker, moving him one step closer to taking over as the White House’s national cyber director.
The Record
Nearly two dozen Danish energy companies hacked through firewall bug in May
Denmark's critical infrastructure experienced the largest cyberattack in the country's history this spring, with 22 energy companies breached in just a few days, according to a new report from one of the country’s top cyber agencies.
The Record
UK National Cyber Force operations to become ‘more embedded’ with policing
The elite U.K. hacking unit eventually will be more integrated into police operations, alongside military and intelligence ones, according to Gen. Sir Jim Hockenhull, the chief of Strategic Command.
Bleeping Computer
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files.
Bleeping Computer
Pharmacy provider Truepill data breach hits 2.3 million customers
Postmeds, doing business as 'Truepill,' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information.
Bleeping Computer
Meet the Unique New "Hacking" Group: AlphaLock
A Russian hacking group known as AlphaLock is launching a "pentest" marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group.
SecurityWeek
Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads
Google files a lawsuit against cybercriminals who delivered account-hijacking malware by offering fake Bard AI downloads.
CyberSecurity Dive
File-transfer services, rich with sensitive data, are under attack
This year has seen a trio of supply-chain attacks that created turmoil for thousands of corporate victims and their customers.
Security Affairs
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities.
The Hacker News
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
Juniper Junos OS vulnerabilities can lead to remote code execution. CISA has set a Nov 17, 2023 deadline to secure against Juniper Junos OS vulnerabil
The Record
CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’
The leading cybersecurity agencies in the U.S. released startling new data on the Royal ransomware gang on Monday, confirming previous reports that the gang may be preparing for a rebrand.
The Record
FBI takes down IPStorm malware botnet as hacker behind it pleads guilty
The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation.
The Record
Cyberattack on North Carolina county allowed hackers to access data
A cyberattack on a North Carolina county has forced officials to call in the state’s national guard for assistance.
The Record
Cyber incident reports hit ‘all-time high,’ warns UK NCSC
The National Cyber Security Centre said that it received 2,005 voluntary reports over the past year, a 64% increase on last year’s figures. Nearly 400 of those were so serious that the agency's incident management team had to triage the response.
Bleeping Computer
FBI: Royal ransomware asked 350 victims to pay $275 million
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.
Security Affairs
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
US CISA added four vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog.
Bleeping Computer
CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.
CyberSecurity Dive
Weeks after Boeing attack, ransomware group leaks allegedly stolen files
The company’s data was leaked two weeks after the prolific Russia-affiliated group, LockBit, claimed responsibility for the attack.
SecurityWeek
Yellen Says Ransomware Attack on China's Biggest Bank Minimally Disrupted Treasury Market Trades
A ransomware attack that forced China’s biggest bank to take some systems offline only minimally disrupted the U.S. Treasury market.
Cyber Security News
SentinelOne Set to Acquire a Cybersecurity Consulting Firm, Krebs Stamos Group
In a strategic move aimed at addressing the escalating challenges posed by cyber threats in today's interconnected world, SentinelOne, a global leader in AI security, has unveiled the PinnacleOne Strategic Advisory Group.
The Hacker News
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
Malaysian authorities, with help from the AFP and FBI, shut down the notorious phishing-as-a-service (PhaaS) operation, BulletProofLink.
The Record
Canadian banking tech giant Moneris says it prevented ransomware attack
The joint venture of the Royal Bank of Canada and Bank of Montreal said its cybersecurity team “prevented access to critical data and no ransom request was made.”
The Record
Ransomware attack on Ohio city impacts multiple services
Huber Heights, Ohio, said several divisions in the city government — but not Public Safety Services — were affected by the incident.
Bleeping Computer
LockBit ransomware leaks gigabytes of Boeing data
The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.
The Record
More than $100 million stolen from Poloniex crypto platform
Hackers stole more than $100 million from cryptocurrency trading platform Poloniex on Friday, taking off with millions worth of Bitcoin and Ethereum.
Bleeping Computer
Microsoft: BlueNoroff hackers plan new crypto-theft attacks
Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn.
Bleeping Computer
Hackers breach healthcare orgs via ScreenConnect remote access
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool.
Bleeping Computer
McLaren Health Care says data breach impacted 2.2 million people
McLaren Health Care (McLaren) is notifying nearly 2.2 million people of a data breach that occurred between late July and August this year, exposing sensitive personal information.
CyberSecurity Dive
Chinese banking giant’s US arm hit by ransomware attack
The hack reportedly disrupted the trading of U.S. Treasuries. The Industrial and Commercial Bank of China Financial Services said it is investigating the attack and progressing recovery efforts.
Bleeping Computer
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know
Ransomware attacks are rapidly becoming the weapon of choice, making up over half of all attacks in the healthcare industry. Learn more from Specops Software on securing your organization from these attacks.
CyberSecurity Dive
For Maine, the MOVEit attack is personal
With 1.3 million individuals compromised, the level of exposure on an individual basis is one that's representative of a compromise of its entire population.
CyberSecurity Dive
As Congress weighs budget priorities, top cyber execs urge CISA funding support
The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.
The Record
Washington State Department of Transportation working to recover from cyberattack
Washington’s State Department of Transportation is recovering from a cyberattack that is causing a range of issues for local ferries and apps used for maps.
CyberNews
Apple co-founder Wozniak suffers possible stroke in Mexico
Apple co-founder Steve Wozniak was hospitalized in Mexico City due to a possible stroke.
CyberScoop
Cyber ops linked to Israel-Hamas conflict largely improvised, researchers say
Microsoft and Mandiant researchers believe Iranian hackers were not prepared for the initial Hamas attack.
Bleeping Computer
Industrial and Commercial Bank of China hit by ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
Bleeping Computer
World’s largest commercial bank ICBC confirms ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
The Hacker News
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
Microsoft exposes Lace Tempest's latest move: exploiting a zero-day flaw in SysAid IT support software.
CyberSecurity Dive
Mr. Cooper customers’ data exposed by cyberattack
The mortgage servicing provider has yet to determine how many of its 4.3 million customers had data compromised or the extent of potential damage.
The Hacker News
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
CISA adds high-severity flaw in Service Location Protocol (SLP) to Known Exploited Vulnerabilities list.
The Record
Industrial and Commercial Bank of China dealing with LockBit ransomware attack
The ransomware attack on China's largest bank impacted trading on the U.S. Treasury market.
The Record
Serbian pleads guilty to running ‘Monopoly’ darknet marketplace
Milomir Desnica, 33, allegedly launched and operated the Monopoly darknet marketplace, using the platform to facilitate the sale of drugs.
The Record
SentinelOne to acquire cybersecurity consulting firm Krebs Stamos Group
Cybersecurity giant SentinelOne said it is acquiring advisory firm Krebs Stamos Group and creating a new entity called PinnacleOne Strategic Advisory Group.
The Record
NATO allies express support for collective response to cyberattacks
NATO delegates gathered on Thursday for the alliance’s first annual Cyber Defence Conference, marking a growing acceptance among allies that new methods are needed to tackle cyberattacks beyond resilience.
The Hacker News
Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI
Python developers, watch out! Malicious Python packages sneak onto PyPI to steal sensitive data.
The Record
Russian ‘influence-for-hire’ firms spread propaganda in Latin America: US State Department
The U.S. government has uncovered an ongoing Russia-funded disinformation campaign across Latin America aimed at undermining support for Ukraine and discrediting the U.S. and NATO.
Bleeping Computer
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
CyberSecurity Dive
Cyberattack hits Mr. Cooper, blocks millions of mortgage payments
The loan servicing giant shut down systems after it detected the intrusion and set up alternative methods for its 4.3 million customers to make payments.
The Hacker News
Confidence in File Upload Security is Alarmingly Low. Why?
Let’s explore why confidence in security lags infrastructure upgrades and how OPSWAT closes that gap.
CyberSecurity Dive
Visa launches cybersecurity training program
The card giant rolled out a cybersecurity apprenticeship program last year amid a talent deficit highlighted by the Biden administration.
The Record
Bipartisan bill aims to have wide impact on federal surveillance efforts
A group of House and Senate lawmakers introduced this year's first significant attempt to renew Section 702 of the Foreign Intelligence Act.
The Record
North Korean ‘BlueNoroff’ group targeting financial institutions with macOS malware
BlueNoroff is believed to be affiliated with the notorious Lazarus hacking group and has targeted cryptocurrency exchanges, venture capital firms and banks with malware.
The Record
Atlassian confirms ransomware is exploiting latest Confluence bug
An Atlassian spokesperson said the company had evidence to support what cybersecurity researchers reported over the weekend: A vulnerability affecting the Confluence Data Center and Confluence Server products was being used in cybercrime.
The Record
Meta whistleblower testimony adds fuel to push for online kids safety bill
Arturo Béjar, a former Facebook engineering director and Meta consultant, testified before a Senate subcommittee about the company's alleged failure to protect children.
Bleeping Computer
US sanctions Russian who laundered money for Ryuk ransomware affiliate
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Russian national Ekaterina Zhdanova for laundering millions in cryptocurrency for various individuals, including ransomware actors.
Cyber Security News
U.S. Government Recovers $2.4 Million From A Business Emails Hack
The hackers frauded $2.4 Million through business emails, but the U.S. Government reclaimed the Money and returned it to the victims.
CyberSecurity Dive
Countries pledge to not pay ransoms, but experts question impact
There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.
The Hacker News
U.S. Treasury Targets Russian Money Launderer in Cybercrime Crackdown
U.S. Treasury imposes sanctions on Russian woman for laundering virtual currency for elites and cybercriminal groups, including Ryuk ransomware.
CyberSecurity Dive
Top ways businesses can manage the risk implications of the SEC cybersecurity disclosure rule
The SEC final rule requires public companies to disclose any material cybersecurity incidents within four business days of determination.
The Record
US, South Korea and Japan launch group to tackle North Korea hacking
The group will meet on a quarterly basis to strengthen “practical joint response capabilities to global cyber threats” — North Korea's state-sponsored hacking, in particular.
The Record
Data brokers are selling US service members’ secrets, researchers find
Vast amounts of highly sensitive data on American military service members are up for sale by data brokers — with possible national security implications.
The Record
Mortgage giant Mr. Cooper using alternative payment options after cyberattack
Customers attempting to log in to Mr. Cooper's website to pay their mortgages or loans were instead greeted with a message stating that the company was suffering a technical outage, later confirmed to be a cyberattack.
The Record
Researchers spot an increase in Jupyter infostealer infections
Education and healthcare institutions seem to be targets in the latest wave of Jupyter infections, according to VMware's Carbon Black team.
The Record
Iran-linked hackers attack Israeli education and tech organizations
Hackers suspected of being tied to Iran’s government have been deploying new destructive malware against Israeli organizations, according to recent research.
The Record
Judge unseals FTC complaint against Kochava alleging ‘staggering’ data broker practices
The unsealed complaint alleges Kochava illegally obtains and sells a shocking amount of highly sensitive information about consumers including their mobile device IDs, yearly income, app usage, and nearly real-time geolocation within 10 meters.
The Hacker News
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
StripedFly, a stealthy malware posing as a crypto miner, has infected over a million devices worldwide and has flown under the radar for 5 years.
Bleeping Computer
The Week in Ransomware - November 3rd 2023 - Hive's Back
Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise.
CyberScoop
CISA sees increase in zero-day exploitation, official says
Michael Duffy, an official in CISA’s cybersecurity division, says zero-day exploits are “really affecting the federal government networks.”
CyberSecurity Dive
Microsoft overhauls cyber strategy to finally embrace security by default
The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features.
CyberNews
Sam Bankman-Fried convicted of multi-billion dollar FTX fraud
Bankman-Fried has been jailed since August after Kaplan revoked his bail, having concluded he likely tampered with witnesses.
The Record
‘Multi-stage social engineering’ campaign against Israel tied to Iran-based group
Researchers uncovered a recent hacking campaign by a long-running group known as MuddyWater, OilRig or APT34.
The Record
US sanctions Russian accused of laundering virtual currency for ransomware affiliate
According to the Office of Foreign Assets Control, Ekaterina Zhdanova worked to help other Russians evade sanctions imposed on the country’s financial system after the invasion of Ukraine.
The Record
UK agency warns post-quantum cryptography migration will be ‘very complicated’
The National Cyber Security Centre says that more than just mathematics will be necessary to meet the threat that quantum computers pose to traditional public-key cryptography.
Bleeping Computer
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems
U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal.
SecurityWeek
After Major Cloud Hacks, Microsoft Unveils ‘Secure Future Initiative’
Redmond's new security initiative promises faster patches, better management of signing keys and products with a higher default security bar.
CyberScoop
Microsoft upgrades security for signing key in wake of Chinese breach
Policymakers and researchers have sharply criticized Microsoft’s security practices after an illicitly obtained key enabled a wide-ranging espionage operation.
Bleeping Computer
Boeing confirms cyberattack amid LockBit ransomware claims
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data.
CyberSecurity Dive
Boeing confirms cyberattack, global services disrupted
The aerospace and defense company declined to describe the nature of the attack but said flight safety is not affected.
The Hacker News
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability
Cybersecurity experts uncover a critical flaw in Apache ActiveMQ. Hackers exploit it for ransomware attacks.
The Record
Republican senator continues blocking military picks, including cyber leaders
Sen. Tommy Tuberville refused to give up his "hold" on about 400 military promotions — including key cybersecurity personnel — to protest a policy that covers the costs for personnel to travel to seek an abortion.
Bleeping Computer
Toronto Public Library outages caused by Black Basta ransomware attack
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack.
SecurityWeek
Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks
The AI Safety Summit focused on cutting-edge “frontier” AI that some scientists warn could pose a risk to humanity’s very existence.
The Hacker News
Researchers Expose Prolific Puma's Underground Link Shortening Service
Meet "Prolific Puma," the secretive threat actor behind a dangerous link shortening service with thousands of malicious domains used for phishing.
CyberSecurity Dive
Splunk to cut 7% of staff in latest layoff round this year
CEO Gary Steele said the cuts, which largely impact employees in the U.S., are not related to Cisco's deal to acquire the company.
SecurityWeek
Cutting-Edge AI Raises Fears About Risks to Humanity. Are Tech and Political Leaders Doing Enough?
Many people are raising the alarm about AI’s as-yet-unknown dangers and calling for safeguards to protect people from its existential threats.
SecurityWeek
Former British Cyberespionage Agency Employee Gets Life in Prison for Stabbing an American Spy
Former British cyberespionage agency employee was sentenced in a London court for attempted murder, will have to serve at least 13 years in prison.
The Record
Probe of school surveillance software finds privacy abuses, inaccurate results
The Electronic Frontier Foundation, a civil liberties group, took a hard look at the GoGuardian student surveillance software used by many U.S. schools.
The Record
War crimes prosecutor says trials this time might be different
Will there be justice for the atrocities in Bucha, Ukraine? Stephen Rapp, a former U.S. ambassador-at-large for war crimes, talks with the Click Here podcast team about the future of that case and others.
The Record
Major Mexican airport confirms experts are working to address cyberattack
The Querétaro Intercontinental Airport — about three hours from Mexico City — posted on social media that it was responding to an unspecified incident.
The Record
Commerce Department promises safeguards to prevent surveillance tech sales abroad
The new policies require staff at the Commerce Department's International Trade Administration to consider human rights concerns when providing export assistance to foreign governments.
The Record
California community college Río Hondo dealing with cybersecurity incident
The LockBit ransomware gang added the school to its list of victims, giving officials until November 20 to pay an undisclosed ransom.
The Record
Medical firm reaches $100,000 settlement with HHS over 2017 ransomware attack
Doctors’ Management Services — which provides medical billing and payer credentialing services — was attacked by the now-defunct GandCrab ransomware gang in April 2017. The settlement with HHS is the first for the agency over a ransomware attack.
Bleeping Computer
Windows 11 23H2 - New features in the Windows 11 2023 Update
This article will explore Windows 11 23H2 features, from dynamic lighting to Windows Copilot upgrades.
SecurityWeek
Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
The SEC's lawsuit against the CISO of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles.
Bleeping Computer
Dozens of countries will pledge to stop paying ransomware gangs
An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups.
Bleeping Computer
Samsung Galaxy gets new Auto Blocker anti-malware feature
Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices.
Bleeping Computer
Massive cybercrime URL shortening service uncovered via DNS data
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
Bleeping Computer
Canada bans WeChat and Kaspersky products on govt devices
Canada has banned the use of Kaspersky security products and Tencent's WeChat app on mobile devices used by government employees, citing network and national security concerns.