February, 2024
February 29, 2024 – Criminals
Update: BlackCat Ransomware Gang Claims They Stole 6TB of Change Healthcare Data Full Text
Abstract
The BlackCat/ALPHV ransomware gang claimed responsibility for a cyberattack on Optum, affecting the Change Healthcare platform and potentially compromising sensitive data of millions of individuals and organizations.Cyware
February 29, 2024 – Attack
European Diplomats Targeted by SPIKEDWINE Actors with WINELOADER Backdoor Full Text
Abstract
The adversary used a PDF file posing as an invitation from the Ambassador of India to a wine-tasting event, which contained a malicious link leading to the WINELOADER malware.Cyware
February 29, 2024 – Ransomware
LockBit Ransomware Returns to Attacks With New Encryptors, Servers Full Text
Abstract
LockBit has set up new data leak and negotiation sites, and is actively recruiting experienced pentesters to join their operation, indicating a potential increase in future attacks.Cyware
February 29, 2024 – Attack
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor Full Text
Abstract
The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a “backdoor”.Cyware
February 29, 2024 – Malware
GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks Full Text
Abstract
GTPDOOR is a new Linux malware designed for telecom networks that leverages the GPRS Tunnelling Protocol (GTP) for command-and-control communications, posing a threat to subscriber information and call metadata.Cyware
February 29, 2024 – Government
Senator Asks FTC to Investigate Automakers’ Data Privacy Practices Full Text
Abstract
Senator Edward Markey has called for an investigation into the data privacy practices of the automotive industry, urging Federal Trade Commission (FTC) Chair Lina Khan to take action.Cyware
February 29, 2024 – Attack
GitHub Besieged by Millions of Malicious Repositories in Ongoing Attack Full Text
Abstract
The attack involves the automated forking of legitimate repositories, resulting in millions of malicious forks with names identical to the original ones, making detection and removal challenging for GitHub.Cyware
February 29, 2024 – Government
DoE Invests $45 Million to Prevent Cyberattacks on US Energy Systems Full Text
Abstract
The Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has allocated $45 million for 16 projects aimed at developing new technologies to prevent cyberattacks and reduce energy disruptions.Cyware
February 29, 2024 – Breach
Anycubic 3D Printers Hacked Worldwide to Expose Security Flaw Full Text
Abstract
The hackers have urged Anycubic to open-source their 3D printers due to software deficiencies and have warned affected customers to disconnect their printers from the Internet until the security issue is patched.Cyware
February 29, 2024 – General
Cryptojacking is No Longer the Sole Focus of Cloud Attackers Full Text
Abstract
Cloud-focused malware campaigns are increasingly targeting services like Docker, Redis, Kubernetes, and Jupyter, requiring security teams to reassess their approaches to identifying and responding to emerging cloud threats.Cyware
February 28, 2024 – Attack
Update: Black Basta, Bl00dy Ransomware Gangs Join ScreenConnect Attacks Full Text
Abstract
The Black Basta and Bl00dy ransomware gangs are exploiting a critical authentication bypass vulnerability (CVE-2024-1709) in unpatched ScreenConnect servers to gain admin access and deploy ransomware.Cyware
February 28, 2024 – Attack
Update: Ransomware Gang Seeks $3.4 Million After Attacking Children’s Hospital Full Text
Abstract
The hospital, which serves a large number of pediatric patients, is still providing care despite disruptions caused by the cyberattack. The ransomware group is attempting to sell stolen data from the hospital for 60 bitcoins.Cyware
February 28, 2024 – Government
HSCC Issues Cyber ‘Call to Action’ Plan for Health Sector Full Text
Abstract
The plan includes 12 measurable objectives, such as increasing cybersecurity practices, developing cross-sector risk management strategies, and implementing automation and emerging technologies.Cyware
February 28, 2024 – Phishing
LabHost Cybercrime Service Lets Anyone Phish Canadian Bank Users Full Text
Abstract
LabHost offers three membership tiers targeting banks and online services, along with a real-time phishing management tool called LabRat that enables cybercriminals to steal 2FA protection.Cyware
February 28, 2024 – Malware
Malicious Code in Tornado Cash Governance Proposal Puts User Funds at Risk Full Text
Abstract
The compromise was introduced via a governance proposal, and the Tornado Cash Developers confirmed the compromise, urging users to withdraw old deposit notes and token holders to cancel their votes for the malicious proposal.Cyware
February 28, 2024 – Government
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28’s MooBot Threat Full Text
Abstract
Organizations are urged to perform a hardware factory reset, upgrade firmware, change default credentials, and implement firewall rules to protect against the MooBot attacks.Cyware
February 28, 2024 – Phishing
TimbreStealer Campaign Targets Mexican Users with Financial Lures Full Text
Abstract
The malware comes with embedded modules for orchestration, decryption, and protection, while also conducting checks to avoid sandbox environments and targeting specific industries like manufacturing and transportation sectors.Cyware
February 28, 2024 – Government
US Agencies Warn of ALPHV/Blackcat Ransomware Threat to Healthcare Providers Full Text
Abstract
ALPHV/Blackcat ransomware affiliates use advanced social engineering techniques and open-source research to gain initial access to victim networks, posing as IT or helpdesk staff to obtain credentials.Cyware
February 28, 2024 – Attack
Russia and Belarus Targeted by at Least 14 Nation-State Hacker Groups, Researchers Say Full Text
Abstract
State-sponsored hacker groups targeted Russia and former Soviet Union members with destructive or espionage campaigns, indicating an increase in politically motivated cyber attacks in the region.Cyware
February 28, 2024 – Breach
Germany’s Hessen Consumer Center Says Systems Encrypted by Ransomware Full Text
Abstract
The organization is working with external IT security experts to restore its communication channels and is committed to informing affected individuals if a data compromise is confirmed.Cyware
February 27, 2024 – Malware
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub Full Text
Abstract
The multi-stage dissemination of Xeno RAT via Discord CDN demonstrates the use of deceptive tactics such as disguised shortcut files to deliver and execute the open-source malware.Cyware
February 27, 2024 – Breach
Update: LoanDepot Says About 17M Customers Had Personal Data and SSNs Stolen During Cyberattack Full Text
Abstract
The cyberattack left LoanDepot's customers unable to make payments or access their online accounts, and the company expects the incident to impact its fiscal first quarter earnings by $12 to $17 million.Cyware
February 27, 2024 – Vulnerabilities
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks Full Text
Abstract
Cybersecurity researchers discovered a vulnerability in the Hugging Face Safetensors conversion service that could be exploited by attackers to compromise machine learning models submitted by users, leading to supply chain attacks.Cyware
February 27, 2024 – Vulnerabilities
Zyxel Issues Security Advisory for Multiple Vulnerabilities in Firewalls and APs Full Text
Abstract
Zyxel has identified and patched four critical vulnerabilities in its firewall and access point products, including flaws that could lead to remote code execution and denial-of-service attacks.Cyware
February 27, 2024 – Botnet
Pikabot Returns With New Tricks up Its Sleeve Full Text
Abstract
The new version of Pikabot features simpler encryption algorithms, anti-debugging methods, and plaintext bot configuration, indicating a new codebase with potential future improvements.Cyware
February 27, 2024 – Policy and Law
Russian Hacker Set to Face Trial for the Hack of a Local Power Grid Full Text
Abstract
A 49-year-old Russian national has been charged with carrying out a cyberattack on a local power plant, resulting in a widespread blackout in 38 villages in the Vologda region.Cyware
February 27, 2024 – APT
Russian SVR-Linked APT29 Threat Actors Adapt Their Tactics for Initial Cloud Access Full Text
Abstract
The Russian Foreign Intelligence Service (SVR) cyber actors, also known as APT29 or Cozy Bear, have shifted their tactics to target cloud environments as organizations increasingly move to cloud-based infrastructure.Cyware
February 27, 2024 – Privacy
UK: Privacy Watchdog Cracks Down on Biometric Employee Tracking Full Text
Abstract
The British privacy watchdog has ordered a leisure center contractor, Serco Leisure, to stop using facial recognition and fingerprint scanning to track employees at 38 leisure facilities.Cyware
February 27, 2024 – Attack
Steel Production Giant ThyssenKrupp Confirms Cyberattack on Automotive Division Full Text
Abstract
ThyssenKrupp, a major steel producer and industrial engineering firm, experienced a cyberattack on its Automotive division, leading to a forced shutdown of IT systems as part of the response and containment measures.Cyware
February 27, 2024 – General
Cybersecurity Crisis in Schools Full Text
Abstract
The education sector faces significant cybersecurity risks due to factors such as BYOD culture, vast student data troves, and resource scarcity, making strong cybersecurity measures crucial.Cyware
February 26, 2024 – Government
HHS OCR Tells Congress it Needs More Funding for HIPAA Work Full Text
Abstract
The number of reported health data breaches and HIPAA complaints has been increasing, posing a significant challenge for the Department of Health and Human Services' Office for Civil Rights to keep up with their workload.Cyware
February 26, 2024 – Solution
Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI Full Text
Abstract
The tool can be used to assess the robustness of large language model (LLM) endpoints against various harm categories, such as fabrication, misuse, prohibited content, security harms, and privacy harms.Cyware
February 26, 2024 – Policy and Law
California AG Settles with DoorDash Over Selling Consumer Data Without Notice Full Text
Abstract
The settlement includes a $375,000 civil penalty, a review of vendor agreements, and the requirement to provide annual reports on potential sale or sharing of consumer information.Cyware
February 26, 2024 – Government
CISA, EPA, FBI Publish Top Cyber Steps for Water System Operators Full Text
Abstract
Water and wastewater systems need to enhance their cybersecurity measures to protect against potential cyberattacks due to vulnerabilities in their operational technology (OT) and information technology (IT) systems.Cyware
February 26, 2024 – Attack
North Korean Hackers Targeting Developers with Malicious npm Packages Full Text
Abstract
The malicious packages contained scripts capable of stealing credentials from web browsers, downloading additional harmful scripts, and establishing connections to known North Korean threat actors.Cyware
February 26, 2024 – Criminals
Update: Authorities Uncover 30,000 Bitcoin Wallet Addresses Linked to LockBit Full Text
Abstract
Law enforcement's takedown of LockBit's infrastructure revealed 2,200 unspent bitcoins worth over $110 million, highlighting the extensive scale of the group's operations.Cyware
February 26, 2024 – Outage
Canada: RCMP Investigating Cyberattack as its Website Remains Down Full Text
Abstract
The RCMP website was down due to the cyber incident, with pages being redirected to an install.php page that does not exist, indicating potential issues with website configuration.Cyware
February 26, 2024 – Criminals
LockBit Ransomware Operation Relaunches Dark Web Leak Site Full Text
Abstract
The Russian-speaking ransomware group LockBit has announced its return to hacking after a law enforcement operation, Operation Cronos, targeted the group. The group's leader, LockBitSupp, has vowed to continue hacking despite the takedown.Cyware
February 26, 2024 – Breach
Hackers Leak 2.5 Million Private Plane Owners’ Data Linked to LA International Airport Breach Full Text
Abstract
IntelBroker successfully breached the Los Angeles International Airport's CRM system, obtaining 2.5 million sensitive records, highlighting the critical need for organizations to strengthen cybersecurity measures against skilled hackers.Cyware
February 26, 2024 – Policy and Law
FTC to Ban Avast From Selling Browsing Data for Advertising Purposes Full Text
Abstract
The U.S. Federal Trade Commission (FTC) has ordered Avast to pay $16.5 million and banned the company from selling users' web browsing data or licensing it for advertising purposes.Cyware
February 24, 2024 – Government
President Biden’s Executive Order Seeks to Bolster Port Cybersecurity Full Text
Abstract
The White House issued an executive order to improve maritime port security, including bolstering cybersecurity policies and investing in infrastructure, while addressing concerns about Chinese-owned cranes' potential cybersecurity threats.Cyware
February 24, 2024 – Insider Threat
Australia: Second Accidental Data Leak in Four Months ‘Regrettable’, Finance Department Says Full Text
Abstract
The Australian government has experienced a significant increase in data breaches, with human error being the leading cause, highlighting the need for improved detection and response systems.Cyware
February 24, 2024 – Breach
Recruitment Firm Das Team Ag Confirms Cyberattack by Black Basta Ransomware Group Full Text
Abstract
The cyberattack on Das Team Ag by the Black Basta ransomware group highlights the increasing threat to recruitment agencies and the potential consequences for affected individuals.Cyware
February 24, 2024 – Vulnerabilities
Update: New ScreenConnect RCE Flaw Exploited in Ransomware Attacks Full Text
Abstract
LockBit ransomware attacks are still occurring despite law enforcement takedown efforts, with threat actors exploiting ScreenConnect vulnerabilities to deploy the ransomware on compromised networks.Cyware
February 23, 2024 – Outage
Quik Pawn Shop Falls Victim to Alleged Cyberattack by Akira Ransomware Group Full Text
Abstract
The outage of Quik Pawn Shop's website indicates a potential cyberattack consequence, hindering communication and leaving customers unaware of the breach's extent and implications.Cyware
February 23, 2024 – Breach
U-Haul Says Hacker Accessed Customer Records Using Stolen Credentials Full Text
Abstract
The breach did not compromise payment details, and U-Haul has reset passwords for affected accounts, implemented additional security measures, and offered one-year identity theft protection service to affected customers.Cyware
February 23, 2024 – Vulnerabilities
Researchers Detail Apple’s Recent Zero-Click Shortcuts Vulnerability Full Text
Abstract
A security flaw in Apple's Shortcuts app allowed shortcuts to access sensitive data on devices without user consent. The vulnerability, tracked as CVE-2024-23204, was patched by Apple on January 22, 2024.Cyware
February 23, 2024 – Malware
New Malware-as-a-Service Info-Stealer Malware Targets Oil and Gas Companies Full Text
Abstract
An advanced phishing campaign targeting the Oil and Gas industry is distributing the Rhadamanthys Stealer, an uncommon and sophisticated Malware-as-a-Service information stealer.Cyware
February 23, 2024 – Policy and Law
Chinese Duo Found Guilty of $3m Apple Fraud Plot Full Text
Abstract
Two Chinese nationals, Haotian Sun and Pengfei Xue, have been found guilty of running a fraudulent scheme targeting Apple. They sent thousands of fake iPhones to Apple for repair, hoping to receive genuine replacements.Cyware
February 23, 2024 – Criminals
Law Enforcement Dismantled LockBit Before Latest Variant Hit Market Full Text
Abstract
The new variant, referred to as LockBit-NG-Dev, was being designed to succeed the most recent LockBit 3.0 iteration, using .NET and CoreRT for cross-platform compatibility.Cyware
February 23, 2024 – Criminals
Russia Arrests Three Alleged SugarLocker Ransomware Members Full Text
Abstract
The group has been involved in deploying ransomware and receiving profits from cyberattacks. The arrest may be a PR move by Russia, and there are speculations about the suspects' continued operations.Cyware
February 23, 2024 – Disinformation
Russian Cyberattackers Launch Multiphase PsyOps Campaign Full Text
Abstract
Russian-linked threat actors conducted a multiwave campaign, Operation Texonto, using a combination of pysops and spear-phishing to spread misinformation in Ukraine and target Microsoft 365 credentials across Europe.Cyware
February 23, 2024 – Outage
Update: UnitedHealth Says Change Healthcare Hacked by Nation State, as Pharmacy Outages Drag On Full Text
Abstract
The ongoing cyberattack on Change Healthcare has resulted in widespread disruption, affecting patient billing processes, prescription fulfillment, and causing downtime for healthcare professionals.Cyware
February 23, 2024 – Malware
Linux Malware ‘Migo’ Targets Redis for Cryptojacking Attacks Full Text
Abstract
Researchers spotted a new Migo malware targeting Redis servers to mine cryptocurrency and utilizing system-weakening commands to disable security features. Migo is distributed as a Golang ELF binary, with compile-time obfuscation and the ability to persist on Linux hosts. Organizations are expected ... Read MoreCyware
February 22, 2024 – Vulnerabilities
Multiple FreeImage Vulnerabilities Fixed in Ubuntu Full Text
Abstract
On 16th January 2024, the Ubuntu security team released critical security updates addressing several FreeImage vulnerabilities in different Ubuntu releases, including Ubuntu 16.04 and Ubuntu 18.04.Cyware
February 22, 2024 – Malware
Russian Consular Software Installer Backdoored to Deploy Konni RAT Full Text
Abstract
This activity is linked to actors from North Korea targeting Russia. The trojan is being distributed through backdoored software installers and is capable of file transfers and command execution.Cyware
February 22, 2024 – Malware
New Open-Source Self-Modifying Worm Tool SSH-Snake Threatens Networks Full Text
Abstract
The worm autonomously searches for SSH credentials, modifies itself to remain fileless, and uses a variety of methods to collect private keys, making it difficult to detect statically.Cyware
February 22, 2024 – Breach
Hack at Healthcare Services Firm Hits 2.4 Million Eye Doctor Patients Full Text
Abstract
The breach affected nearly 2.4 million patients and compromised sensitive information such as names, contact details, medical records, and in some cases, Social Security numbers and insurance information.Cyware
February 22, 2024 – Business
Resilience Acquires Incident Response Provider BreachQuest Full Text
Abstract
Resilience, a cyber insurance startup, has acquired BreachQuest, a cybersecurity company specializing in incident response solutions, to enhance its cyber risk management software and incident management solution.Cyware
February 22, 2024 – Criminals
NCA Exposes Nearly 200 LockBit Affiliates, Data Theft Malware Full Text
Abstract
The UK's National Crime Agency (NCA) has gained control of LockBit's site and has exposed the identities of the affiliates, disrupted the affiliate infrastructure, and destroyed the servers used for data exfiltration.Cyware
February 22, 2024 – Business
1Password Expands Its Endpoint Security Offerings With Kolide Acquisition Full Text
Abstract
1Password, a password management software developer, has acquired Kolide, an endpoint security platform, for an undisclosed amount. Kolide's device security and contextual access management solution will be integrated into 1Password's offerings.Cyware
February 22, 2024 – Botnet
‘Lucifer’ Botnet Turns Up the Heat on Apache Hadoop Servers Full Text
Abstract
The botnet's campaign has evolved through three distinct phases, testing new infection routines and defense evasion techniques before potentially launching a broader attack.Cyware
February 22, 2024 – Cryptocurrency
Cryptocurrency Exchange FixedFloat Hacked to Siphon Off $26 Million in BTC, ETH Full Text
Abstract
FixedFloat, a non-KYC crypto exchange, was hacked for $26 million worth of Bitcoin and Ethereum due to vulnerabilities and insufficient security measures, leading to frozen transactions and missing funds.Cyware
February 22, 2024 – Breach
Breach at Aussie Telecom Tangerine Affects 232,000 Customers Full Text
Abstract
The company confirmed that no credit/debit card numbers were compromised and assured that customer accounts are protected by multifactor authentication, ensuring security from unauthorized access.Cyware
February 21, 2024 – Malware
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics Full Text
Abstract
ReversingLabs' research revealed a broader campaign involving multiple packages and sophisticated tactics, indicating an emerging trend of DLL sideloading attacks in open-source environments.Cyware
February 21, 2024 – Malware
New ‘VietCredCare’ Stealer Targeting Facebook Advertisers in Vietnam Full Text
Abstract
The malware is distributed through links to bogus sites on social media and messaging platforms, and it is designed to filter out Facebook credentials while evading detection by security software.Cyware
February 21, 2024 – Denial Of Service
Top UK Universities Recovering Following Targeted DDoS Attack Full Text
Abstract
The attack targeted the Janet Network, used by several UK universities, and was claimed by the hacktivist group Anonymous Sudan. This incident reflects a growing trend of cyberattacks against UK institutions.Cyware
February 21, 2024 – Ransomware
Knight Ransomware Source Code for Sale After Leak Site Shuts Down Full Text
Abstract
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum, indicating a potential shift in the group's operations.Cyware
February 21, 2024 – Cryptocurrency
Fake Tokens Exploit BRICS Investment Hype Full Text
Abstract
Security researchers have identified a rising trend of cryptocurrency counterfeiting targeting Fortune 100 companies, involving the creation of tokens impersonating major brands, government bodies, and national fiat currencies.Cyware
February 21, 2024 – Malware
New Migo Malware Targeting Redis Servers for Cryptocurrency Mining Full Text
Abstract
Migo disables security defenses on Redis servers, sets up keys for SSH access, and deploys a modified rootkit to hide processes and artifacts, resembling tactics used by known cryptojacking groups.Cyware
February 21, 2024 – Vulnerabilities
VMware Urges Admins to Remove Deprecated, Vulnerable Enhanced Authentication Plug-in Full Text
Abstract
VMware has urged users to uninstall the deprecated Enhanced Authentication Plugin (EAP) due to the discovery of critical security flaws, including an arbitrary authentication relay bug and a session hijack flaw.Cyware
February 21, 2024 – Attack
VoltSchemer Attacks Use Wireless Chargers to Inject Voice Commands, Fry Phones Full Text
Abstract
The attack takes advantage of security flaws in wireless charging systems, allowing attackers to manipulate the charger's voltage and interfere with the communication between the charger and the smartphone.Cyware
February 21, 2024 – Attack
Astaroth, Mekotio, and Ousaban Abusing Google Cloud Run in LATAM-Focused Malware Campaigns Full Text
Abstract
Google Cloud Run is being exploited by threat actors to distribute banking trojans, with a significant increase in malicious email campaigns observed since September 2023 targeting victims in Latin America, Europe, and North America.Cyware
February 21, 2024 – Insider Threat
Insider Steals 80,000 Email Addresses From UK District Councils Full Text
Abstract
A former council worker has been cautioned by police for taking 79,000 residents' email addresses from a database to promote a business unrelated to the council. Another database from Warwick District Council was also affected.Cyware
February 20, 2024 – Vulnerabilities
Critical Flaws Found in ConnectWise ScreenConnect Software Full Text
Abstract
ConnectWise has released software updates to address two critical security flaws in its ScreenConnect remote desktop and access software. The vulnerabilities could allow remote code execution and unauthorized access to restricted directories.Cyware
February 20, 2024 – Vulnerabilities
Over 28,500 Exchange Servers Vulnerable to Actively Exploited Bug Full Text
Abstract
The CVE-2024-21410 vulnerability allows remote unauthenticated actors to perform NTLM relay attacks, potentially leading to unauthorized access to confidential data and network exploitation.Cyware
February 20, 2024 – Attack
Several Ukrainian Media Outlets Attacked by Russian Hackers Full Text
Abstract
Ukrainian authorities and cybersecurity agencies attributed the attack to Russian threat actors and described it as part of Russia's "information warfare" against Ukraine.Cyware
February 20, 2024 – Attack
North Korean Hackers Linked to Defense Sector Supply-Chain Attack Full Text
Abstract
The German federal intelligence agency and South Korea's National Intelligence Service have issued a joint advisory warning about ongoing cyber-espionage operations targeting the global defense sector on behalf of North Korea.Cyware
February 20, 2024 – Breach
Wyze Camera Breach Let 13,000 Strangers Look into Other People’s Homes Full Text
Abstract
The breach resulted from a system overload caused by incorrect mapping of device IDs, which was attributed to a third-party caching client library recently integrated into Wyze's system.Cyware
February 20, 2024 – Vulnerabilities
Hackers Exploit Critical RCE Flaw in Bricks WordPress Site Builder Full Text
Abstract
The vulnerability, tracked as CVE-2024-25600, was discovered by a researcher named 'snicco' and a fix became available on February 13 with the release of version 1.9.6.1.Cyware
February 20, 2024 – Criminals
Cactus Ransomware Gang Claims the Theft of 1.5TB of Data From Schneider Electric Full Text
Abstract
The attack, which hit the Sustainability Business division on January 17th, caused outages in Schneider Electric’s Resource Advisor cloud platform. The gang published 25MB of stolen data as proof of the hack.Cyware
February 20, 2024 – Solution
Google Open Sources Magika: AI-Powered File Identification Tool Full Text
Abstract
Magika outperforms conventional methods and is used to enhance user safety in Gmail, Drive, and Safe Browsing. Google emphasizes the use of AI to strengthen digital security and shift the balance in favor of defenders in cybersecurity.Cyware
February 20, 2024 – Privacy
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices Full Text
Abstract
The surveillance industry continues to evolve, with recent discoveries of new surveillance tools like Patternz and a previously unknown mobile network attack called MMS Fingerprint, raising concerns about privacy and security.Cyware
February 20, 2024 – Malware
Newly Discovered RustDoor Malware Impersonates Visual Studio Update Full Text
Abstract
A new macOS malware dubbed RustDoor, written in Rust, is being distributed disguised as a Visual Studio update. The malware provides backdoor access to compromised systems and is linked to infrastructure associated with the BlackCat ransomware gang. Researchers have shared a list of known IOCs ... Read MoreCyware
February 19, 2024 – Solution
New Google Chrome Feature Blocks Attacks Against Home Networks Full Text
Abstract
Google is testing a new feature called "Private Network Access protections" in Chrome 123 to prevent malicious websites from attacking devices and services on a user's private network.Cyware
February 19, 2024 – Solution
Gmail & Yahoo DMARC Rollout: When Cyber Compliance Gives a Competitive Edge Full Text
Abstract
DMARC compliance offers businesses a competitive advantage through improved email deliverability and enhanced security posture, leading to better engagement rates and revenue growth.Cyware
February 19, 2024 – Malware
Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries Full Text
Abstract
The Android banking trojan Anatsa has expanded its reach to include Slovakia, Slovenia, and Czechia, demonstrating the capability to bypass restricted settings for accessibility service in Android 13.Cyware
February 19, 2024 – Malware
PDF Malware on the Rise, Used to Spread WikiLoader, Ursnif, and DarkGate Full Text
Abstract
Cybercriminals are using ad tools to track and optimize their malware campaigns, making their lures more convincing and increasing the likelihood of users falling victim to the attacks.Cyware
February 19, 2024 – Attack
Russia-Aligned Hackers Target European and Iranian Embassies in New Espionage Campaign Full Text
Abstract
A Russia-linked hacking group, Winter Vivern, exploited a vulnerability in the Roundcube webmail server to spy on government and military agencies in Europe and Iranian embassies in Russia, indicating a significant cybersecurity threat.Cyware
February 19, 2024 – General
Japan Sees Increased Cyberthreats to Critical Infrastructure, Particularly From China Full Text
Abstract
Recent cyberattacks on Japanese entities, such as the Ministry of Foreign Affairs and aerospace agency JAXA, underscore the persistent threat posed by Chinese hackers to Japan's security and economy.Cyware
February 19, 2024 – Breach
Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data Full Text
Abstract
The stolen data includes confidential records, employee documents, customer information, and configuration settings related to services such as OpenAI and Twilio, posing a significant threat to the company and its clients.Cyware
February 19, 2024 – Policy and Law
Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties Full Text
Abstract
Mark Sokolovsky, a Ukrainian national, has been extradited to the United States to face criminal charges related to his involvement in the Raccoon info stealer malware-as-a-service operation.Cyware
February 19, 2024 – Attack
Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor Full Text
Abstract
Charming Kitten's phishing attacks involve social engineering tactics, compromised email accounts, and the distribution of various backdoors, demonstrating their commitment to surveillance and malware deployment.Cyware
February 19, 2024 – Vulnerabilities
RCE Vulnerabilities Fixed in Solarwinds Enterprise Solutions Full Text
Abstract
SolarWinds has patched critical vulnerabilities in its Access Rights Manager (ARM) and (Orion) Platform that could allow attackers to execute code, emphasizing the importance of promptly updating to the fixed versions.Cyware
February 17, 2024 – Ransomware
Alpha Ransomware Emerges From NetWalker Ashes Full Text
Abstract
The Alpha ransomware operation appears to be linked to the previously inactive NetWalker ransomware, suggesting a potential revival or acquisition of the original payload.Cyware
February 17, 2024 – Government
CISA Warns of Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability Full Text
Abstract
The information disclosure vulnerability, known as CVE-2020-3259, is being exploited by the Akira ransomware group to compromise susceptible Cisco Anyconnect SSL VPN appliances.Cyware
February 17, 2024 – Malware
SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds Full Text
Abstract
Android users are advised to be cautious of applications requesting Accessibility API access, particularly those claiming to be crypto wallets, PDF readers, and video players.Cyware
February 17, 2024 – Cryptocurrency
North Korean Hackers Now Launder Stolen Crypto via YoMix Tumbler Full Text
Abstract
YoMix saw a significant increase in funds in 2023, with about one-third of inflows originating from wallets associated with crypto hacks, demonstrating the adaptability of sophisticated threat actors.Cyware
February 16, 2024 – Attack
Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity Full Text
Abstract
The Voltzite threat, a subset of China's Volt Typhoon APT, has been actively targeting US electric companies and African electric transmission and distribution organizations, with the intent to compromise physical industrial control systems.Cyware
February 16, 2024 – Phishing
Hackers Exploit EU Agenda in Spear Phishing Campaigns Full Text
Abstract
Organizations based in the EU are being targeted by spear phishing campaigns leveraging EU political and diplomatic events, according to the bloc’s Computer Emergency Response Team (CERT-EU).Cyware
February 16, 2024 – Policy and Law
To Avoid Bankruptcy, EMR Firm Settles Lawsuit for $4M Full Text
Abstract
The settlement includes options for affected individuals such as identity theft monitoring, reimbursement for losses, or a flat fee cash payment, with attorneys seeking about one-third of the settlement fund in fees.Cyware
February 16, 2024 – Outage
Washington County Pays $350,000 Ransom After Cyberattack Full Text
Abstract
The Washington County Board of Commissioners voted to pay a $350,000 ransom to Russian cybercriminals after a cyberattack shut down county services. The decision was made in an emergency meeting due to the deadline set by the hackers.Cyware
February 16, 2024 – Vulnerabilities
CISA Adds Microsoft Windows Bugs to Its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft Windows vulnerabilities to its list of Known Exploited Vulnerabilities. These flaws, CVE-2024-21412 and CVE-2024-21351, are actively being exploited in the wild.Cyware
February 16, 2024 – Policy and Law
Zeus, IcedID Malware Gangs Leader Pleads Guilty, Faces 40 Years in Prison Full Text
Abstract
Vyacheslav Igorevich Penchukov, a Ukrainian cybercriminal, pleaded guilty to leading the Zeus and IcedID malware groups, involved in stealing millions of dollars and attacking a major hospital with ransomware.Cyware
February 15, 2024 – Insider Threat
U.S. Internet Corp. Leaked Years of Internal, Customer Emails Full Text
Abstract
U.S. Internet Corp.'s subsidiary, Securence, inadvertently exposed over a decade's worth of internal and client emails, including those of government institutions, due to a misconfigured server, raising serious security concerns.Cyware
February 15, 2024 – Breach
North Korean Hackers Target South Korean President’s Office Full Text
Abstract
South Korea has accused North Korean hackers of breaching an administrator's email account in the Office of the President to access information about the president's communications and overseas trips.Cyware
February 15, 2024 – Breach
Us Military Notifies 20,000 of Data Breach After Cloud Email Leak Full Text
Abstract
The U.S. Department of Defense has notified around 20,600 individuals that their personal information was exposed in an email data spill due to a misconfigured cloud email server hosted on Microsoft's platform.Cyware
February 15, 2024 – Encryption
Encryption Vital For Right to Privacy, European Court Rules Full Text
Abstract
The European Court of Human Rights ruled in favor of a Russian petitioner who challenged a Kremlin rule requiring telecom firms to provide backdoor access to servers for law enforcement data collection.Cyware
February 15, 2024 – Malware
North Korea Turns to Designing Malware-Infected Gambling Websites for Cash Full Text
Abstract
The operation is carried out by an IT organization called "Gyeongheung," affiliated with North Korea's secretive Office 39. These websites are sold for $5,000 a month, with additional tech support for $3,000.Cyware
February 15, 2024 – Policy and Law
New Jersey Law Enforcement Officers Sue 118 Data Brokers for Not Removing Personal Information Full Text
Abstract
The lawsuits filed against data brokers in New Jersey highlight the need for stronger regulation of data brokers to protect the privacy of law enforcement personnel and all Americans.Cyware
February 15, 2024 – Phishing
Corporate Users Getting Tricked into Downloading AnyDesk Full Text
Abstract
Hackers are tricking victims into downloading an outdated but legitimate AnyDesk executable by directing them to fake websites posing as financial institutions. Once the program is run, attackers can gain control of the victim's machine.Cyware
February 15, 2024 – General
Report: Threat Actors Intensify Focus on NATO Member States Full Text
Abstract
A report from Flare indicates that Initial Access Brokers (IABs) are increasingly targeting entities within NATO member states through various techniques such as spear-phishing and exploiting vulnerabilities.Cyware
February 14, 2024 – Breach
Atlassian Vulnerability at Fault in GAO Breach Full Text
Abstract
The Government Accountability Office (GAO) suffered a data breach affecting thousands of current and former employees, which was carried out through a vulnerability in the Atlassian Confluence workforce collaboration tool.Cyware
February 14, 2024 – Malware
More Signs of a Qakbot Resurgence Full Text
Abstract
Security researchers have lately observed new builds and incremental changes to the malware, indicating that someone with access to its source code is experimenting with it.Cyware
February 14, 2024 – Vulnerabilities
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs Full Text
Abstract
One of the zero-days, CVE-2024-21412, allows attackers to bypass security features and deploy malware. The other zero-day, CVE-2024-21351, enables attackers to bypass SmartScreen protections and potentially gain remote code execution capabilities.Cyware
February 14, 2024 – Vulnerabilities
20-Year-Old DNSSEC Vulnerability Puts Big Chunk of the Internet at Risk Full Text
Abstract
A 20-plus-year-old design flaw in the DNSSEC specification, named KeyTrap, can be exploited by a single packet to disable vulnerable DNS servers, affecting web clients and other applications relying on them.Cyware
February 14, 2024 – General
Boise State Pilot Program Aims to Boost Cybersecurity by Pairing Students With Local Institutions Full Text
Abstract
The Cyberdome initiative at Boise State University is helping to address the shortage of cybersecurity talent in rural areas by providing hands-on work experience to students and cybersecurity services to organizations in need.Cyware
February 14, 2024 – Solution
Financial Institutions Embrace Cyber Fusion Centers for Unified Approach to Evolving Risks Full Text
Abstract
Cyber Fusion Centers (CFCs) enable threat intelligence operationalization, information sharing, and automation of threat response, providing a unified and efficient approach to cybersecurity in the financial sector.Cyware
February 14, 2024 – Solution
Global Malicious Activity Targeting Elections is Skyrocketing Full Text
Abstract
According to Resecurity, malicious cyber-activity has increased by 100% between 2023 and early 2024, with threat actors aiming to acquire and exploit voter data for potential propaganda campaigns and electoral interference.Cyware
February 13, 2024 – Malware
Diving Into Glupteba’s UEFI Bootkit Full Text
Abstract
The Pay-Per-Install (PPI) ecosystem, originally intended for distributing advertisements, has evolved into a profitable platform for spreading spyware and malware, including threats like Glupteba.Cyware
February 13, 2024 – Breach
Jet Engine Dealer to Major Airlines Discloses ‘Unauthorized Activity’ Full Text
Abstract
The Black Basta ransomware group claims to have stolen 910 GB of sensitive company data from Willis Lease Finance Corporation, including passport scans and personal information of staff and customers.Cyware
February 13, 2024 – Solution
SiCat: Open-Source Exploit Finder Full Text
Abstract
The tool has key features such as an easy-to-understand code structure, reporting/output system in HTML and JSON formats, and the ability to run via Nmap scan results in XML format.Cyware
February 13, 2024 – Breach
Update: Caravan Club Admits Members’ Personal Data Possibly Accessed Full Text
Abstract
Members are advised to be cautious of phishing attacks and to update their passwords as a precautionary measure, while the organization has taken steps to enhance cybersecurity in response to the incident.Cyware
February 13, 2024 – Ransomware
Ransomware Tactics Evolve, Become Scrappier Full Text
Abstract
Ransomware attacks surged in 2023, with the United States accounting for almost half of all attacks according to Malwarebytes, and cybercriminals evolving their tactics to target a higher volume of victims simultaneously.Cyware
February 13, 2024 – Solution
Protecting Against AI-Enhanced Email Threats Full Text
Abstract
Combining traditional email security measures with AI-based solutions and empowering cybersecurity personnel with AI skills is crucial for organizations to defend against evolving cyber threats.Cyware
February 12, 2024 – Phishing
Ongoing Azure Compromises Target Senior Executives, Microsoft 365 Apps Full Text
Abstract
Threat actors are targeting Microsoft Azure corporate clouds with sophisticated and tailored phishing attacks, compromising a wide range of user accounts for activities such as data exfiltration and financial fraud.Cyware
February 12, 2024 – Ransomware
Decryptor for Rhysida Ransomware is Available Full Text
Abstract
Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor.Cyware
February 12, 2024 – Business
Cohesity, Veritas Combine as New Data Protection Company Full Text
Abstract
The deal will result in the formation of a separate company called DataCo to handle Veritas' remaining assets, while Cohesity will follow a "no customer left behind" approach.Cyware
February 12, 2024 – Government
CISA Partners with OpenSSF to Release Principles for Package Repository Security Framework Full Text
Abstract
This initiative aligns with CISA's Open Source Software Security Roadmap's objective of collaborating with relevant working groups to develop security principles for package managers.Cyware
February 12, 2024 – General
UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion Full Text
Abstract
The United Nations is investigating 58 suspected cyberattacks by North Korea, totaling around $3 billion, which are believed to be funding the country's development of weapons of mass destruction.Cyware
February 12, 2024 – Government
National Cyber Director Urges Private Sector Collaboration to Counter Nation-State Cyber Threat Full Text
Abstract
National Cyber Director Harry Coker emphasized the need for a collaborative effort between the government and industry to address cyber threats, harmonize regulations, and build a diverse cybersecurity workforce.Cyware
February 12, 2024 – Breach
Hackers Leak Alleged Partial Facebook Marketplace Database Full Text
Abstract
The partial Facebook Marketplace database was allegedly leaked by a threat actor, exposing sensitive personal information of approximately 200,000 users, including full names, Facebook IDs, phone numbers, physical IDs, and email addresses.Cyware
February 12, 2024 – General
QR Code ‘Quishing’ Attacks on Executives Surge, Evading Email Security Full Text
Abstract
Email attacks using QR codes, known as "quishing," have surged, especially targeting corporate executives and managers, highlighting the need for enhanced digital protections for business leadership.Cyware
February 12, 2024 – Government
CISA Blitzes Super Bowl With Cyber Campaign as Businesses Fumble Security Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) partnered with the NFL to promote cybersecurity awareness during the Super Bowl, aiming to encourage strong passwords, multifactor authentication, and phishing reporting.Cyware
February 11, 2024 – Policy and Law
U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators Full Text
Abstract
The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT . The domains – www.warzone[.]ws and three others – were "used to sell computer malware used by cybercriminals to secretly access and steal data from victims' computers," the DoJ said . Alongside the takedown, the international law enforcement effort has arrested and indicted two individuals in Malta and Nigeria for their involvement in selling and supporting the malware and helping other cybercriminals use the RAT for malicious purposes. The defendants, Daniel Meli (27) and Prince Onyeoziri Odinakachi (31) have been charged with unauthorized damage to protected computers, with the former also accused of "illegally selling and advertising an electronic interception device and participating in a conspiracy to commit several computer intrusion offenses." Meli is alleged to have offered malware seThe Hacker News
February 10, 2024 – Breach
‘World’s Biggest Casino’ App Exposed Customers’ Personal Data Full Text
Abstract
The phone app developed by startup Dexiga for the casino resort WinStar had an exposed database containing customers' personal information, including names, phone numbers, email addresses, and home addresses.Cyware
February 10, 2024 – Phishing
Over 800 Phony Temu Domains Lure Shoppers into Credential Theft Full Text
Abstract
Temu is the latest brand chosen by scammers for their phishing scams. Hackers are using Temu’s giveaway rewards to entice users to give away their credentials, with over 800 new domains registered as “Temu” in the last three months.Cyware
February 10, 2024 – Malware
Alert: New Stealthy “RustDoor” Backdoor Targeting Apple macOS Devices Full Text
Abstract
Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, codenamed RustDoor by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures. The exact initial access pathway used to propagate the implant is currently not known, although it's said to be distributed as FAT binaries that contain Mach-O files. Multiple variants of the malware with minor modifications have been detected to date, likely indicating active development. The earliest sample of RustDoor dates back to November 2, 2023. It comes with a wide range of commands that allow it to gather and upload files, and harvest information about the compromised endpoint. Some versions also include configurations with details about what data to collect, the list of targeted extensions and directories, and the directories to exclude. The captured information is then exfiltrateThe Hacker News
February 10, 2024 – Cryptocurrency
Is Your Crypto Safe? XPhase Clipper Malware Steals Coins with a Click Full Text
Abstract
The malware is spread through deceptive websites impersonating legitimate cryptocurrency platforms, with a noticeable emphasis on targeting Indian cryptocurrency enthusiasts.Cyware
February 09, 2024 – Malware
Raspberry Robin Malware Upgrades with Discord Spread and New Exploits Full Text
Abstract
The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time," Check Point said in a report this week. Raspberry Robin (aka QNAP worm), first documented in 2021, is an evasive malware family that's known to act as one of the top initial access facilitators for other malicious payloads, including ransomware. Attributed to a threat actor named Storm-0856 (previously DEV-0856), it's propagated via several entry vectors, including infected USB drives, with Microsoft describing it as part of a "complex and interconnected malware ecosystem" with ties to other e-crime groups like Evil Corp, Silence, and TA505 . Raspberry Robin's use of one-day exploits such as CVE-2020-The Hacker News
February 9, 2024 – Breach
US Insurance Firms Sound Alarm After 66,000 Individuals Impacted by SIM Swap Attack Full Text
Abstract
Two US insurance companies, Washington National Insurance and Bankers Life, have reported that the personal information of around 66,000 individuals may have been stolen by hackers using SIM-swapping attacks.Cyware
February 09, 2024 – Malware
MoqHao Android Malware Evolves with Auto-Execution Capability Full Text
Abstract
Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs said in a report published this week. "While the app is installed, their malicious activity starts automatically." The campaign's targets include Android users located in France, Germany, India, Japan, and South Korea. MoqHao, also called Wroba and XLoader (not to be confused with the Windows and macOS malware of the same name), is an Android-based mobile threat that's associated with a Chinese financially motivated cluster dubbed Roaming Mantis (aka Shaoye). Typical attack chains commence with package delivery-themed SMS messages bearing fraudulent links that, when clicked from Android devices, lead to the deployment of the malware bThe Hacker News
February 9, 2024 – Malware
‘Coyote’ Malware Begins Its Hunt, Preying on 61 Banking Apps Full Text
Abstract
Brazilian banking trojans have a history of expanding abroad, and the emergence of new variants like "Coyote" could lead to their evolution into fully fledged initial access trojans and backdoors.Cyware
February 09, 2024 – Solution
Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA Full Text
Abstract
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work without clear prioritization - and miss a significant portion of the attack surface altogether. The primary issue arises from the detection and prioritization methods used by traditional Static Code Analysis (SCA) tools for vulnerabilities. These methods lack the organizational-specific context needed to make an informed scoring decision: the score, even if critical, might not actually be critical for an organization because its infrastructure works in a unique way - affecting the actual impact the vulnerability might have. In other words, since these tools depend on a relatively naive methodolThe Hacker News
February 9, 2024 – General
Ransomware Leak Site Reports Rose by 49% in 2023, but There Is Good News Full Text
Abstract
While ransomware groups targeted a wide range of industries for profit, the demise of several groups in 2023 was attributed to increased pressure from law enforcement and cybersecurity organizations.Cyware
February 09, 2024 – Malware
New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack Full Text
Abstract
Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote . "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report. What makes Coyote a different breed from other banking trojans of its kind is the use of the open-source Squirrel framework for installing and updating Windows apps. Another notable departure is the shift from Delphi – which is prevalent among banking malware families targeting Latin America – to an uncommon programming language like Nim. In the attack chain documented by Kaspersky, a Squirrel installer executable is used as a launchpad for a Node.js application compiled with Electron, which, in turn, runs a Nim-based loader to trigger the execution of the malicious Coyote payload by means ofThe Hacker News
February 9, 2024 – Attack
New Zardoor Backdoor Used in Long-Term Cyber Espionage Operation Targeting an Islamic Organization Full Text
Abstract
The threat actor maintained long-term access to the victim's network, evading detection by using living-off-the-land binaries, side-loading backdoors, and leveraging open-source reverse proxy tools like Fast Reverse Proxy (FRP) and Venom.Cyware
February 9, 2024 – Policy and Law
Google Settles Google+ API Data Leak Lawsuit for $350M Full Text
Abstract
The shareholders, led by the state of Rhode Island's retirement system, accused Google of concealing the extent of the data breach and failing to notify users about the API flaw.Cyware
February 09, 2024 – Vulnerabilities
Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways Full Text
Abstract
Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as CVE-2024-22024 , is rated 8.3 out of 10 on the CVSS scoring system. "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication," the company said in an advisory. The company said it discovered the flaw during an internal review as part of its ongoing investigation into multiple security weaknesses in the products that have come to light since the start of the year, including CVE-2023-46805, CVE-2024-21887 , CVE-2024-21888, and CVE-2024-21893 . CVE-2024-22024 affects the following versions of the products - Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, aThe Hacker News
February 8, 2024 – Breach
Chinese State-Sponsored Actors Compromised and Maintained Persistent Access to U.S. Critical Infrastructure for Five Years Full Text
Abstract
Volt Typhoon's tactics involve extensive pre-compromise reconnaissance, targeting of public-facing network appliances, exploitation of vulnerabilities, and use of living off the land (LOTL) techniques to maintain long-term undiscovered persistence.Cyware
February 8, 2024 – Business
Device Authority Raises $7M in Series A Funding Full Text
Abstract
The company specializes in identity and access management for enterprise IoT ecosystems, offering solutions to reduce human error, accelerate incident response, and establish trust in connected environments.Cyware
February 8, 2024 – APT
Kimsuky APT Disguises as a Korean Company to Distribute Troll Stealer Full Text
Abstract
Troll Stealer's similarities to known malware families linked to Kimsuky, such as AppleSeed and AlphaSeed, raise concerns about the group's offensive cyber operations and its targeting of South Korean entities.Cyware
February 8, 2024 – Malware
HijackLoader Expands Techniques to Improve Defense Evasion Full Text
Abstract
The HijackLoader sample exhibits complex multi-stage behavior, including process hollowing, transacted section hollowing, and user mode hook bypass using Heaven’s Gate, to inject and execute the final payload while evading detection.Cyware
February 8, 2024 – Breach
Funerals Reportedly Canceled Due to Ransomware Attack on Austrian Town Full Text
Abstract
The municipality of Korneuburg in Austria was hit by a ransomware attack, leading to data encryption and the cancellation of funerals due to the inability to issue death certificates.Cyware
February 8, 2024 – Phishing
Facebook Fatal Accident Scam Still Rages On Full Text
Abstract
Cybercriminals are using legitimate services like googleapis.com to fingerprint users and redirect them to specific types of scams based on their analysis of the user's IP address, machine type, and VPN usage.Cyware
February 08, 2024 – Government
Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade Full Text
Abstract
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam. "Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the U.S. government said . The joint advisory, which was released by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), was also backed by other nations that are part of the Five Eyes (FVEY) intelligence allThe Hacker News
February 8, 2024 – Business
NinjaOne Raises $231.5M in Series C Funding Full Text
Abstract
The funding will be used to accelerate customer success, support, product innovation, and growth, as NinjaOne aims to empower IT teams with visibility, security, and control over endpoints.Cyware
February 08, 2024 – Solution
Unified Identity – look for the meaning behind the hype! Full Text
Abstract
If you've listened to software vendors in the identity space lately, you will have noticed that "unified" has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits! However (there is always a however, right?) not every "unified" "identity" "security" "platform" is made equal. Some vendors call the combination of workforce IDaaS and customer IDaaS a unified identity solution, while others offer a glorified 2FA service – unified only in the mind of their marketers. Your landscape matters! So forget for a moment what the vendors claim, and think back to your organization and your identity security landscape. Consider this new definition: "unified" is what has the ability to consolidate your identity challenges with a complete identity solution. Here's an example: you're responsible for the identity infrastructure of a large hospital. Frontline workers, administrative employees, aThe Hacker News
February 8, 2024 – Government
CISA Adds Google Chromium V8 Type Confusion Bug to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The vulnerability, tracked as CVE-2023-4762, can allow a remote attacker to execute arbitrary code via a crafted HTML page, and has been exploited by threat actors to install spyware on both Apple and Android devices.Cyware
February 08, 2024 – Malware
HijackLoader Evolves: Researchers Decode the Latest Evasion Methods Full Text
Abstract
The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver additional payloads and tooling. "The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe," CrowdStrike researchers Donato Onofri and Emanuele Calvelli said in a Wednesday analysis. "This new approach has the potential to make defense evasion stealthier." HijackLoader was first documented by Zscaler ThreatLabz in September 2023 as having been used as a conduit to deliver DanaBot, SystemBC, and RedLine Stealer. It's also known to share a high degree of similarity with another loader known as IDAT Loader. Both the loaders are assessed to be operated by the same cybercrime group. In the intervening months, HijackLoader has been propagated via ClearFake and put toThe Hacker News
February 8, 2024 – General
Record-Breaking Ransomware Profits Surpassed $1B in 2023 Full Text
Abstract
The rise in ransomware profits in 2023 marks a significant reversal from the decline observed in 2022, driven by the innovation and resilience of top-tier ransomware groups.Cyware
February 08, 2024 – General
Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore Full Text
Abstract
Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps or file managers)," the company said . The feature is designed to examine the permissions declared by a third-party app in real-time and look for those that seek to gain access to sensitive permissions associated with reading SMS messages, deciphering or dismissing notifications from legitimate apps, and accessibility services that have been routinely abused by Android-based malware for extracting valuable information . As part of the test, users in Singapore who attempt to sideload such appsThe Hacker News
February 8, 2024 – Vulnerabilities
Google Fixed an Android Critical Remote Code Execution Flaw Full Text
Abstract
Google has released the February 2024 security patches for Android to fix 46 vulnerabilities, including a critical remote code execution flaw (CVE-2024-0031) in the System component.Cyware
February 08, 2024 – Malware
Kimsuky’s New Golang Stealer ‘Troll’ and ‘GoBear’ Backdoor Target South Korea Full Text
Abstract
The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer . The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2W said in a new technical report. Troll Stealer's links to Kimsuky stem from its similarities to known malware families, such as AppleSeed and AlphaSeed malware that have been attributed to the group. Kimsuky, also tracked under the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Nickel Kimball, and Velvet Chollima, is well known for its propensity to steal sensitive, confidential information in offensive cyber operations. In late November 2023, the threat actors were sanctioned by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) for gathering intelligence to further NorthThe Hacker News
February 7, 2024 – Insider Threat
Medical Center Fined $4.75M in Insider ID Theft Incident Full Text
Abstract
The incident revealed data security failures and led to a corrective action plan, including a thorough security risk analysis and implementation of audit controls, to address vulnerabilities and improve patient information protection.Cyware
February 7, 2024 – Vulnerabilities
Critical Shim Bug Impacts Every Linux Bootloader Signed in the Past Decade Full Text
Abstract
The maintainers of 'shim' released version 15.8 to address six vulnerabilities, with the most critical one (CVE-2023-40547) potentially leading to remote code execution and Secure Boot bypass.Cyware
February 07, 2024 – Botnet
After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back Full Text
Abstract
The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert data transfer system for other Chinese state-sponsored actors, including Volt Typhoon (aka Bronze Silhouette, Insidious Taurus, or Vanguard Panda). Active since at least February 2022, it was first documented by the Black Lotus Labs team at Lumen Technologies in mid-December 2023. The botnet is known to comprise two main sub-groups, viz. KV and JDY, with the latter principally used for scanning potential targets for reconnaissance. Late last month, the U.S. government announced a court-authorized disruption effort to take down the KV cluster, which is typically reserved for manual operations against high-profile targets cThe Hacker News
February 7, 2024 – General
Are Cybersecurity Performance Measures Realistic? Full Text
Abstract
The GAO urged the White House to establish performance measures for federal cybersecurity initiatives, but the ONCD pushed back, citing the difficulty of developing outcome-oriented measures and estimating implementation costs.Cyware
February 07, 2024 – Vulnerabilities
Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros Full Text
Abstract
The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been credited with discovering and reporting the bug. "The shim's http boot support (httpboot.c) trusts attacker-controlled values when parsing an HTTP response, leading to a completely controlled out-of-bounds write primitive," Oracle's Alan Coopersmith noted in a message shared on the Open Source Security mailing list oss-security. Demirkapi, in a post shared on X (formerly Twitter) late last month, said the vulnerability "exists in every Linux boot loader signed in the past decade." shim refers to a "trivial" software package that's designed to work as a firsThe Hacker News
February 7, 2024 – Vulnerabilities
Critical Bugs in Canon Printers Allow Code Execution, DDoS Full Text
Abstract
Canon has patched critical buffer-overflow bugs in its printers that could allow attackers to remotely perform denial of service or execute arbitrary code, emphasizing the importance of promptly updating firmware.Cyware
February 07, 2024 – Education
New Webinar: 5 Steps to vCISO Success for MSPs and MSSPs Full Text
Abstract
2024 will be the year of the vCISO. An incredible 45% of MSPs and MSSPs are planning to start offering vCISO services in 2024. As an MSP/MSSP providing vCISO services, you own the organization's cybersecurity infrastructure and strategy. But you also need to position yourself as a reliable decision-maker, navigating professional responsibilities, business needs and leadership requirements. A new webinar by Cynomi , vCISO platform leader, hosting CISO and vCISO veteran Jesse Miller from PowerPSA Consulting, provides MSPs and MSSPs with an effective 100-day plan to build themselves up for success. The webinar provides a tangible five-step 100-day action plan that any MSP/MSSP can follow when they engage with a new vCISO client. It also provides guidance on vCISO goals and pitfalls to avoid. By watching the webinar, you can position yourself as a strategic and long-term partner for your clients. They will see you as capable of driving security transformation and managing security conThe Hacker News
February 7, 2024 – Encryption
Three Ways to Achieve Crypto Agility in a Post-Quantum World Full Text
Abstract
Crypto agility, including the ability to rapidly switch between certificate authorities and encryption standards, is essential for securing digital infrastructure in today's automated operational environment.Cyware
February 07, 2024 – General
Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse Full Text
Abstract
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process , aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by establishing guiding principles and policy options for States, industry, and civil society in relation to the development, facilitation, purchase, and use of such tools. The declaration stated that "uncontrolled dissemination" of spyware offerings contributes to "unintentional escalation in cyberspace," noting it poses risks to cyber stability, human rights, national security, and digital security. "Where these tools are used maliciously, attacks can access victims' devices, listen to calls, obtain photos and remotely operate a camera and microphone via 'zero-click&The Hacker News
February 7, 2024 – Solution
Google Open Sources AI-Boosted Fuzzing Framework Full Text
Abstract
The framework has successfully identified vulnerabilities in C/C++ projects, including two in cJSON and libplist, which might have remained undiscovered without the use of large language models.Cyware
February 07, 2024 – Attack
Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network Full Text
Abstract
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD) said in a statement. "Because this system was self-contained, it did not lead to any damage to the defense network." The network had less than 50 users. The intrusion, which took place in 2023, leveraged a known critical security flaw in FortiOS SSL-VPN ( CVE-2022-42475 , CVSS score: 9.3) that allows an unauthenticated attacker to execute arbitrary code via specially crafted requests. Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances. "The COATHANGER malware is stealthy and persistent," the Dutch NThe Hacker News
February 7, 2024 – Vulnerabilities
New Vulnerabilities in Azure HDInsight Could Have Led to Privilege Escalations and Denial of Service Full Text
Abstract
These vulnerabilities could have allowed attackers to gain cluster administrator privileges, disrupt operations, and negatively impact the availability and reliability of the affected systems.Cyware
February 07, 2024 – Vulnerabilities
Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now Full Text
Abstract
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances. The vulnerability, tracked as CVE-2024-23917 , carries a CVSS rating of 9.8 out of 10, indicative of its severity. "The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," the company said . The issue impacts all TeamCity On-Premises versions from 2017.1 through 2023.11.2. It has been addressed in version 2023.11.3. An unnamed external security researcher has been credited with discovering and reporting the flaw on January 19, 2024. Users who are unable to update their servers to version 2023.11.3 can alternately download a security patch plugin to apply fixes for the flaw. "If your server is publicly acceThe Hacker News
February 7, 2024 – General
Paying Ransoms is Becoming a Cost of Doing Business for Many Full Text
Abstract
Companies are bracing for a significant increase in cyber threats in 2024, with 96% of respondents expecting the threat of cyberattacks to their industry to rise, and 71% predicting an increase of more than 50%, according to Cohesity.Cyware
February 7, 2024 – General
Hackers can Use Generative AI to Manipulate Live Conversations Full Text
Abstract
IBM researchers demonstrated a technique to intercept live conversations and replace keywords based on the context, allowing for the manipulation of information, financial fraud, and even real-time changes to news broadcasts and political speeches.Cyware
February 7, 2024 – Policy and Law
Business, Technology Groups Back SolarWinds Motion to Dismiss SEC Charges Full Text
Abstract
The U.S. Chamber of Commerce and the Business Roundtable argue that the SEC has expanded its interpretation of internal accounting controls provisions beyond Congress's original intent.Cyware
February 06, 2024 – Phishing
Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials Full Text
Abstract
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer . "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer is capable of siphoning IP address-based location, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Microsoft Office documents, and a list of antivirus products installed on the compromised host. While the exact end goal of the campaign is unknown, it's likely that the stolen information is offered for sale to other threat actors. Another possibility is that Ov3r_Stealer could be updated over time to act as a QakBot-like loader for additional payloads, including ransomware. The starting point of the attack is a weapoThe Hacker News
February 06, 2024 – Vulnerabilities
Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services Full Text
Abstract
Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop , Kafka , and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service ( ReDoS ) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security researcher Lidor Ben Shitrit said in a technical report shared with The Hacker News. The list of flaws is as follows - CVE-2023-36419 (CVSS score: 8.8) - Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability CVE-2023-38156 (CVSS score: 7.2) - Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability Azure HDInsight Apache Oozie Regular Expression Denial-of-Service (ReDoS) Vulnerability (no CVE) The two privilege escalation flaws could be exploited by an authenticateThe Hacker News
February 06, 2024 – Education
How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM Full Text
Abstract
SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors. Recently, Adaptive Shield commissioned a Total Economic Impact™ (TEI) study conducted by Forrester Consulting. The study demonstrates the impactful ROI achieved by a multimedia company with an annual revenue of $10 billion. While the quantitative ROI is significant, at 201%, the qualitative security ROI improvements were substantial. Figure 1: Summary of the TEI Study In this article, we'll examine the study's findings of how Adaptive Shield's SaaS Security Posture Management (SSPM) platform impacted this global enterprise. Learn how a $10B media firm dramatically improved their security posture with SSPM The Organization's Top SaaS ChallengesThe Hacker News
February 3, 2024 – Attack
Iran-Linked Hackers Claim Attack on Albania’s Institute of Statistics Full Text
Abstract
The hackers claimed to have accessed over 100 terabytes of Albania’s geographic information system and population data, although the institute denied that recent census data was compromised.Cyware
February 03, 2024 – Policy and Law
U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks Full Text
Abstract
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, who are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). Reza Lashgarian is also the head of the IRGC-CEC and a commander in the IRGC-Qods Force. He is alleged to have been involved in various IRGC cyber and intelligence operations. The Treasury Department said it's holding these individuals responsible for carrying out "cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company." In late November 2023, the U.S. Cybersecurity and InfrasThe Hacker News
February 3, 2024 – Breach
South African Railways Lost Over $1M in Phishing Scam Full Text
Abstract
The Passenger Rail Agency of South Africa (PRASA) reported a loss of 30.6 million rand due to a phishing scam, with only half of the stolen money recovered. Insider threats, such as ghost email accounts, are suspected.Cyware
February 03, 2024 – Vulnerabilities
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account Full Text
Abstract
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as CVE-2024-23832 , has a severity rating of 9.4 out of a maximum of 10. Security researcher arcanicanis has been credited with discovering and reporting it. It has been described as an "origin validation error" ( CWE-346 ), which can typically allow an attacker to "access any functionality that is inadvertently accessible to the source." Every Mastodon version prior to 3.5.17 is vulnerable, as are 4.0.x versions before 4.0.13, 4.1.x versions before 4.1.13, and 4.2.x versions before 4.2.5. Mastodon said it's withholding additional technical specifics about the flaw until February 15, 2024, to give admins amplThe Hacker News
February 3, 2024 – Vulnerabilities
Critical Vulnerability in Mastodon Sparks Patching Frenzy Full Text
Abstract
Mastodon users and administrators need to upgrade to the latest version to patch a critical vulnerability (CVE-2024-23832) that allows attackers to take over accounts remotely.Cyware
February 03, 2024 – Breach
AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset Full Text
Abstract
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. "We have revoked all security-related certificates and systems have been remediated or replaced where necessary," the company said in a statement. "We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one." Out of an abundance of caution, AnyDesk has also revoked all passwords to its web portal, my.anydesk[.]com, and it's urging users to change their passwords if the same passwords have been reused on other online services. It's also recommending that users download the latest version of the software, which comes with a new code signing certificate . AnyDesk did not discloseThe Hacker News
February 3, 2024 – Malware
macOS Malware Campaign Showcases Novel Delivery Technique Full Text
Abstract
The backdoor, called Activator, employs a unique delivery method that backdoors the victim during the installation process, making it challenging to remove the infection even if the cracked software is removed.Cyware
February 3, 2024 – Phishing
Fake Voicemail as Credential Harvesting Lure Full Text
Abstract
The attackers disguise the email to appear as if it's from a legitimate brand, using social engineering techniques to lure recipients into clicking on what seems to be an embedded voicemail but is actually a credential harvesting page.Cyware
February 02, 2024 – APT
Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks Full Text
Abstract
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28 , have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with labor, social welfare, finance, parenthood, and local city councils. Cybersecurity firm Trend Micro assessed these intrusions as a "cost-efficient method of automating attempts to brute-force its way into the networks" of its targets, noting the adversary may have compromised thousands of email accounts over time. APT28 is also tracked by the broader cybersecurity community under the names Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422. The group, believed to beThe Hacker News
February 02, 2024 – Malware
DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027 . DirtyMoe , active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March 2022, cybersecurity firm Avast revealed the malware's ability to propagate in a worm-like fashion by taking advantage of known security flaws. The DDoS botnet is known to be delivered by means of another malware referred to as Purple Fox or via bogus MSI installer packages for popular software such as Telegram. Purple Fox is also equipped with a rootkit that allows the threat actors to hide the malware on the machine and make it difficult to detect and remove. The exact initial access vector used in the campaign targeting Ukraine is currently unknown. CERT-UA is recommending that organizaThe Hacker News
February 2, 2024 – Policy and Law
Uber Fined Nearly $11 Million by Dutch Data Regulator Full Text
Abstract
The regulatory fine resulted from complaints by French Uber drivers and a Paris-based civil society organization, highlighting the significance of user rights and privacy concerns.Cyware
February 2, 2024 – General
Payment Fraud is Hitting Organizations Harder Than Ever Before Full Text
Abstract
According to Trustpair, 96% of US companies experienced at least one fraud attempt in the past year, with 83% seeing an increase in cyber fraud. Fraudsters used various tactics such as text messages, fake websites, and CEO/CFO impersonations.Cyware
February 2, 2024 – Policy and Law
Man Sentenced to Six Years in Prison for Stealing Millions in Cryptocurrency via SIM Swapping Full Text
Abstract
A 22-year-old man from the US, Daniel James Junk, has been sentenced to 72 months in federal prison for his involvement in a fraudulent scheme that led to the theft of millions of dollars through SIM swapping.Cyware
February 2, 2024 – Government
US Senate Panel Hears Plea for Action on Bank Spoofing Scams Full Text
Abstract
A top U.S. banking lobbyist told a Senate panel Thursday there are limits to what financial institutions can do to stop scammers from draining individual banking accounts and called on regulators like the FCC to do more to combat caller ID spoofing.Cyware
February 1, 2024 – Business
Protect AI Acquires Laiyer AI to Better Secure AI Models Full Text
Abstract
The acquisition will enable organizations to benefit from Laiyer AI's LLM Guard software, which detects, redacts, and sanitizes inputs and outputs from LLMs with lower latency, while also supporting open source contributions.Cyware
February 01, 2024 – Hacker
FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network Full Text
Abstract
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security company Akamai said in a report shared with The Hacker News. FritzFrog, first documented by Guardicore (now part of Akamai) in August 2020, is a Golang-based malware that primarily targets internet-facing servers with weak SSH credentials. It's known to be active since January 2020. It has since evolved to strike healthcare, education, and government sectors as well as improved its capabilities to ultimately deploy cryptocurrency miners on infected hosts. What's novel about the latest version is the use of the Log4Shell vulnerability as a secondary infection vector to specifically siThe Hacker News
February 1, 2024 – Solution
Does CVSS 4.0 Solve the Exploitability Problem? Full Text
Abstract
The new system introduces changes such as splitting attack complexity into two parameters and categorizing user interaction into three levels, offering a more nuanced and comprehensive assessment of vulnerabilities.Cyware
February 01, 2024 – Attack
Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign Full Text
Abstract
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat . "The campaign deploys a benign container generated using the Commando project ," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this container and runs multiple payloads on the Docker host." The campaign is believed to have been active since the start of 2024, making it the second such campaign to be discovered in as many months. In mid-January, the cloud security firm also shed light on another activity cluster that targets vulnerable Docker hosts to deploy XMRig cryptocurrency miner as well as the 9Hits Viewer software. Commando Cat employs Docker as an initial access vector to deliver a collection of interdependent payloads from an actor-controlled server that is responsible for registering persistence, backdooring the host, exfiltrating cloud service providerThe Hacker News
February 1, 2024 – Business
Incognia Raises $31M in Series B Funding Full Text
Abstract
Incognia, a San Jose-based company specializing in location identity solutions, has raised $31M in Series B funding led by Bessemer Venture Partners, with participation from FJ Labs and existing investors.Cyware
February 01, 2024 – General
Why the Right Metrics Matter When it Comes to Vulnerability Management Full Text
Abstract
How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working? And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to communicate any risks to the rest of the business. So how do you know what to focus on? Cyber hygiene, scan coverage, average time to fix, vulnerability severity, remediation rates, vulnerability exposure… the list is endless. Every tool on the market offers different metrics, so it can be hard to know what is important. This article will help you identify and define the key metrics that you need to track the state of your vulnerability management program, the progress you've made, so you can create audit-ready reports that: Prove your security posture Meet vulnerability remediation SLAs anThe Hacker News
February 1, 2024 – Vulnerabilities
Zero-Day Vulnerability can Blind Defenses Relying on Windows Event Logs Full Text
Abstract
The vulnerability can be leveraged by an attacker with local network access, and until Microsoft issues a patch, users can implement micropatches provided by Acros to mitigate the risk.Cyware
February 01, 2024 – Botnet
U.S. Feds Shut Down China-Linked “KV-Botnet” Targeting SOHO Routers Full Text
Abstract
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet , was first disclosed by the Black Lotus Labs team at Lumen Technologies in mid-December 2023. The law enforcement effort was reported by Reuters earlier this week. "The vast majority of routers that comprised the KV-botnet were Cisco and NetGear routers that were vulnerable because they had reached 'end of life' status; that is, they were no longer supported through their manufacturer's security patches or other software updates," the Department of Justice (DoJ) said in a press statement. Volt Typhoon (aka DEV-0391, Bronze Silhouette, Insidious Taurus, or Vanguard Panda) is the moniker assigned to a China-based adversarial collectThe Hacker News
February 1, 2024 – Business
Aim Security Raises $10M for its GenAI Security Platform Full Text
Abstract
Tel Aviv-based Aim Security has raised $10 million in seed funding for its new GenAI security platform, led by YL Ventures and including participation from Cyber Club London and angel investors.Cyware
February 01, 2024 – Malware
HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining Full Text
Abstract
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and refining their tactics and techniques to stay ahead of the detection curve. The cloud security firm said that "the campaign has almost doubled the number of infected Redis servers," with an additional 1,100 compromised servers, up from 1,200 reported at the start of 2023. HeadCrab is designed to infiltrate internet-exposed Redis servers and wrangle them into a botnet for illicitly mining cryptocurrency, while also leveraging the access in a manner that allows the threat actor to execute shell commands, load fileless kernel modules, and exfiltrate data to a remote server. While the origins of thThe Hacker News
February 1, 2024 – Outage
Global Affairs Canada Hit by Cyberattack, Shuts Down Computer Systems to Fix Full Text
Abstract
The Foreign Ministry of Canada has been hit by a cyberattack, leading to the closure of remote access to its network. Hackers gained access to personal data, and experts suspect a foreign country, possibly Russia or China, to be behind the attack.Cyware
February 01, 2024 – Government
CISA Warns of Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication ," Apple said in an advisory, adding the issue "may have been exploited against versions of iOS released before iOS 15.7.1." The iPhone maker said the problem was addressed with improved checks. It's currently not known how the vulnerability is being weaponized in real-world attacks. Interestingly, patches for the flaw were released on December 13, 2022 with the release of iOS 16.2, iPadOS 16.2 , macOS Ventura 13.1 , tvOS 16.2 , and watchOS 9.2 , although it was only publicly disclosed more than a yearThe Hacker News