Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

Thousands of Linux systems infected by stealthy malware since 2021

The ability to remain installed and undetected makes Perfctl hard to fight. Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurati

Published: 2024-10-03T23:42:05



Biz & IT Ars Technica

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

When successful, attacks install a backdoor. Getting it to work reliably is another matter. Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely exe

Published: 2024-10-02T21:50:28



Biz & IT Ars Technica

Systems used by courts and governments across the US riddled with vulnerabilities

With hundreds of courts and agencies affected, chances are one near you is, too. Public records systems that courts and governments rely on to manage voter registrations and legal filings have been riddled with

Published: 2024-09-30T20:30:26



Biz & IT Ars Technica

Microsoft details security/privacy overhaul for Windows Recall ahead of relaunch

Recall nearly launched as a scraper that stored all its data in plaintext. Microsoft is having another whack at its controversial Recall feature for Copilot+ Windows PCs, after the original version crashed and b

Published: 2024-09-27T17:00:39



The Register - Software

OpenStack Dalmatian debuts with a new dashboard, better security and GPU-wrangling

If you think VMware has gone to the dogs, maybe check it out? OpenStack Dalmatian, the 30th edition of the open source cloud stack, has bounded out of the kennel.

Published: 2024-10-03T02:30:15



The Register - Software

'Patch yesterday': Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.

Published: 2024-10-02T10:50:45



The Register - Software

Watch your mirrors: Tesla Cybertrucks have 'Full' 'Self Driving' now

As eggheads reckon Musk-mobiles need human interventions every 13 miles Owners of Tesla's Cybertruck are reporting that a software update enabling the self-styled Full Self Driving (FSD) has become an option for their giant rolling wedges of stainles

Published: 2024-09-30T23:45:12



The Register - Software

Rackspace internal monitoring web servers hit by zero-day

Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vu

Published: 2024-09-30T23:08:37



The Register - Software

Windows 11 Patch Tuesday preview is a glitchy disaster

Blue is the color of some screens after optional KB5043145 update Updated Microsoft's Patch Tuesday preview, KB5043145, arrived last week and is already causing some headaches thanks to serious stability issues.

Published: 2024-09-30T13:07:58



The Verge - Securities

Data breach leaks SSNs of over 230,000 Comcast customers

Illustration of a computer screen with a blue exclamation point on it and an error box. A data breach has exposed the names, addresses, social security numbers, and birthdates of more than 237,700 Comcast customers. The breach stems from a security incident at Financial Business and Consumer Solutions (FBCS), a debt collection...

Published: 2024-10-07T12:02:34



The Verge - Securities

A new Android feature locks your screen if your phone is stolen

The Android logo on a black backdrop, surrounded by red shapes that resemble the Android mascot. Google is rolling out a new set of features aimed at making it less easy for thieves to access your data. That’s according to Mishaal Rahman, who posted on Reddit that the features are showing up in a new update after seeing that his Xiaomi...

Published: 2024-10-05T12:04:10



The Verge - Securities

Google is testing verified checkmarks in search

A screenshot taken of the message that appears when you hover over a blue check mark on Google Search. It reads, “This icon is being shown because Google’s signals suggest that this business is the business that it says it is.” The new search experiment seems to be an extension of Google’s Brand Indicators for Message Identification (BIMI) feature, which is used to display checkmarks in Gmail’s web and mobile apps next to senders who have adopted the verification pl...

Published: 2024-10-04T04:31:09



The Verge - Securities

The feds still can t get into Eric Adams phone

A screenshot of the federal indictment against New York City mayor Eric Adams. When Adams turned in his personal cellphone the following day, charging documents say, he said he had changed the password a day prior after learning about the investigation and couldn’t remember it. Adams told investigators he changed th...

Published: 2024-10-02T16:06:42



The Verge - Securities

FCC is offering $200 million to protect schools and libraries from hackers

A cartoon illustration shows a shadowy figure carrying off a red directory folder, which has a surprised-looking face on its side. The Federal Communications Commission is making up to $200 million available to help schools and libraries make their computer systems more secure. The Schools and Libraries Cybersecurity Pilot Program will be used to evaluate whether to f...

Published: 2024-10-02T13:42:05



The Verge - Securities

Arc browser adds security bulletins and bug bounties

Grayscale Arc logo on pink and blue background. Arc creator The Browser Company has officially started a bug bounty program to keep its growing Chromium-based browser’s security in check. The company is also launching a new security bulletin to maintain “transparent and proactive communi...

Published: 2024-09-27T17:37:11



The Verge - Securities

The DOJ indicts Iranians for alleged Trump campaign hack-and-leak scheme

Graphic photo illustration of Donald Trump. The US Department of Justice has charged three Iranian nationals linked with a cyberattack against Donald Trump’s presidential campaign, according to an indictment on Friday. The three hackers, all of whom have ties to Iran’s Islamic Revolu...

Published: 2024-09-27T16:51:38



The Verge - Securities

Google says a closed ad ecosystem isn t anticompetitive it's just safer

Photo collage of a page full of ads for different products. Google took a page out of a familiar playbook in court this week, defending itself from claims of anticompetitive conduct by raising security concerns. While the government argues it locked up the ad tech market to make more money, Google’s...

Published: 2024-09-26T09:04:58



The Verge - Securities

Boston Dynamics partners with Assa Abloy to let the dogs in

blue robot dog entering a door with an access panel on the wall and a QR code. Assa Abloy, the major Swedish conglomerate that owns a whole lot of lock and security companies like Kwikset, Level lock, and the non-US version of Yale, is partnering with Boston Dynamics to build a new digital door access system that enab...

Published: 2024-09-23T16:31:14



The Verge - Securities

Telegram will now hand over your phone number and IP if you re a criminal suspect

A picture of Telegram’s paper airplane logo surrounded by yellow triangular shapes Telegram will now turn over a user’s phone number and IP address if it receives a request from authorities, according to its just-updated privacy policy: If Telegram receives a valid order from the relevant judicial authorities that confirm...

Published: 2024-09-23T14:59:03



BleepingComputer

Qualcomm patches high-severity zero-day exploited in attacks

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]

Published: 2024-10-07T14:30:40



BleepingComputer

American Water shuts down online services after cyberattack

American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. [...]

Published: 2024-10-07T13:29:24



BleepingComputer

AT&T, Verizon reportedly hacked to target US govt wiretapping platform

Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. [...]

Published: 2024-10-07T10:51:04



BleepingComputer

Comcast and Truist Bank customers caught up in FBCS data breach

Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. [...]

Published: 2024-10-06T11:12:23



BleepingComputer

MoneyGram: No evidence ransomware is behind recent cyberattack

MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. [...]

Published: 2024-10-05T10:16:26



BleepingComputer

Highline Public Schools confirms ransomware behind shutdown

On Thursday, K-12 school district Highline Public Schools confirmed that a ransomware attack forced it to shut down all schools in early September. [...]

Published: 2024-10-04T16:32:53



Technology

Facial recognition data breach: Meta glasses extract info in real time

This shows how the I-Xray software works, from capturing the image to aggregating the data In what might be described as a real-life Black Mirror episode, a Harvard student uses facial recognition with $379 Meta Ray-Ban 2 smart sunglasses - to dig up personal data on every face he sees in real time.Continue ReadingCategory: TechnologyTags:...

Published: 2024-10-02T22:10:52



Krebs on Security

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researcher...

Published: 2024-10-03T13:05:52



Krebs on Security

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past de...

Published: 2024-09-26T14:54:07



The Register - Security

Cops love facial recognition, and withholding info on its use from the courts

Withholding exculpatory evidence from suspects isn't a great look when the tech is already questionable Police around the United States are routinely using facial recognition technology to help identify suspects, but those departments rarely disclose they've done so - even to suspects and their lawyers.

Published: 2024-10-07T19:45:13



The Register - Security

Chinese cyberspies reportedly breached Verizon, AT&T, Lumen

Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic Verizon, AT&T, and Lumen Technologies were among the US broadband providers whose networks were reportedly hacked by Chinese cyberspies, possibly compromising the wiretapping systems used for court-ordered surveillance.

Published: 2024-10-07T17:17:54



The Register - Security

Embattled users worn down by privacy options? Let them eat code

Struggle ye not with cookies, lest ye become a cookie monster Opinion The people are defeated. Worn out, deflated, and apathetic about the barrage of banners and pop-ups about cookies and permissions.

Published: 2024-10-07T08:30:14



The Register - Security

Ryanair faces GDPR turbulence over customer ID checks

Irish data watchdog opens probe after 'numerous complaints' Ireland's Data Protection Commission (DPC) has launched an inquiry into Ryanair's Customer Verification Process for travelers booking flights through third-party websites or online travel agents (OTA).

Published: 2024-10-05T09:31:10



The Register - Security

UK's Sellafield nuke waste processing plant fined 333K for infosec blunders

Radioactive hazards and cyber failings ... what could possibly go wrong? The outfit that runs Britain's Sellafield nuclear waste processing and decommissioning site has been fined 332,500 ($440,000) by the nation's Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023.

Published: 2024-10-05T06:07:06



The Register - Security

About a quarter million Comcast subscribers had their data stolen from debt collector

Cable giant says ransomware involved, FBCS keeps schtum Comcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was unaffected by that intrusion.

Published: 2024-10-04T20:13:14



The Register - Security

Visit CyberThreat 2024 to hone your cybersecurity skills

Get together with the European cybersecurity community at a two-day conference in London this December Sponsored Post This year's CyberThreat returns to London to provide a place for cybersecurity professionals to share experiences, new tools and techniques to help organisations stay ahead of the latest cyber threats.

Published: 2024-10-04T08:02:06



The Register - Security

Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds

'You can build this in a few days even as a very na ve developer' A pair of inventive Harvard undergraduates have created what they believe could be one of the most intrusive devices ever built a wake-up call, they tell The Register, for the world to take privacy seriously in the AI era.

Published: 2024-10-04T06:32:05



The Register - Security

Big brands among thousands infected by payment-card-stealing CosmicSting crooks

Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Updated Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers' payment card info as they order stuff online.

Published: 2024-10-04T03:42:08



The Register - Security

Average North American CISO pay now $565K, mainly thanks to one weird trick

Best way to boost your package is to leave, or pretend to A survey of nearly 700 CISOs in the US and Canada has found their pay has risen over the past year to an average of $565,000 and a median of $403,000, with the top 10 percent of execs pulling in over $1 million.

Published: 2024-10-03T14:01:08



The Register - Security

Two British-Nigerian men sentenced over multimillion-dollar business email scam

Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Two British-Nigerian men were sentenced for serious business email compromise schemes in the US this week, netting them millions of dollars from local government entities, construction companies, and colleges.

Published: 2024-10-03T12:30:18



The Register - Security

Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant

Crooks 'like a sysadmin, with a malicious slant' Exclusive An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims.

Published: 2024-10-03T10:00:09



The Register - Security

Brits hate how big tech handles their data, but can't be bothered to do much about it

Managing the endless stream of cookie banners leaves little energy for anything else Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go is to reject optional cookies on the web.

Published: 2024-10-03T09:15:13



The Register - Security

700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking

With 14 serious security flaws found, what a gift for spies and crooks Fourteen newly found bugs in DrayTek Vigor routers including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating could be abused by crooks looking to seize control of the equipment to then steal sensitive data, deploy ransomware, and launch denial-of-service attacks.

Published: 2024-10-02T21:33:09



The Register - Security

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Poor use of PHP include() strikes again Two trivial but critical security holes have been found in Optigo's Spectra Aggregation Switch, and so far no patch is available.

Published: 2024-10-02T20:39:50



The Register - Security

NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process though it's not quite on target as hoped.

Published: 2024-10-02T12:31:05



The Register - Security

'Patch yesterday': Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.

Published: 2024-10-02T10:50:45



The Register - Security

The fix for BGP's weaknesses has big, scary, issues of its own, boffins find

Bother, given the White House has bet big on RPKI just like we all rely on immature internet infrastructure that usually works The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German researchers.

Published: 2024-10-02T06:31:07



The Register - Security

Euro cops arrest 4 including suspected LockBit dev chilling on holiday

And what looks like proof stolen data was never deleted even after ransom paid Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.

Published: 2024-10-01T17:35:00



The Register - Security

Evil Corp's deep ties with Russia and NATO member attacks exposed

Ransomware criminals believed to have taken orders from intel services The relationship between infamous cybercrime outfit Evil Corp and the Russian state is thought to be extraordinarily close, so close that intelligence officials allegedly ordered the criminals to carry out cyberattacks on NATO members.

Published: 2024-10-01T15:35:16



The Register - Security

NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate

Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks The latest installment of the National Crime Agency's (NCA) series of ransomware revelations from February's LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of the long-running Evil Corp crime group but also a LockBit affiliate.

Published: 2024-10-01T14:08:10



The Register - Security

Australian e-tailer digiDirect customers' info allegedly stolen and dumped online

Full names, contact details, and company info all the fixings for a phishing holiday Data allegedly belonging to more than 304,000 customers of Australian camera and tech e-tailer digiDirect has been leaked to an online cyber crime forum.

Published: 2024-10-01T00:26:06



The Register - Security

Rackspace internal monitoring web servers hit by zero-day

Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.

Published: 2024-09-30T23:08:37



The Register - Security

Ransomware forces hospital to turn away ambulances

Only level-one trauma unit in 400 miles crippled Ransomware scumbags have caused a vital hospital to turn away ambulances after infecting its computer systems with malware.

Published: 2024-09-30T22:16:18



The Register - Security

T-Mobile US to cough up $31.5M after that long string of security SNAFUs

At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine after a string of network intrusions affected millions of customers between 2021 and 2023.

Published: 2024-09-30T21:59:17



The Register - Security

If you're holding important data, Iran is probably trying spearphish it

It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments.

Published: 2024-09-30T13:35:14



The Register - Security

Remote ID verification tech is often biased, bungling, and no good on its own

Only 2 out of 5 tested products were equitable across demographics A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.

Published: 2024-09-30T12:40:11



The Register - Security

Cloud threats have execs the most freaked out because they're not prepared

Ransomware? More like 'we don't care' for everyone but CISOs Efficiency and scalability are key benefits of enterprise cloud computing, but they come at a cost. Security threats specific to cloud environments are the leading cause of concern among top executives and they're also the ones organizations are least prepared to address.

Published: 2024-09-30T11:30:17



The Register - Security

AI code helpers just can't stop inventing package names

LLMs are helpful, but don't use them for anything important AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.

Published: 2024-09-30T03:59:07



The Register - Security

Forget the Kia Boyz: Crooks could hijack your car with just a smartphone

Plus: UK man charged with compromising firms for stock secrets; ransomware actor foils self; and more Infosec In Brief Put away that screwdriver and USB charging cable the latest way to steal a Kia just requires a cellphone and the victim's license plate number.

Published: 2024-09-30T03:02:09



The Register - Security

Binance claims it helped to bust Chinese crypto scam app in India

Plus: SpaceX plans Vietnam investment; Yahoo! Japan content moderation secrets; LG offloads Chinese display factory; and more ASIA IN BRIEF It's not often The Register writes about a cryptocurrency outfit being on the right side of a scam or crime, but last week crypto exchange Binance claimed it helped Indian authorities to investigate a scam gaming app.

Published: 2024-09-30T01:28:05



The Register - Security

Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'

Alethe Denis exposes tricks that made you fall for that return-to-office survey Interview A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.

Published: 2024-09-29T16:39:06



The Register - Security

Feds charge 3 Iranians with 'hack-and-leak' of Trump 2024 campaign

Snoops allegedly camped out in inboxes well into September The US Department of Justice has charged three Iranians for their involvement in a "wide-ranging hacking campaign" during which they allegedly stole massive amounts of materials from Donald Trump's 2024 presidential campaign and then leaked the information to media organizations.

Published: 2024-09-27T21:45:04



The Register - Security

Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable

AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.

Published: 2024-09-27T20:18:09



The Register - Security

Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud

Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda Microsoft's latest threat intelligence blog issues a warning to all organizations about Storm-0501's recent shift in tactics, targeting, and backdooring hybrid cloud environments.

Published: 2024-09-27T13:35:11



The Register - Security

Patch now: Critical Nvidia bug allows container escape, complete host takeover

33% of cloud environments using the toolkit impacted, we're told A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.

Published: 2024-09-26T21:42:46



The Register - Security

HPE patches three critical security holes in Aruba PAPI

More 9.8 bugs? Ay, papi! Aruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE emitted fixes for three critical flaws in its networking subsidiary's networking access points.

Published: 2024-09-26T19:30:14



The Register - Security

That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices

No patches yet, can be mitigated, requires user interaction Final update After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.

Published: 2024-09-26T17:34:01



The Register - Security

Victims lose $70K to one single wallet-draining app on Google's Play Store

Attackers got 10K people to download 'trusted' web3 brand cheat before Mountain View intervened The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign researchers describe as a world-first.

Published: 2024-09-26T14:08:09



The Register - Security

Public Wi-Fi operator investigating cyberattack at UK's busiest train stations

See it, say it not sorted just yet as network access remains offline Updated A cybersecurity incident is being probed at Network Rail, the UK non-departmental public body responsible for repairing and developing train infrastructure, after unsavory messaging was displayed to those connecting to major stations' free Wi-Fi portals.

Published: 2024-09-26T10:29:53



The Register - Security

UK government's bank data sharing plan slammed as 'financial snoopers' charter'

Access to account info needed to tackle benefit fraud, latest bill claims Privacy campaigners are criticizing UK proposals to force banks to share data from the accounts of government benefit claimants, saying the ploy amounts to "a financial snoopers' charter targeted to automate suspicion."

Published: 2024-09-26T08:31:06



The Register - Security

WordPress.org denies service to WP Engine, potentially putting sites at risk

That escalated quickly Updated WordPress on Wednesday escalated its conflict with WP Engine, a hosting provider, by blocking the latter's servers from accessing WordPress.org resources and therefore from potentially vital software updates.

Published: 2024-09-26T01:45:09



The Register - Security

China's Salt Typhoon cyber spies are deep inside US ISPs

Expecting a longer storm season this year? Updated Another Beijing-linked cyberspy crew, this one dubbed Salt Typhoon, has reportedly been spotted on networks belonging to US internet service providers in stealthy data-stealing missions and potential preparation for future cyberattacks.

Published: 2024-09-25T21:46:09



The Register - Security

RansomHub genius tries to put the squeeze on Delaware Libraries

Extorting underfunded public services for $1M isn't a good look Despite being top of the ransomware tree at the moment, RansomHub specifically, one of its affiliates clearly isn't that bright as they are reportedly trying to extort Delaware Libraries for around $1 million.

Published: 2024-09-25T17:30:14



The Register - Security

China claims Taiwan, not civilians, behind web vandalism

Taipei laughs it off and so does Beijing, which says political slurs hit sites nobody reads anyway Taiwan has dismissed Chinese allegations that its military sponsored a recent wave of anti-Beijing cyber attacks.

Published: 2024-09-25T01:25:34



The Register - Security

CrowdStrike apologizes to Congress for 'perfect storm' that caused global IT outage

Argues worse could happen if it loses kernel access CrowdStrike is "deeply sorry" for the "perfect storm of issues" that saw its faulty software update crash millions of Windows machines, leading to the grounding of thousands of planes, passengers stranded at airports, the cancellation of surgeries, and disruption to emergency services hotlines among many more inconveniences.

Published: 2024-09-25T01:23:43



The Register - Security

Who's watching you the closest online? Google, duh

Four Chocolate Factory trackers cracked the Top 25 in all regions Google, once again, is the "undisputed leader" when it comes to monitoring people's behavior on the internet, according to Kaspersky's annual web tracking report.

Published: 2024-09-24T19:45:12



The Register - Security

Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge

Severe incidents may be down, but Putin had to throw one in for good measure Russia's use of malware to support its military efforts in Ukraine is showing no signs of waning while its tactics continually evolve to bypass protections.

Published: 2024-09-24T18:30:11



The Register - Security

10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks

Thousands of devices remain vulnerable, US most exposed to the threat Tens of thousands of fuel storage tanks in critical infrastructure facilities remain vulnerable to zero-day attacks due to buggy Automatic Tank Gauge systems from multiple vendors, say infosec researchers.

Published: 2024-09-24T15:30:11



The Register - Security

How to spot a North Korean agent before they get comfy inside payroll

Mandiant publishes cheat sheet for weeding out fraudulent IT staff Against a backdrop of rising exposure to North Korean agents seeking (mainly) US IT roles, organizations now have a cheat sheet to help spot potential operatives.

Published: 2024-09-24T12:01:07



Security Latest

Stealthy Malware Has Infected Thousands of Linux Systems for Years

Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities.

Published: 2024-10-05T13:30:00



Security Latest

The FBI Still Hasn’t Cracked NYC Mayor Eric Adams’ Phone

Plus: Harvard students pack Meta’s smart glasses with privacy-invading face-recognition tech, Microsoft and the DOJ seize Russian hackers’ domains, and more.

Published: 2024-10-05T10:30:00



Security Latest

This Video Game Controller Has Become the US Military’s Weapon of Choice

After decades of relying on buttons, switches, and toggles, the Pentagon has embraced simple, ergonomic video-game-style controllers already familiar to millions of potential recruits.

Published: 2024-10-04T11:30:00



Security Latest

License Plate Readers Are Creating a US-Wide Database of More Than Just Cars

From Trump campaign signs to Planned Parenthood bumper stickers, license plate readers around the US are creating searchable databases that reveal Americans’ political leanings and more.

Published: 2024-10-03T10:30:00



Security Latest

ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions

US Immigration and Customs Enforcement’s one-year contract with Paragon’s US subsidiary comes amid the Biden administration’s years-long crackdown on commercial spyware vendors.

Published: 2024-10-01T18:15:53



Security Latest

Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence

UK law enforcement and international partners have released new details about the cybercriminal gang Evil Corp, including its use of the Lockbit ransomware platform and ties to Russian intelligence.

Published: 2024-10-01T16:59:21



Security Latest

The Pig Butchering Invasion Has Begun

Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process.

Published: 2024-09-30T10:00:00



Security Latest

The US Could Finally Ban Inane Forced Password Changes

Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase.

Published: 2024-09-28T10:30:00



Security Latest

Tesla’s Cybertruck Goes, Inevitably, to War

A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?

Published: 2024-09-27T10:00:00



Security Latest

Amid Air Strikes and Rockets, an SMS From the Enemy

As Israel intensifies its attacks on Lebanon, eerie messages have been arriving on the phones of civilians on both sides of the border, with authorities in each country accusing the other of psychological warfare.

Published: 2024-09-26T12:24:17



Security Latest

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will the latest in a plague of web bugs that’s affected a dozen carmakers.

Published: 2024-09-26T11:00:00



Security Latest

Russia-Backed Media Outlets Are Under Fire in the US but Still Trusted Worldwide

The US government says outlets like RT work closely with Russian intelligence, and platforms have removed or banned their content. But they’re still influential all around the world.

Published: 2024-09-24T11:30:00



The Hacker News

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024. No less than 20,000 commands designed

Published: 2024-10-07T19:22:00



The Hacker News

Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the escalating

Published: 2024-10-07T16:55:00



The Hacker News

Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant financial losses.  While traditional password-based systems offer

Published: 2024-10-07T15:35:00



The Hacker News

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute

Published: 2024-10-07T15:00:00



The Hacker News

THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late! Threat of the Week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four

Published: 2024-10-07T14:46:00



The Hacker News

Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection

Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps,

Published: 2024-10-07T14:45:00



The Hacker News

E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads

Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region. "An online social network such as Facebook cannot use all of the personal data

Published: 2024-10-07T12:02:00



The Hacker News

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with

Published: 2024-10-05T10:20:00



The Hacker News

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials

Published: 2024-10-04T18:36:00



The Hacker News

How to Get Going with CTEM When You Don't Know Where to Start

Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -

Published: 2024-10-04T15:23:00



The Hacker News

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout last month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (

Published: 2024-10-04T15:20:00



The Hacker News

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was

Published: 2024-10-04T14:41:00



The Hacker News

Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This

Published: 2024-10-03T22:30:00



The Hacker News

The Secret Weakness Execs Are Overlooking: Non-Human Identities

For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem

Published: 2024-10-03T20:36:00



The Hacker News

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker

Published: 2024-10-03T19:45:00



The Hacker News

North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,

Published: 2024-10-03T18:30:00



The Hacker News

INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

INTERPOL has announced the arrest of eight individuals in C te d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune

Published: 2024-10-03T14:40:00



The Hacker News

LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort

A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who

Published: 2024-10-03T12:45:00



The Hacker News

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Ivanti Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity.

Published: 2024-10-03T11:36:00



The Hacker News

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial

Published: 2024-10-02T22:24:00



The Hacker News

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The

Published: 2024-10-02T20:51:00



The Hacker News

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"

Published: 2024-10-02T20:38:00



The Hacker News

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout

Published: 2024-10-02T18:30:00



The Hacker News

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,

Published: 2024-10-02T17:43:00



The Hacker News

5 Must-Have Tools for Effective Dynamic Malware Analysis

Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the

Published: 2024-10-02T16:30:00



The Hacker News

Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations

Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a

Published: 2024-10-02T15:30:00



The Hacker News

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to

Published: 2024-10-02T11:26:00



The Hacker News

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem,"

Published: 2024-10-02T11:01:00



The Hacker News

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in

Published: 2024-10-01T22:04:00



The Hacker News

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security

Published: 2024-10-01T16:00:00



The Hacker News

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,

Published: 2024-10-01T12:02:00



The Hacker News

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks

Published: 2024-10-01T10:42:00



The Hacker News

U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court

Published: 2024-10-01T07:32:00



The Hacker News

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news Kaspersky's forced exit from the US market left users with more

Published: 2024-09-30T18:39:00



The Hacker News

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher

Published: 2024-09-30T17:25:00



The Hacker News

Session Hijacking 2.0 The Latest Way That Attackers are Bypassing MFA

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique so

Published: 2024-09-30T16:50:00



The Hacker News

A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock

Published: 2024-09-30T16:00:00



The Hacker News

Meta Fined 91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

The Irish Data Protection Commission (DPC) has fined Meta 91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's

Published: 2024-09-30T11:42:00



The Hacker News

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake

Published: 2024-09-28T15:24:00



The Hacker News

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy

Published: 2024-09-28T11:33:00



The Hacker News

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold Patch Now

Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8) 

Published: 2024-09-27T21:14:00



The Hacker News

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print

Published: 2024-09-27T18:03:00



The Hacker News

How to Plan and Prepare for Penetration Testing

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.

Published: 2024-09-27T16:56:00



The Hacker News

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent

Published: 2024-09-27T16:41:00



The Hacker News

Cybersecurity Certifications: The Gateway to Career Advancement

In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you're always informed and equipped for

Published: 2024-09-27T14:34:00



The Hacker News

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF

Published: 2024-09-27T14:30:00



The Hacker News

U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering

The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through

Published: 2024-09-27T13:17:00



The Hacker News

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and

Published: 2024-09-27T11:24:00



The Hacker News

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security

Published: 2024-09-26T21:32:00



The Hacker News

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. "These samples enhance Sparkling Pisces' already extensive arsenal

Published: 2024-09-26T17:58:00



Security Affairs

Universal Music data breach impacted 680 individuals

Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number. The data breach occurred on July 15, 2024, and was discovered on August 30, 2024. “In early July, we detected […]

Published: 2024-10-07T18:08:57



Security Affairs

Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday

Russian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv’s hackers. A Ukrainian government source told Reuters that Kyiv’s hackers are behind the cyber attack that disrupted operations at the Russian state media company VGTRK on Putin’s birthday. The All-Russia State Television and Radio Broadcasting Company (VGTRK, Russian: […]

Published: 2024-10-07T14:11:58



Security Affairs

FBCS data breach impacted 238,000 Comcast customers

238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf […]

Published: 2024-10-07T12:57:27



Security Affairs

Critical Apache Avro SDK RCE flaw impacts Java applications

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of […]

Published: 2024-10-07T11:04:15



Security Affairs

Man pleads guilty to stealing over $37 Million worth of cryptocurrency

A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments. In February 2022, Light participated in a cyber attack on an investment firm in Sioux […]

Published: 2024-10-07T06:50:24



Security Affairs

U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Zimbra Collaboration vulnerability CVE-2024-45519 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog. This week, Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed […]

Published: 2024-10-07T05:23:58



Security Affairs

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. According to the Wall Street Journal, which reported the news […]

Published: 2024-10-06T21:04:00



Security Affairs

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 14

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 Threat Actors leverage Docker Swarm and Kubernetes to […]

Published: 2024-10-06T13:16:37



Security Affairs

Security Affairs newsletter Round 492 by Pierluigi Paganini INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress LiteSpeed Cache plugin flaw could allow site takeover Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session […]

Published: 2024-10-06T12:05:37



Security Affairs

Google Pixel 9 supports new security features to mitigate baseband attacks

Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE, 4G, and 5G communications. While basebands in smartphones are often vulnerable to attacks due to […]

Published: 2024-10-06T08:44:36



News Packet Storm

About A Quarter Million Comcast Subscribers Had Their Data Stolen From Debt Collector

Apple Couldn't Tell Fake iPhones From Real Ones, Lost $2.5M In Scam

Hacker Attack Disrupts Russian State Media On Putin's Birthday

MITRE Announces AI Incident Sharing Project

China's Salt Typhoon Hacked Multiple Telcos

Antimatter Could Be The Key To Solving The Universe's Biggest Mysteries

Ryanair Faces GDPR Turbulence Over Customer ID Checks

LLM Hijacking Of Cloud Infrastructure Uncovered By Researchers

Ransomware Hits Critical Infrastructure Hard, Costs Adding Up

Thousands Of Linux Systems Infected By Malware Since 2021

DOJ, Microsoft Take Down 107 Russian-Backed Star Blizzards Domains

Harvard Duo Hacks Meta Ray-Bans To Dox Strangers On Site In Seconds

Ransowmare Crew Infects 100+ Orgs Monthly With New MedusaLocker Variant

CIA Seeks Informants In North Korea, Iran, And China

Ivanti EPM Vulnerability Exploited In The Wild

Zero-Day Breach At Rackspace Sparks Vendor Blame Game

14 DrayTek Vulns Patched, Including RCE Flaw

Evil Corp/REvil Malware Crime Group Outed As Family Affair

The Fix For BGP's Weaknesses Has Issues Of Its Own

NIST's Security Flaw Database Still Backlogged With 17k+ Unprocessed Bugs. Not Great

Record Breaking DDoS Attack Peaked At 3.8 Tbps, 2.14 Billion Pps

More LockBit Hackers Arrested, Unmasked As Servers Siezed

T-Mobile Pays $16 Million Fine For Three Years' Worth Of Data Breaches

Zimbra Mail Servers Under Siege Through RCE Vuln

Cybersecurity Experts Praise Veto Of California's AI Safety Bill

SecurityWeek

American Water Confirms Hack: Customer Portal and Billing Services SuspendedIndustry Moves for the week of October 7, 2024 - SecurityWeek

MFA Isn’t Failing, But It’s Not Succeeding: Why a Trusted Security Tool Still Falls Short

Smart TV Surveillance? How Samsung and LG’s ACR Technology Tracks What You Watch

Stealthy ‘Perfctl’ Malware Infects Thousands of Linux Servers

MITRE Announces AI Incident Sharing Project

ICS Cybersecurity Conference to Take Place October 21-24 in Atlanta

Personal Information Compromised in Universal Music Data Breach

Okta Tells Users to Check for Potential Exploitation of Newly Patched Vulnerability

238,000 Comcast Customers Hit by FBCS Ransomware Attack

China’s Salt Typhoon Hacked AT&T, Verizon: Report

CISA News

CISA Kicks Off 21st Anniversary of Cybersecurity Awareness Month

CISA Releases Anonymous Threat Response Guidance and Toolkit for K-12 Schools

Joint ODNI, FBI, and CISA Statement

CISA Releases Plan to Align Operational Cybersecurity Priorities for Federal Agencies

FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections

CISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical Security

CISA Launches New Portal to Improve Cyber Reporting

Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024

Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts

FBI and CISA Release Joint PSA, Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting

CISA Blog

Region 8 Invites You to Secure Our World

CISA Director Jen Easterly Remarks at the Election Center 39th Annual National Conference in Detroit

Learn with Region 8’s Webinar Program

Shaping the legacy of partnership between government and private sector globally: JCDC

SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices

Region 10 Team Provides Vital Election Security Training for Idaho

SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology

SAFECOM Releases New Resource for Cloud Adoption

With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software

SAFECOM and NCSWIC Publish Fall 2023 Joint SAFECOM-NCSWIC Bi-Annual Meeting Executive Summaries

All CISA Advisories

Subnet Solutions Inc. PowerSYSTEM Center

CISA Adds One Known Exploited Vulnerability to Catalog

Delta Electronics DIAEnergie

TEM Opera Plus FM Family Transmitter

CISA Releases Three Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Two Industrial Control Systems Advisories

Optigo Networks ONS-S8 Spectra Aggregation Switch

ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

Mitsubishi Electric MELSEC iQ-F FX5-OPC

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA’s VDP Platform 2023 Annual Report Showcases Success

Advantech ADAM-5630

goTenna Pro ATAK Plugin

Cisco Releases Security Updates for IOS and IOS XE Software

Atelmo Atemio AM 520 HD Full HD Satellite Receiver

CISA Releases Five Industrial Control Systems Advisories

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

Advantech ADAM-5550

goTenna Pro X and Pro X2

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Warns of Hurricane-Related Scams

Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means

Alisonic Sibylla

Moxa MXview One

CISA Adds One Known Exploited Vulnerability to Catalog

Franklin Fueling Systems TS-550 EVO

OMNTEC Proteus Tank Monitoring

OPW Fuel Management Systems SiteSentinel

Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE

Exploit-DB.com RSS Feed

[webapps] reNgine 2.2.0 - Command Injection (Authenticated)

[webapps] openSIS 9.1 - SQLi (Authenticated)

[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)

[webapps] NoteMark < 0.13.0 - Stored XSS

[webapps] Gitea 1.22.0 - Stored XSS

[webapps] Invesalius3 - Remote Code Execution

[dos] Windows TCP/IP - RCE Checker and Denial of Service

[webapps] Aurba 501 - Authenticated RCE

[webapps] HughesNet HT2000W Satellite Modem - Password Reset

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

[webapps] Helpdeskz v2.0.2 - Stored XSS

[webapps] Calibre-web 0.6.21 - Stored XSS

[webapps] Devika v1 - Path Traversal via 'snapshot_path'

[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

[local] Oracle Database 12c Release 1 - Unquoted Service Path

[webapps] Ivanti vADC 9.9 - Authentication Bypass

[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection

[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection

[webapps] Microweber 2.0.15 - Stored XSS

[webapps] Customer Support System 1.0 - Stored XSS

[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition

[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

[webapps] Boelter Blue System Management 1.3 - SQL Injection

[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

[webapps] XMB 1.9.12.06 - Stored XSS

[webapps] Carbon Forum 5.9.0 - Stored XSS

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)

[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)

[webapps] Dotclear 2.29 - Remote Code Execution (RCE)

[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)

[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)

[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)

[webapps] Aquatronica Control System 5.1.6 - Information Disclosure

[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)

[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

Full Disclosure

Some SIM / USIM card security (and ecosystem) info

SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)

Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution

Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)

Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)

Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)

Backdoor.Win32.Boiling / Remote Command Execution

Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73

SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)

Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass)

CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204

Submit Exploit CVE-2024-42831

Stored XSS in "Edit Profile" - htmlyv2.9.9

Stored XSS in "Menu Editor" - htmlyv2.9.9

Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution

Open Source Security

[vim-security] use-after-free when closing buffers in Vim < 9.1.0764

OSSA-2024-004 / CVE-2024-47211: OpenStack Ironic <26.1.1 fails to verify checksums of supplied image_source URLs when configured to convert images to raw for streaming

Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so

CVE-2024-8508 in Unbound DNS server prior to 1.21.1

Re: CVE-2024-42415: Integer Overflow in GNOME libgsf

CVE-2024-42415: Integer Overflow in GNOME libgsf

CVE-2024-47191: Local root exploit in the PAM module pam_oath.so

Re[2]: cups-browsed vulnerable to DDoS amplification attack

Re: cups-browsed vulnerable to DDoS amplification attack

Re: cups-browsed vulnerable to DDoS amplification attack

cups-browsed vulnerable to DDoS amplification attack

PowerDNS Security Advisory 2024-04

CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)

Multiple vulnerabilities in Jenkins and Jenkins plugins






© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us