Infosecurity News
Cybercriminals Hesitant About Using Generative AI
An analysis of dark web forums revealed many threat actors are skeptical about using tools like ChatGPT to launch attacks
The Hacker News
How Hackers Phish for Your Users' Credentials and Sell Them
Did you know that a single stolen credential can jeopardize your entire network? Protect your organization against sophisticated phishing attacks. Lea
SecurityWeek
Ardent Hospitals Diverting Patients Following Ransomware Attack
Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations.
The Record
English council spent £1.1 million recovering from ransomware attack
Gloucester's local government released the expense figures related to a 2021 attack. The council had received a formal reprimand from the Information Commissioner's Office in August.
Ars Technica
New “Stable Video Diffusion” AI model can animate any still image
Given GPU and patience, SVD can turn any image into a 2-second video clip.
Latest Hacking News
Multiple Vulnerabilities Found In ownCloud File Sharing App
Numerous security vulnerabilities riddled the privacy of ownCloud users that the vendor patched recently. Exploiting these vulnerabilities could expose users’ passwords to potential adversaries. ownCloud Vulnerabilities Risked User Accounts According to the recent advisories, ownCloud addressed three
The Hacker News
How to Handle Retail SaaS Security on Cyber Monday
Cyber Monday Alert: $13.7 billion in spending today! Retailers, safeguard your SaaS apps to protect customer data.
SecurityWeek
Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption
Healthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files.
Cyber Security News
Kansas Court Hack: Attackers Stole Sensitive Data From Systems
Kanas Supreme Court released the statement for the cyber incident that stole sensitive data from systems,the cybercriminals also stole data.
SecurityWeek
Hacktivism: What’s in a Name… It May be More Than You Expect
Hacktivists should be treated as malicious hackers because the distance between hacking/activism, malevolence, and damage is too small and too vague.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
Bleeping Computer
Atomic Stealer malware strikes macOS via fake browser updates
The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware.
Security Affairs
App used by hundreds of schools leaking children's data
Almost a million files with minors' data, including home addresses and photos were left open to anyone on the internet.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
The Hacker News
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
Beware of Telekopye: The malicious Telegram bot used by the "Neanderthals" for large-scale phishing scams. It crafts phishing websites and emails.
Infosecurity News
Cyber-Attack Disrupts UK Property Deals
A legal sector specialist infrastructure service provider has experienced a service outage that is impacting up to 200 conveyancing firms across the UK
CyberNews
Pro-Russian disinfo campaign using Israel-Hamas war to stir chaos
A disinformation campaign, run or backed by Russia, has been using the Israel-Hamas war to try to create tensions elsewhere in the world.
Cyber Security News
APT Groups Using HrServ Web Shell to Hack Windows Systems
A HrServ web shell is a malicious script or program that enables remote administration of a server, allowing unauthorized access and control.
The Record
Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS
The managed service provider CTS confirmed it had experienced a "cyber-incident." At least one report said the CitrixBleed bug was involved.
The Record
How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall
A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.
Security Affairs
ClearFake campaign spreads macOS AMOS information stealer
Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of ClearFake campaign.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
Cyber Security News
Firefox 120 Released With Security Updates: What’s New!
10 vulnerabilities are patched, including six 'High Severity' issues and two moderate and low severity issues are fixed.
CyberNews
App used by hundreds of schools leaking children's data
Almost a million files with minors' data, including home addresses, photos, and information about the school they attend, were left open to anyone on the internet, posing a threat to children.
Cyber Security News
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability to Deploy Remcos RAT
Microsoft released multiple security patches as part of their Patch Tuesday in which three zero-day vulnerabilities were also patched.
CSO
Cyberattacks on Israel intensify as the war against Hamas rages: Check Point
Cyberattacks have grown in frequency as well as sophistication as the Israel-Hamas conflict intensifies.
CyberNews
FEAM Aero reportedly hit by ransomware
Feam Aero, the global aircraft maintenance and technical services company, has been claimed by the LockBit ransomware gang.
DarkReading
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Ars Technica
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet
Internet scans show 7,000 devices may be vulnerable. The true number could be higher.
Bleeping Computer
The Black Friday 2023 Security, IT, VPN, & Antivirus Deals
Black Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software.
Bleeping Computer
Open-source Blender project battling DDoS attacks since Saturday
Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday.
Infosecurity News
Regulator Issues Privacy Ultimatum to UK’s Top Websites
ICO warns of enforcement action if they don’t give users fair choices
Security Affairs
Enterprise software provider TmaxSoft leaks 2TB of data
TmaxSoft , a Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
The Record
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
DarkReading
Exploit for Critical Windows Defender Bypass Goes Public
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
CyberNews
OpenAI board, Altman in talks for return of former CEO
Sam Altman and OpenAI's board have opened up discussions to bring back the former CEO and founder of the AI startup, while investors seek legal action.
.webp)
Cyber Security News
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Rhysida, a new ransomware group, hit its first victim in May 2023. They use their ransomware, offered as RaaS (Ransomware-as-a-Service), with at least 50 global victims listed on their website.
Bleeping Computer
Criminal IP Becomes VirusTotal IP and URL Scan Contributor
The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you.
CyberNews
Enterprise software provider Tmax leaks 2TB of data
Tmax has leaked over 50 million sensitive records.
Security Affairs
Experts warn of a surge in NetSupport RAT attacks
Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors.
The Hacker News
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are getting smarter! Cybercriminals are now using QR codes, CAPTCHAs, and steganography to trick victims. Learn how to stay safe.
CyberNews
Appin group legacy: Indian cyber mercenaries will hack for coin
Researchers from SentilenLabs with a high confidence level attributed intrusions in Norway, Pakistan, China, and India to Appin.
CyberNews
Fake online stores flood the internet ahead of Black Friday
The number of blocked fake retail sites has more than doubled compared to the previous year, urging shoppers to be cautious.
CyberSecurity Dive
Companies are getting smarter about cyber incidents
Although incidents are up and risks are expanding, businesses are better prepared to send threat actors away empty-handed, a specialist says.
CSO
MOVEit carnage continues with over 2600 organizations and 77M people impacted so far
The number of companies impacted by one of the biggest cyberattack incidents of the year continues to grow.
DarkReading
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
The Record
UK regulator demands websites let users ‘Reject All’ cookies
Top websites in the United Kingdom have 30 days to comply with the country’s privacy laws or they will “face the consequences,” the Information Commissioner's Office said.
CyberNews
Ukraine’s top two cybersecurity officials axed amid embezzlement probe
Two heads of Ukraine’s national cybersecurity agency were fired Monday amid accusations of participating in an embezzlement scheme involving millions in state funds.
CyberNews
British Library ransom attack claimed, data leak confirmed
The British Library confirms data has been leaked as it struggles to recover from a November 6 ransomware attack claimed by the e Rhysida ransom gang.
Security Affairs
Rhysida ransomware gang is auctioning data stolen from the British Library
The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage.
Bleeping Computer
Rhysida ransomware gang claims British Library cyberattack
The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage.
CyberNews
Best botnet ad? An attack on OpenAI
Anonymous Sudan attacks on OpenAI and Cloudlfare are meant to show the groups' capabilities.
CyberNews
Largest companies pausing ads on X over antisemitic storm, Musk vows revenge
After Elon Musk, the owner of X, amplified an antisemitic trope on the platform, major firms have suspended advertising on the site.
The Hacker News
Why Defenders Should Embrace a Hacker Mindset
Prioritizing cybersecurity is key. Learn how to prioritize remediation based on impact and protect your organization's crown jewels.
CyberNews
Most cyberattacks in Russia come from China and North Korea
China and North Korea were behind most of state-sponsored cyberattacks in Russia, according to the country’s security firm Solar.
Security Affairs
US teen pleads guilty to his role in credential stuffing attack on betting site
US teenager Joseph Garrison pleads guilty to carrying out a credential-stuffing attack on a betting website.
The Record
British Library says ransomware hackers stole data from HR files
The British Library — one of the largest libraries in the world and the national library of the United Kingdom — said the ransomware gang behind a recent attack on its systems appeared to leak data stolen from its human resources files.
The Record
Personal info of Canadian Armed Forces, RCMP stolen in cyberattack
A cyberattack on the systems of a Canadian government contractor used for relocation services has compromised data belonging to service members and the Royal Canadian Mounted Police.
Bleeping Computer
Bloomberg Crypto X account snafu leads to Discord phishing attack
The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack.
CyberNews
OpenAI CEO Sam Altman asked to step down
OpenAI has announced that its CEO Sam Altman is leaving the company after board members determined he was no longer fit for the role.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
Bleeping Computer
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information.
SecurityWeek
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website
Wisconsin teenager Joseph Garrison has admitted in court to launching a credential stuffing attack on a betting website.
CyberNews
No, Osama bin Laden’s “Letter to America” did not go viral on TikTok
TikTok has scrambled to prohibit content that promotes Osama bin Laden’s 2002 "Letter to America" after users started talking about it. But these videos weren't viral.
Bleeping Computer
British Library: Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations.
The Hacker News
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
Operation SEO#LURKER: Cybercriminal are using fake Google ads to trick users searching for software into downloading malware.
SecurityWeek
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks.
SecurityWeek
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
Toyota Financial Services has been hit by a ransomware attack that may have involved exploitation of the CitrixBleed vulnerability.
CyberNews
Change of tactics: ALPHV reports target to SEC for failing to disclose breach
In what’s probably a first, the ALPHV/BlackCat ransomware gang has filed a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims.
Infosecurity News
British Library: Ransomware Recovery Could Take Months
Famed institution warns of ongoing disruption
CyberNews
City of Long Beach declares local emergency after cyberattack
The City of Long Beach, California declares a Local Emergency after a 'network security incident' on November 14th, forcing the city to shut down some systems..
Ars Technica
Ransomware group reports victim it breached to SEC regulators
Group tells SEC that the victim is in violation for not reporting it was hacked.
Ars Technica
“Make It Real” AI prototype wows devs by turning drawings into working software
Designer: "I think I need to go lie down."
Bleeping Computer
Long Beach, California turns off IT systems after cyberattack
The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread.
Bleeping Computer
How DDoS attacks are taking down even the largest tech companies
DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets.
CyberNews
Hackers claim multiple attacks on Israel and leak confidential files
https://cybernews.com/news/israir-shufersal-cyber-attacks-israel/
SecurityWeek
Bad Bots Account for 73% of Internet Traffic: Analysis
A new report estimates that 73% of all internet traffic currently (Q3, 2023) comprises bad bots and related fraud farm traffic.
CyberNews
Fake crypto apps bring real losses to leading app marketplace users
Fake crypto apps and crypto romance scams on the rise
SecurityWeek
Ransomware Group Files SEC Complaint Over Victim's Failure to Disclose Data Breach
Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose a data breach caused by the hackers
Cyber Security News
OracleIV: Dockerized Botnet Launches DDoS Attack Against Docker Engine
Hackers use networks of compromised computers (botnets) to generate massive traffic, disrupting the target's normal functioning by overloading its resources. The goal is to make a website or online service inaccessible to legitimate users.
The Record
Long Beach is latest California city facing cybersecurity incident
Long Beach's office of the city manager released a statement saying officials within the government were investigating the issue alongside a cybersecurity firm and had contacted the FBI for assistance.
The Record
Hackers target Greece, Tunisia, Moldova, Vietnam and Pakistan with Zimbra zero-day
The attacks targeting government agencies were carried out by four different groups throughout the summer, Google's Threat Analysis Group found.
The Record
FTC targets telecom provider for inmates after massive data breach
The federal agency wants Virginia-based Global Tel*Link Corp. to improve its security practices and incident reporting policies.
Ars Technica
Bing Chat is now “Microsoft Copilot” in potentially confusing rebranding move
Microsoft: "Soon there will be a Copilot for everyone and for everything you do."
CyberNews
Henry Schein data breach: banking details exposed
Henry Schein confirms an October data breach, claimed by APLHV/BlackCat ransom group, and reveals that customer bank account and credit card numbers were likely exposed.
Bleeping Computer
FBI and CISA warn of opportunistic Rhysida ransomware attacks
The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors.
Bleeping Computer
Fraud researchers impersonated on X to push crypto-stealing sites
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Bleeping Computer
Fraudsters make $50,000 a day by spoofing crypto researchers
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Cyber Security News
WP Fastest Cache Plugin Exposes Over 600K+ WordPress Sites to SQL Injection Attacks
In a recent development, the WPScan team has unearthed a significant security flaw within the widely-used WP Fastest Cache plugin.
CyberNews
Credit card skimming in fashion as we dive into holiday shopping
More online activity during the festive season means more opportunities for cybercriminals to commit theft. A new report says that credit card skimming is on the rise.
The Record
Privacy watchdog chair Sharon Bradford Franklin on the fraught surveillance renewal debate
Recorded Future News speaks with Sharon Bradford Franklin, chair of the Privacy and Civil Liberties Oversight Board (PCLOB), about the watchdog's recommendations on the renewal of the powerful surveillance program and what the board is working on next.
SecurityWeek
Protected Virtual Machines Exposed to New 'CacheWarp' AMD CPU Attack
CacheWarp is a new attack method affecting a security feature present in AMD processors that can pose a risk to virtual machines.
Cyber Security News
8 New Metasploit Exploit Modules Released Targeting Critical Vulnerabilities
Metasploit is an open-source penetration testing framework created by Rapid7 that enables security professionals to simulate attacks against computer systems, networks, and applications.
Cyber Security News
McLaren Health Care Hacked: Attackers Claim 6 TB of Patient Data Stolen
McLaren Health Care was hacked 2.2 million individual data were breached after the attack of 6TB of Patient records in August.
SecurityWeek
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal (AKA Weld Pond) founder and CTO of Veracode and member of the hacker collective L0pht Heavy Industries.
The Hacker News
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
Vietnamese hackers behind Ducktail malware launch a new campaign targeting Indian marketing pros.
The Record
Cyberattack on North Carolina county allowed hackers to access data
A cyberattack on a North Carolina county has forced officials to call in the state’s national guard for assistance.
The Record
FBI takes down IPStorm malware botnet as hacker behind it pleads guilty
The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation.
Infosecurity News
Information-Stealing Malware Escalates in Online Gaming
A report by Sekoia.io shed light on a targeted campaign using Discord and fake download websites
SecurityWeek
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party
Dragos finds no evidence of a data breach after the BlackCat ransomware group claimed to have hacked the security firm via a third party.
Security Affairs
LockBit ransomware gang leaked data stolen from Boeing
The LockBit ransomware group published data allegedly stolen from the aerospace giant Boeing in a recent attack.
CyberSecurity Dive
Henry Schein says customer data breached in cyber incident
The company lowered its 2023 sales and earnings forecasts in response to the incident, which took some of its distribution systems offline.
SecurityWeek
2.2 Million Impacted by Data Breach at McLaren Health Care
McLaren Health Care is informing roughly 2.2 million individuals of a data breach impacting their personal information.
The Hacker News
New Ransomware Group Emerges with Hive's Source Code and Infrastructure
A new ransomware group, Hunters International, has taken over the reins from Hive, acquiring its source code and infrastructure.
SecurityWeek
Ransomware Group Leaks Files Allegedly Stolen From Boeing
The LockBit ransomware group has leaked gigabytes of files allegedly stolen from the systems of aerospace giant Boeing.
SecurityWeek
Mr. Cooper Says Customer Data Compromised in Cyberattack
US mortgage giant Mr. Cooper announced over the weekend that customer data was compromised in an October 31 cyberattack.
SecurityWeek
Yellen Says Ransomware Attack on China's Biggest Bank Minimally Disrupted Treasury Market Trades
A ransomware attack that forced China’s biggest bank to take some systems offline only minimally disrupted the U.S. Treasury market.
The Hacker News
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
Malaysian authorities, with help from the AFP and FBI, shut down the notorious phishing-as-a-service (PhaaS) operation, BulletProofLink.
The Record
Crooks leverage Google quiz messages as part of bitcoin scam
Scammers have discovered a way to create a new quiz in Google Forms, use a victim’s email address to respond to it, and then exploit the feature that releases the score of the quiz to send malicious emails, Cisco Talos said.
The Record
Ransomware attack on Ohio city impacts multiple services
Huber Heights, Ohio, said several divisions in the city government — but not Public Safety Services — were affected by the incident.
Cyber Security News
Best Security Solutions for Marketers - 2024
Best security solutions for Marketers: 1. Perimeter 81 2. Surfshark3. Private Internet Access 4. Malwarebytes 5. CyberGhost 6. GoodAccess
.webp)
Cyber Security News
Hackers Trick Windows Users With Malicious Ads to Deliver Malware
Cybersecurity researchers at Malwarebytes recently identified a malicious campaign that mimics the WindowsReport.com portal.
Cyber Security News
Top 10 Best Google Alternatives in 2024
Best Google Alternatives: 1. DuckDuckGo 2. Search Encrypt 3. Qwant 4. Startpage 5. Mojeek 6. Bing 7. Gibiru 8. Ask 9. SearX 10. Yahoo!
Bleeping Computer
Mortgage giant Mr. Cooper says customer data exposed in breach
Mr. Cooper, the largest home loan servicer in the United States, says it found evidence of customer data exposed during a cyberattack disclosed last week, on October 31.
Bleeping Computer
McLaren Health Care says data breach impacted 2.2 million people
McLaren Health Care (McLaren) is notifying nearly 2.2 million people of a data breach that occurred between late July and August this year, exposing sensitive personal information.
CyberNews
New malvertising campaign targets Windows geeks
A threat actor copied a legitimate Windows news website to deliver an infostealer for the CPU-Z processor tool.
The Hacker News
Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan
Urdu-speaking readers in Gilgit-Baltistan, beware! A WATERING HOLE ATTACK using Kamran spyware has been uncovered by ESET
CyberNews
Apple pays $25M to settle employment discrimination case
The US Department of Justice has secured a $25 million landmark agreement with Apple Inc for discriminating against potential employees based on their citizenship status.
The Record
Android spyware delivered through infected news site targets Urdu speakers in Kashmir
Hackers are targeting Urdu speakers with spyware delivered through an infected popular news site, according to a new report.
The Record
Washington State Department of Transportation working to recover from cyberattack
Washington’s State Department of Transportation is recovering from a cyberattack that is causing a range of issues for local ferries and apps used for maps.
The Record
Clearing the informational fog in Israel and Gaza
The Click Here podcast team reports on wartime technological improvisations: An activist unexpectedly leads an effort to identify the missing and the dead. And an English teacher finds a way to connect mobile phones as infrastructure collapses.
CyberNews
Apple co-founder Wozniak suffers possible stroke in Mexico
Apple co-founder Steve Wozniak was hospitalized in Mexico City due to a possible stroke.
CyberNews
Allen & Overy law firm breached, LockBit takes credit
Top global law firm Allen & Overy (A&O) said some of its systems have been impacted due to a “data incident” claimed by the LockBit ransomware group.
Bleeping Computer
Cloudflare website down, showing ‘We’re sorry’ Google errors
Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.
Bleeping Computer
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.
Infosecurity News
New Kamran Spyware Targets Urdu-Speaking Users in Pakistan
ESET said the attack affects Android users accessing the Urdu version of the Hunza News website
CyberNews
Lego fans told to change passwords after cyberattack
BrickLink, a Lego-owned marketplace, advised users to update their passwords after a cyberattack.
The Hacker News
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers
Malicious sites posing as legit Windows news portals spotted distributing malware disguised as CPU-Z.
The Record
Ransomware gang behind MOEVit attacks are targeting new zero-day, Microsoft says
The Russian ransomware gang behind the exploitation of several popular file transfer tools is now exploiting a new vulnerability in SysAid IT support software, according to a new report.
The Record
Iranian Charming Kitten hackers targeted Israeli organizations in October
The Iranian hacking group targeted organizations in Israel’s transportation, logistics and technology sectors amid an uptick in Iranian cyber activity since the start of Israel’s war with Hamas.
The Record
Ransomed.vc gang claims to shut down after six affiliates allegedly arrested
A Telegram account claiming to be behind the operation initially tried to sell the ransomware tools, before saying the group was shutting down for good this week.
Trend Micro
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
Bleeping Computer
Signal tests usernames that keep your phone number private
Signal is now testing public usernames that allow users to conceal the phone numbers linked to their accounts while communicating with others.
Bleeping Computer
Russian state-owned Sberbank hit by 1 million RPS DDoS attack
Russian financial organization Sberbank states in a press release that two weeks ago it faced the most powerful distributed denial of service (DDoS) attack in recent history.
CyberNews
Despite pledges not to pay, ransoms are here to stay
Cybernews asked more than 30 experts from various fields if they’d be willing to pay a ransom in the event of a cybersecurity breach.
Infosecurity News
EU Rules for Digital Identities and Trust Services Face Backlash
A proposed amendment of eIDAS could “weaken the security of the Internet as a whole”, said a letter signed by over 500 individuals and organizations
CyberNews
Marina Bay Sands Singapore luxury resort breached
Singapore’s iconic Marina Bay Sands luxury resort and casino says loyalty member's personal information was compromised in a data breach.
The Record
Council for Scottish islands faces IT outage after ‘incident’
The Comhairle nan Eilean Siar — which governs the more than 470,000 people living on the chain of islands — said access to its IT system “has been affected by an incident which has caused significant disruption.”
DarkReading
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
Cyber Security News
RedLine Malware Steals Sensitive Data and Installs More Malware
Researchers from Any Run saw again its active activity intended to develop to steal, cause financial loss, and data, targeting both enterprise and personal devices.
The Hacker News
Offensive and Defensive AI: Let’s Chat(GPT) About It
Get the full story on the dangers of the rapidly growing consumer application, ChatGPT, and learn how to resist cyber crime.
The Record
Japan Aviation Electronics says servers accessed during cyberattack
Manufacturing giant Japan Aviation Electronics confirmed that its systems are facing a cyberattack that has forced the company to shut down its website.
The Record
Dallas County reviewing data leaked by ransomware gang
The Play ransomware gang posted data purportedly stolen from Dallas County to its leak site.
Ars Technica
Elon Musk’s new AI model doesn’t shy from questions about cocaine and orgies
xAI positions sarcastic AI assistant to counterbalance buttoned-up ChatGPT.
Bleeping Computer
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices.
The Record
Mortgage giant Mr. Cooper using alternative payment options after cyberattack
Customers attempting to log in to Mr. Cooper's website to pay their mortgages or loans were instead greeted with a message stating that the company was suffering a technical outage, later confirmed to be a cyberattack.
Cyber Security News
Threat and Vulnerability Roundup for the week of October 29th to November 4th
welcome to Cyber Writes' weekly publication - the Threat and Vulnerability Roundup! Get ready to dive into the latest and greatest in cybersecurity, as we bring you the most up-to-date information each week.
Bleeping Computer
The Week in Ransomware - November 3rd 2023 - Hive's Back
Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise.
CSO
Boeing systems hit in reported Lockbit cyberattack
Boeing has confirmed that an "incident" has occurred, after reports surfaced that the Lockbit ransomware group has claimed to have exfiltrated sensitive data from the aerospace giant.
The Record
American Airlines pilot union hit with ransomware
The union is working to restore its systems following a ransomware attack, the latest in a rash of cyber incidents affecting the aviation industry.
The Record
Okta defends 2-week gap in response to identity token theft, says 134 customers affected
The identity management company said that from September 28, to October 17, a threat actor “gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers.”
CyberNews
TikTok responds to charges of antisemitism as it battles misinformation
A TikTok blog post, released Thursday, aims to dispel accusations that the social app is pushing a political agenda regarding the still unfolding Israel-Hamas conflict.
Bleeping Computer
Ace Hardware says 1,202 devices were hit during cyberattack
Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers.
Bleeping Computer
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems
U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal.
Infosecurity News
Israeli Entities Under Attack By MuddyWater’s Advanced Tactics
Deep Instinct said MuddyWater leveraged a new file-sharing service called “Storyblok”
Bleeping Computer
Boeing confirms cyberattack amid LockBit ransomware claims
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data.
.webp)
Cyber Security News
Google Chrome 119 Released: Fix for 15 security Flaws - Patch Now!
Google has released Chrome 119 to the stable channel for Windows, Mac, and Linux, along with 15 security patches.
SecurityWeek
Boeing Confirms Distribution Business Hit by Cyberattack
Boeing has confirmed a cyberattack after a ransomware group claimed to have breached the company’s systems.
SecurityWeek
AP News Site Hit by Apparent Denial-of-Service Attack
The Associated Press news website experienced an outage that appeared to be consistent with a denial-of-service attack
The Hacker News
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
Iranian state-backed hackers, MuddyWater, has evolved its tactics. They're now using N-able's Advanced Monitoring Agent.
Cyber Security News
Boeing Admits Cyberattack; Lockbit Claims Zero-Day Exploit Was Used to Gain Access
Boeing, the aerospace industry leader, has recently reported a cyberattack on its systems. The attack primarily targeted the company's parts and distribution business.
CSO
Red Sift adds protection against phishing, BEC, and brand abuse
The new capabilities will bolster a company’s cyber resilience, especially in the areas of brand impersonation, BEC, and PKI certificates.
The Record
EU urged to drop new law that could allow member states to intercept and decrypt global web traffic
More than 100 of the world’s most respected cybersecurity experts have written to European Union lawmakers to warn that a proposed legal reform that may soon become law could fundamentally undermine security online.
Bleeping Computer
Toronto Public Library outages caused by Black Basta ransomware attack
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack.
Cyber Security News
VMware Workspace Flaw Let Attacker Redirect User to Malicious Source
An open redirect vulnerability in the VMware Workspace ONE UEM console has been identified as CVE-2023-20886.
Bleeping Computer
LayerX Enterprise Browser Security Extension – Secure the Modern Workspace
LayerX has developed a secure enterprise browser extension that delivers comprehensive visibility, monitoring, and granular policy enforcement on every event within a browsing session. Learn more about this cybersecurity platform from LayerxSecurity.
SecurityWeek
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile.
Cyber Security News
Knight Ransomware Attacking Windows Computer to Exfiltrate Sensitive Data
Several industrial sectors have been attacked by the Knight ransomware organisation that includes retail, and healthcare organisations.
The Hacker News
Hands on Review: LayerX's Enterprise Browser Security Extension
Protect your organization's most critical interface—The Browser! LayerX's secure extension offers comprehensive visibility and policy enforcement, de
Infosecurity News
British Library Still Reeling After Major Cyber Incident
Institution has contacted National Cyber Security Centre for support
The Record
Commerce Department promises safeguards to prevent surveillance tech sales abroad
The new policies require staff at the Commerce Department's International Trade Administration to consider human rights concerns when providing export assistance to foreign governments.
The Record
Massive ransomware attack hinders services in 70 German municipalities
Hackers encrypted the servers of the municipal service provider Südwestfalen IT, leading the company to restrict access to its infrastructure for over 70 municipalities in western Germany.
The Record
California community college Río Hondo dealing with cybersecurity incident
The LockBit ransomware gang added the school to its list of victims, giving officials until November 20 to pay an undisclosed ransom.
The Record
Probe of school surveillance software finds privacy abuses, inaccurate results
The Electronic Frontier Foundation, a civil liberties group, took a hard look at the GoGuardian student surveillance software used by many U.S. schools.
Bleeping Computer
Windows 11 23H2 - New features in the Windows 11 2023 Update
This article will explore Windows 11 23H2 features, from dynamic lighting to Windows Copilot upgrades.
Ars Technica
Inserted AI-generated Microsoft poll about woman’s death rankles The Guardian
Speculative AI news poll presented three choices: Murder, accident, or suicide.
Bleeping Computer
British Library knocked offline by weekend cyberattack
The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28.
CSO
iLeakage updates Spectre for novel info-stealing side-channel attack
The iLeakage proof of concept targets Apple silicon devices running Safari, demonstrating techniques that improve on Sceptre and MeltDown exploits and demonstrate continuing vulnerabilities in modern CPUs.
The Hacker News
PentestPad: Platform for Pentest Teams
Pen test team up with PentestPad to supercharge your performance & achieve exceptional results with automated report generation, real-time collaborati
The Hacker News
Trojanized PyCharm Software Version Delivered via Google Search Ads
A malvertising scheme is using compromised websites to trick users into downloading malware-laden PyCharm promoted via Google Ads.
The Record
Pro-Ukraine group says it breached Russian card payment system
Russia's government-run National Payment Card System (NSPK) and its Mir consumer payment network both were targets, according to a pro-Ukrainian group known as DumpForums and hackers with the Ukrainian Cyber Alliance.
DarkReading
Google Dynamic Search Ads Abused to Unleash Malware 'Deluge'
An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless.
Bleeping Computer
Toronto Public Library services down following weekend cyberattack
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28.
Ars Technica
Biden issues sweeping executive order that touches AI risk, deepfakes, privacy
Order details US admin's approach to AI safety, media authenticity, job loss, and more.
SecurityWeek
Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack
Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack.
The Record
Toronto Public Library facing disruptions due to cyberattack
Canada’s largest public library system said it is dealing with a cyberattack that brought down its website, member services pages and limited access to its digital collections.
The Record
Alleged sex abuse victims win settlement in data mishandling case
The 129 alleged clergy sex abuse victims whose identities were made public during Chapter 11 proceedings for the Catholic Diocese of Norwich will receive $50,000 apiece.
The Record
Russia to launch its own version of VirusTotal due to US snooping fears
The repository, to be called “Multiscanner,” would mimic the Google-owned platform, which allows organizations to share suspected malware.
The Record
Dallas County confirms cybersecurity 'incident' after ransomware gang claims attack
On Saturday, the Play ransomware gang posted the county to its leak site, claiming to have stolen an undisclosed amount of data.
The Record
Russian hacking tool floods social networks with bots, researchers say
Low-skill cybercriminals are using a new tool to create hundreds of fake social media accounts in just a few seconds.
Bleeping Computer
New Hunters International ransomware possible rebrand of Hive
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag.
Bleeping Computer
The Week in Ransomware - October 27th 2023 - Breaking Records
Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023.
Bleeping Computer
Microsoft 365 users get workaround for ‘Something Went Wrong’ errors
Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers.
CyberSecurity Dive
How to protect sensitive school data during a cyberattack
The CFO of a Texas school district recommends safer ways to request sensitive employee data and stronger password and verification policies.
-1.webp)
Cyber Security News
Beware of Fake Google Chrome Update that Installs Malware
One of them is the fake Chrome update malware, which has been around for several years and is still active.
CSO
Failure to verify OAuth tokens enables account takeover on websites
Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information.
The Record
California city warns of data breach after ransomware attack claims
A city in California warned residents this week that their data was accessed by hackers who were in government systems for more than a month.
The Record
FTC approves rule giving non-banking financial institutions 30 days to report data breaches
The amendment to the Safeguards Rule will go into effect in April, requiring non-banking financial institutions to report security incidents involving the information of at least 500 customers to the FTC.