March, 2024
March 30, 2024 – Malware
Malicious Backdoor Spotted in Linux Compression Library XZ Full Text
Abstract
This supply-chain compromise may have been caught early enough to prevent widespread exploitation, and it may only mainly affect bleeding-edge distros that picked up the latest xz versions right away.The Register
March 30, 2024 – Breach
Prisma Finance Crypto Theft Caps Strange Week of Platform Breaches Full Text
Abstract
Two prominent crypto platforms were compromised this week, with millions worth of cryptocurrency stolen by hackers with confusing motives. The two platforms include the blockchain-based game Munchables and the DeFi platform Prisma Finance.The Record
March 30, 2024 – Vulnerabilities
Easy Privilege Escalation Exploit Lands for Linux Kernels Full Text
Abstract
A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14.The Register
March 30, 2024 – Malware
Over 100 Malicious Packages Target Popular ML PyPi Libraries Full Text
Abstract
Early on March 28, 2024, the Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the PyPi registry. Among those libraries are Pytorch, Matplotlib, and Selenium.Mend
March 29, 2024 – Business
Coro, Building Cybersecurity for SMBs, Locks Down $100M at a $750M Valuation Full Text
Abstract
The lead investor in this round is One Peak, the U.K. later-stage firm focusing on enterprise tech. Previous backers Energy Impact Partners and Balderton Capital are also participating.Tech Crunch
March 29, 2024 - APT
Chinese Hackers Target Family Members to Surveil Hard Targets Full Text
Abstract
According to the indictment, between 2015 and 2024, the APT31 group, linked to China’s Ministry of State Security, targeted thousands of U.S. and Western politicians, foreign policy experts, academics, journalists, and democracy activists.Cyber Scoop
March 29, 2024 – Attack
Cisco Warns of Password-Spraying Attacks Targeting Secure Firewall Devices Full Text
Abstract
The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The IT giant pointed out that the attacks are also targeting third-party VPN concentrators.Security Affairs
March 29, 2024 – General
PyPI Suspends New User Registration to Block Malware Campaign Full Text
Abstract
With thousands of packages available, the repository is an attractive target for threat actors, who often upload typosquatted or fake packages to compromise software developers and potential supply-chain attacks.Bleeping Computer
March 29, 2024 – Breach
Update: Harvard Pilgrim Health Network Updates Data Breach Total to Nearly 2.9 Million Full Text
Abstract
Harvard Pilgrim said the files involved may contain personal data and protected health information on current and former subscribers and dependents, as well as current contracted providers.The Record
March 29, 2024 – Vulnerabilities
Several ImageMagick Vulnerabilities Addressed in Ubuntu Full Text
Abstract
The vulnerabilities addressed by the updates impact several Ubuntu releases, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 23.10, Ubuntu 23.04, Ubuntu 18.04, and Ubuntu 16.04.Tux Care
March 29, 2024 – Insider Threat
Large Trove of UK Student Records Leaked Due to School Software Server Misconfiguration Full Text
Abstract
According to researcher Jeremiah Fowler, the server was affiliated with OTrack, also known as Optimum Pupil/Sonar Tracker, developed by Juniper Education. OTrack is utilized by over 7,000 primary and secondary schools across the United Kingdom.Hack Read
March 29, 2024 – General
Attackers Increasingly Exploit Enterprise Tech Zero-Days Full Text
Abstract
The discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google's latest research.The Register
March 29, 2024 – Government
CISA Issues Notice for Long-Awaited Critical Infrastructure Reporting Requirements Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) posted the 447-page set of regulations under the Cyber Incident Reporting for Critical Infrastructure Act to the Federal Register, allowing the public to comment on it.Cybersecurity Dive
March 29, 2024 – Attack
Retail Chain Hot Topic Hit by New Credential Stuffing Attacks Full Text
Abstract
Breach notification letters sent to potentially impacted customers this week reveal that attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source.Bleeping Computer
March 28, 2024 – Malware
Hackers Developing Malicious LLMs After WormGPT Falls Flat Full Text
Abstract
Cybercrooks are exploring ways to develop custom, malicious large language models after existing tools such as WormGPT failed to cater to their demands for advanced intrusion capabilities, security researchers said.Healthcare Info Security
March 28, 2024 – Phishing
‘Darcula’ Phishing-as-a-Service Operation Bleeds Victims Across 100 More Than Countries Full Text
Abstract
The Chinese-language, phishing-as-a-service platform "Darcula" has created 19,000 phishing domains in cyberattacks against more than 100 countries, Netcraft researchers say.Dark Reading
March 28, 2024 – Attack
Update: INC Ransom Claims Responsibility for Attack on NHS Scotland Full Text
Abstract
The INC Ransom group this week claimed responsibility for the assault on 'NHS Scotland', saying it stole 3TB worth of data while leaking a small number of sensitive files.The Register
March 28, 2024 – Outage
Vietnam Securities Broker Suffers Cyberattack That Resulted in Trading Suspension Full Text
Abstract
In a social media post, VNDirect described a four-stage process of restoration, starting with customer accounts, which is now complete, and followed by restoring floor trading and then its other financial services.Dark Reading
March 28, 2024 – Outage
Municipalities in Texas, Georgia See Services Disrupted Following Ransomware Attacks Full Text
Abstract
On Tuesday evening, the government of Gilmer County in Georgia posted a notice on its website warning that a ransomware attack was affecting its ability to provide services to its more than 30,000 residents.The Record
March 28, 2024 – Vulnerabilities
Google Fixes Chrome Zero-Days Exploited at Pwn2Own 2024 Full Text
Abstract
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.Bleeping Computer
March 28, 2024 – Malware
Apps Secretly Turning Devices Into Proxy Network Nodes Removed From Google Play Full Text
Abstract
Though the LumiApps’s privacy policy talks about devices being part of the LumiApps networks, app developers might not read it before starting to use the malicious SDK in their apps.Help Net Security
March 28, 2024 – Government
CISA Adds One Known Exploited Vulnerability in Microsoft Sharepoint Server to Catalog Full Text
Abstract
The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with Site Owner privileges to execute arbitrary code.CISA
March 28, 2024 – Breach
Trezor’s Twitter Account Hijacked by Cryptocurrency Scammers via Bogus Calendly Invite Full Text
Abstract
According to Trezor, someone posing as "a credible entity from the crypto space", using a Twitter account with thousands of followers, approached its PR team on February 29, 2024. The imposter asked to interview Trezor CEO Matej Zak.Bit Defender
March 28, 2024 – Government
UK: NCSC Warns of Hackers Hitting High-Risk Individuals’ Personal Accounts Full Text
Abstract
Britain's National Cyber Security Center is warning that criminals and nation-state hacking groups, confronted with well-managed corporate cybersecurity defenses, have turned their sights to individual personal devices and accounts.Bank Info Security
March 26, 2024 – Phishing
Agent Tesla’s New Ride: The Rise of a Novel Loader Full Text
Abstract
Recently, SpiderLabs identified a phishing email with an attached archive that included a Windows executable disguised as a fraudulent bank payment. This action initiated an infection chain culminating in the deployment of Agent Tesla.Trustwave
March 26, 2024 – Ransomware
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script Full Text
Abstract
Agenda ransomware group uses RMM tools, as well as Cobalt Strike for deployment of the ransomware binary. It can also propagate via PsExec and SecureShell, while also making use of different vulnerable SYS drivers for defense evasion.March 26, 2024 – Breach
Canadian Discount Retailer Giant Tiger Says Customer Data Was Compromised in Third-Party Breach Full Text
Abstract
The retailer first learned of the security incident on March 4, and concluded that customer information was involved by March 15, the company wrote in an email to customers.CBC
March 26, 2024 – APT
US Indicts Accused APT31 Chinese Hackers for Hire Full Text
Abstract
U.S. federal prosecutors indicted seven Chinese nationals they accuse of hacking for a Beijing economic and intelligence espionage group whose operations reacted to geopolitical trends.Bank Info Security
March 26, 2024 – Attack
New Zealand Government Discloses Cyberattacks by China-Linked APT40 on Two Parliamentary Agencies Full Text
Abstract
New Zealand's admission it's been on the receiving end came a day after the UK and United States detailed Chinese-supported attacks on government institutions – including the UK's Electoral Register.The Register
March 26, 2024 – Phishing
New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns Full Text
Abstract
An analysis by Sekoia revealed that the kit has emerged as one of the most prevalent AiTM phishing kits, with over 1,100 domain names detected between October 2023 and February 2024.Infosecurity Magazine
March 26, 2024 – Vulnerabilities
New ZenHammer Memory Attack Impacts AMD CPUs Based on Zen Architecture Full Text
Abstract
Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on a recent AMD Zen microarchitecture that maps physical addresses on DDR4 and DDR5 memory chips.Bleeping Computer
March 26, 2024 – Breach
Hospitals Lobby Feds to Clarify Breach Duties in UHG Attack Full Text
Abstract
The AHA is asking the Department of Health and Human Services' Office for Civil Rights for a "unified notification process" if a breach occurred in the February 21 cyberattack on UnitedHealth Group's Change Healthcare unit.Bank Info Security
March 26, 2024 – Privacy
UK Privacy Watchdog Updates Guidance on Data Protection Fines Full Text
Abstract
After suffering a data breach, organizations in the United Kingdom that work closely and transparently with regulators and cybersecurity officials will be treated with greater leniency if their case results in penalties and a fine.Bank Info Security
March 26, 2024 – Government
Senator Demands Answers From HHS About $7.5 Million Cyber Theft in 2023 Full Text
Abstract
HHS has not issued a public statement about the incident, and its Office of the Inspector General declined to confirm or deny an investigation was underway when pressed about it in January.The Record
March 25, 2024 – Phishing
Google’s New AI Search Results Promotes Sites Pushing Malware, Scams Full Text
Abstract
Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.Bleeping Computer
March 25, 2024 – Phishing
Scammers Steal Millions From FTX, BlockFi Claimants Full Text
Abstract
Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds.Help Net Security
March 25, 2024 – Outage
Sandworm-Linked Group Likely Knocked Down Ukrainian Internet Providers Full Text
Abstract
Russian state-backed hackers are likely behind recent attacks on four Ukrainian internet providers, disrupting their operations for over a week. A group known as Solntsepek claimed responsibility for the incidents on its Telegram channel last week.The Record
March 25, 2024 – Cryptocurrency
UN Probing 58 Alleged Crypto Heists by North Korea Worth $3 Billion Full Text
Abstract
In a report released March 7, the U.N. experts said they tracked the activity of “cyberthreat actors subordinate to the Reconnaissance General Bureau (RGB), including Kimsuky, the Lazarus Group, Andariel and BlueNoroff,” between 2017 and 2023.The Record
March 25, 2024 – Criminals
Police Bust Multimillion-Dollar Holiday Fraud Gang Full Text
Abstract
Police in Romania and Spain have struck a blow against a sophisticated cyber-fraud gang that tricked victims out of millions of dollars through fake ads and business email compromise (BEC) scams.Infosecurity Magazine
March 25, 2024 – Attack
Supply Chain Attack Discovered Using Fake Python Infrastructure Full Text
Abstract
The multi-stage and evasive malicious payload harvests passwords, credentials, and more dumps of valuable data from infected systems and exfiltrates them to the attacker’s infrastructure.Checkmarx
March 25, 2024 – Attack
Russian Hackers Target German Political Parties With WineLoader Malware Full Text
Abstract
The campaign has been active since late February and mainly uses phishing emails that appear to come from the German Christian Democratic Union, according to a report by Mandiant.Bleeping Computer
March 25, 2024 – Breach
Air Europa Customers Warned Their Data May Have Been Leaked Full Text
Abstract
The parent company IAG has reportedly sent out a breach notification email to affected individuals, telling them that their names, dates of birth, nationalities, ID cards, passport information, and phone numbers, have all been taken by the hackers.Yahoo
March 25, 2024 – General
Threat Groups Hit Enterprise Software, Network Infrastructure Hard in 2023 Full Text
Abstract
High-risk vulnerabilities in operating systems across major vendors such as Microsoft, Google, Apple, and Cisco, network infrastructure, including VPNs, and enterprise software, accounted for two-thirds of all active exploits in 2023.Cybersecurity Dive
March 25, 2024 – Policy and Law
Lawsuit Filed Following Greensboro College Data Breach Full Text
Abstract
The data exposed in the Greensboro College data leak encompassed a broad spectrum of personal details, including names, Social Security numbers, student identification numbers, dates of birth, passport numbers, and health information.The Cyber Expresss
March 23, 2024 – Attack
Illinois County Government, Local College Affected by Ransomware Attacks Full Text
Abstract
Henry County has been dealing with a wide-ranging cyberattack since March 18, Mat Schnepple, director of the Emergency Management (OEM) office in Henry County, confirmed to Recorded Future News.The Record
March 23, 2024 – Vulnerabilities
Mozilla Fixes Two Firefox Zero-Day Bugs Exploited at Pwn2Own Full Text
Abstract
Mozilla fixed the security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1 to block potential remote code execution attacks targeting unpatched web browsers on desktop devices.Bleeping Computer
March 23, 2024 – Phishing
Iranian TA450 Group Tries Out New Tactics on Israelis Full Text
Abstract
Iran-aligned threat actor TA450 is using fake salary, compensation and financial incentive emails to trick Israeli employees at multi-national organizations into clicking malicious links, according to researchers at security firm Proofpoint.Bank Info Security
March 23, 2024 – Malware
New Go Loader Pushes Rhadamanthys Stealer Full Text
Abstract
PuTTY is a very popular SSH and Telnet client for Windows used by IT admins for years. The threat actor bought an ad that claims to be the PuTTY homepage and appeared at the top of the Google search results page, right before the official website.Malware Bytes
March 22, 2024 – Breach
New Details on TinyTurla’s Post-Compromise Activity Reveal Full Kill Chain Full Text
Abstract
Talos’ analysis, in coordination with CERT.NGO, reveals that Turla infected multiple systems in the compromised network of a European non-governmental organization (NGO).Talos Intelligence
March 22, 2024 – General
Report: Malware Stands Out as the Fastest-Growing Threat of 2024 Full Text
Abstract
93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales. The number of enterprises experiencing ransomware attacks surged by over 27% in the past year.Help Net Security
March 22, 2024 – Phishing
Large-Scale StrelaStealer Campaign in Early 2024 Full Text
Abstract
Recently, Unit 42 researchers have identified a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and U.S. These campaigns deliver spam emails with attachments that eventually launch the DLL payload.Palo Alto Networks
March 22, 2024 – Vulnerabilities
Apple M-Series Chip Vulnerability Puts Encryption Keys at Risk Full Text
Abstract
Foresight News reported that the vulnerability poses a serious risk of leakage of wallet keys, The flaw operates as a side channel, facilitating the extraction of end-to-end keys during encrypted transactions.The Cyber Express
March 22, 2024 – Attack
Email Bomb Attacks: Filling Up Inboxes and Servers Near You Full Text
Abstract
The HHS' Health Sector Cybersecurity Coordination Center in an alert warned that email bomb attacks - also known as letter bomb attacks - pose a considerable potential threat.Healthcare Infosecurity
March 22, 2024 – Attack
Luxury Yacht Dealer Attack Claimed by Rhysida Gang Full Text
Abstract
MarineMax, which posted multibillion-dollar revenues last year, disclosed a cyberattack to the Securities and Exchange Commission (SEC) on March 10, saying portions of its business were disrupted as a result of the containment measures it enacted.The Register
March 21, 2024 – Attack
International Freight Tech Firm Isolates Canada Operations After Cyberattack Full Text
Abstract
In documents filed with U.S. regulators, the company explained that on March 14 it detected “the initial stages of a cybersecurity incident related to its Canadian operations.”The Record
March 21, 2024 – Attack
India’s Android Users Hit by Malware-as-a-Service Campaign Full Text
Abstract
According to Broadcom, the campaign distributes malicious APK packages and seeks out banking information, SMS messages, and other sensitive information from a victim's device.Dark Reading
March 21, 2024 – Phishing
Fake Obituary Sites Send Grievers to Adult Sites and Scareware Pages Full Text
Abstract
Security researchers have warned of a slew of fake obituaries designed to make money for their creators by redirecting visitors to adult entertainment sites and initiating antivirus (AV) popups.Infosecurity Magazine
March 21, 2024 – Malware
Sign1 Malware: Analysis, Campaign History & Indicators of Compromise Full Text
Abstract
The malware injects JavaScript to perform unwanted redirects by using sophisticated obfuscation techniques, including time-based randomization and XOR encoding, to evade detection.Securi
March 21, 2024 – Phishing
Tax Hackers Blitz Small Business With Phishing Emails Full Text
Abstract
Worryingly, the social engineering scammers are likely operating with little more than a cheap email list of self-employed US residents, according to the latest advisory from Malwarebytes Labs.Threat Intelligence
March 21, 2024 – Hacker
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention Full Text
Abstract
Curious Serpens has been active since at least 2013. This threat actor is associated with espionage and has targeted organizations in the Middle East, the United States, and Europe.Palo Alto Networks
March 21, 2024 – Phishing
Microsoft Warns of New Tax Returns Phishing Scams Targeting You Full Text
Abstract
These attachments, as per Microsoft Threat Intelligence’s blog post, contain malware that steals your login credentials, or they might redirect you to a fake website that looks like a legitimate tax platform designed to capture your information.Hack Read
March 21, 2024 – Vulnerabilities
Critical Flaw in Atlassian Bamboo Data Center and Server Must Be Fixed Immediately Full Text
Abstract
The vulnerability allows unauthenticated attackers to expose assets in the environment, with a high impact on confidentiality, integrity, and availability, without requiring user interaction.Security Affairs
March 21, 2024 – Attack
New ‘Loop DoS’ Attack May Impact up to 300,000 Online Systems Full Text
Abstract
Devised by researchers at the CISPA Helmholtz-Center for Information Security, the attack uses the User Datagram Protocol (UDP) and impacts an estimated 300,000 host and their networks.Bleeping Computer
March 21, 2024 – Malware
The Most Prevalent Malware Behaviors and Techniques Full Text
Abstract
An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence.Help Net Security
March 20, 2024 – General
Research Shows IT and Construction Sectors Hardest Hit By Ransomware Full Text
Abstract
New research has shed light on the profound impact of ransomware attacks on the IT and construction sectors, revealing that these industries bore the brunt of nearly half of all incidents in 2023.Infosecurity Magazine
March 20, 2024 – General
How Companies Describe Cyber Incidents in SEC Filings Full Text
Abstract
While the language businesses use in Item 1.05 filings are ultimately crafted to notify regulators and investors of potential risks, these words also signal how a company detects, mitigates, contains, and recovers from cyberattacks.Cybersecurity Dive
March 20, 2024 – Solution
Lynis: Open-Source Security Auditing Tool Full Text
Abstract
Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Its main objective is to evaluate security measures and recommend enhancing system hardening.Help Net Security
March 20, 2024 – Encryption
Microsoft Announces Deprecation of 1024-Bit RSA Keys in Windows Full Text
Abstract
1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor. Experts in the field consider 2048-bit keys safe until at least 2030.Bleeping Computer
March 20, 2024 – Attack
North Korea-Linked Group Levels Multistage Cyberattack on South Korea Full Text
Abstract
North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities.Dark Reading
March 20, 2024 – Policy and Law
Cash-Strapped Women’s Clinic Sues UnitedHealth Over Attack Full Text
Abstract
The lawsuit alleges that disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and ongoing IT outage is threatening to push the clinic and other providers into bankruptcy.Bank Info Security
March 20, 2024 – APT
Russia-Linked APT28 Targets Victims Worldwide for Intelligence Gathering Full Text
Abstract
Fancy Bear has utilized at least 11 unique lures in campaigns targeting organizations in Argentina, Ukraine, Georgia, Belarus, Kazakhstan, Poland, Armenia, Azerbaijan, and the United States.Dark Reading
March 20, 2024 – General
Infosec Teams Must be Allowed to Fail, Argues Gartner Full Text
Abstract
Zero tolerance of failure by infosec professionals is unrealistic, and makes it harder for cybersecurity folk to do the essential part of their job: recovering fast from inevitable attacks, according to Gartner analysts Chris Mixter and Dennis Xu.The Register
March 20, 2024 – Attack
Pokémon Resets Some Users’ Passwords After Hacking Attempts Full Text
Abstract
“The account system was not compromised. What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a company spokesperson said.Tech Crunch
March 20, 2024 – Vulnerabilities
50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty Full Text
Abstract
The DoD Cyber Crime Center (DC3) reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its crowd-sourced ethical hacking scheme in November 2016.Infosecurity Magazine
March 16, 2024 – Criminals
Lazarus Group Hackers Appear to Return to Tornado Cash for Money Laundering Full Text
Abstract
North Korea’s Lazarus hacking group has reportedly used the Tornado Cash mixing service to launder $23 million stolen during a November 2023 cyberattack on the HTX cryptocurrency exchange.The Record
March 16, 2024 – Breach
Update: IMF Says February Cyberattack Involved Compromise of 11 Email Accounts Full Text
Abstract
The breach was discovered on February 16, 2024, and after an investigation conducted with the help of cybersecurity experts, the nature of the breach was determined, and remediation actions were taken.The Record
March 16, 2024 – Attack
Pennsylvania’s Scranton School District Dealing with Ransomware Attack Full Text
Abstract
As a result of the attack, some computer systems and services are temporarily disrupted, causing files to be inaccessible and certain functions to operate slower than usual.The Record
March 16, 2024 – Malware
Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled Full Text
Abstract
The new BunnyLoader variant comes with a Command and Control (C2) update, modularization of the binary, and various modules such as keylogger, stealer, clipper, and DoS functions.Palo Alto Networks
March 16, 2024 – Breach
Encina Wastewater Authority Allegedly Becomes Latest Victim of BlackByte Ransomware Full Text
Abstract
As of now, the situation regarding the alleged cyberattack on Encina Wastewater Authority remains unconfirmed, and the organization has not issued an official statement or response regarding the claims made by the threat actor.The Cyber Express
March 16, 2024 – Vulnerabilities
Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins Full Text
Abstract
Thousands of WordPress websites are at risk due to critical vulnerabilities in two discontinued MiniOrange plugins, allowing attackers to escalate privileges and compromise sites.Word Fence
March 15, 2024 – General
Threat Actors are Turning to Novel Malware as Malicious Attacks Rise Full Text
Abstract
A new report by BlackBerry revealed that 62% of industry-related cyberattacks from September to December 2023 were directed at critical infrastructure providers. The use of novel malware saw a 27% increase.Cybersecurity Dive
March 15, 2024 – Solution
MobSF: Open-Source Security Research Platform for Mobile Apps Full Text
Abstract
The Mobile Security Framework (MobSF) offers both static analysis for mobile app binaries and dynamic analysis for Android and iOS applications, streamlining security assessments.Help Net Security
March 15, 2024 – Attack
Change Healthcare Locates Ransomware Attack Vector Full Text
Abstract
UnitedHealth Group reportedly identified the source of the cyberattack on its subsidiary, Change Healthcare. The company has conducted a forensic analysis and established a safe restore point to move forward with the restoration of data and systems.Cybersecurity Dive
March 15, 2024 – Attack
Scottish Health Service Says ‘Focused and Ongoing Cyber Attack’ May Disrupt Services Full Text
Abstract
In response to the cyberattack, Neil Gray, the Scottish health secretary, confirmed that established procedures are being followed to address the situation, and support is being provided to NHS Dumfries and Galloway.The Record
March 14, 2024 – Phishing
Threat Actors Leverage Document Publishing Sites for Ongoing Credential and Session Token Theft Full Text
Abstract
Threat actors are exploiting legitimate digital document publishing (DDP) sites to host phishing lures, making it harder for traditional security controls to detect and block these attacks.Talo Intelligence
March 14, 2024 – Breach
French Unemployment Agency Data Breach Impacts 43 Million People Full Text
Abstract
The stolen data includes sensitive personal details such as full name, date of birth, social security number, and contact information, posing a significant risk of identity theft and phishing.Bleeping Computer
March 14, 2024 – Outage
White House Meets With UnitedHealth, Industry Groups on Change Healthcare Cyberattack Fallout Full Text
Abstract
The cyberattack on Change Healthcare, a UnitedHealth Group subsidiary, has underscored the growing cybersecurity challenge facing the healthcare sector. The outage has disrupted critical operations, impacting claims processing and patient records.Cybersecurity Dive
March 14, 2024 – Vulnerabilities
JetBrains Vulnerability Exploitation Highlights Debate Over ‘Silent Patching’ Full Text
Abstract
Rapid7's decision to release details on the vulnerabilities led to immediate exploitation by attackers, according to JetBrains. The dispute arose from Rapid7's objection to JetBrains' preference for private patch releases and silent patching.The Record
March 14, 2024 – Ransomware
The Effects of Law Enforcement Takedowns on the Ransomware Landscape Full Text
Abstract
Following the disruption of the Qakbot botnet in August 2023, ransomware affiliates have transitioned to exploiting vulnerabilities as the primary method of delivering malware.Help Net Security
March 14, 2024 – Breach
Update: Nissan Oceania to Alert 100,000 People Affected by December 2023 Cyberattack Full Text
Abstract
The breach resulted in the theft of various sensitive information, including government identification like Medicare cards, driving licenses, passports, and tax file numbers.The Register
March 14, 2024 – Criminals
Chinese Cybercrime: Discretion is the Better Part of Valor Full Text
Abstract
The Chinese cybercrime ecosystem lacks the typical features seen in Russian and English-speaking underground forums, with a focus on discreet communication and coded language to avoid drawing attention.Bank Info Security
March 14, 2024 – Vulnerabilities
Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes Full Text
Abstract
The vulnerability affects default installations of Kubernetes earlier than version 1.28.4 running on-prem deployments and Azure Kubernetes Service, highlighting the importance of patching.Dark Reading
March 14, 2024 – Solution
BSAM: Open-Source Methodology for Bluetooth Security Assessment Full Text
Abstract
To aid manufacturers, researchers, developers, and cybersecurity professionals, the methodology includes resources for assessing the security of Bluetooth communications and will publish proofs of concept and scripts on GitHub.Help Net Security
March 14, 2024 – Breach
Bug in Irish Government Website Exposed COVID-19 Vaccination Records; Disclosure Comes After Two Years Full Text
Abstract
The vulnerability in the portal, built on Salesforce's health cloud, allowed any member of the public registering with the portal to access the vaccination records of other registered users, including personal details and internal HSE documents.Tech Crunch
March 13, 2024 – Vulnerabilities
New Research Exposes Security Risks in ChatGPT Plugins Full Text
Abstract
These vulnerabilities could allow attackers to take control of organization accounts on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII).Infosecurity Magazine
March 13, 2024 – Criminals
Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub Full Text
Abstract
The VCURMS RAT uses a Proton Mail email address for communicating with a command-and-control server and can extract and execute commands from specific subject lines in emails.Fortinet
March 13, 2024 – Outage
Billion-Dollar Boat Seller MarineMax Reports Cyberattack to SEC Full Text
Abstract
Although the boat-selling company initiated its incident response and business continuity protocols to contain the incident, there was some disruption to its business operations.The Record
March 13, 2024 – General
Report: Cloud Account Attacks Surged 16-Fold in 2023 Full Text
Abstract
A report by Red Canary highlighted that cloud account compromises using the MITRE ATT&CK technique T1078.004 surged to the fourth most prevalent technique used by threat actors, impacting three times as many organizations compared to 2022.Infosecurity Magazine
March 13, 2024 – Phishing
Tweaks Stealer Targets Roblox Users Through YouTube and Discord Full Text
Abstract
The attackers leverage YouTube by enticing users to watch videos on "How to increase FPS" that contain links to their Discord groups. Once they join, the attackers provide them with links to malicious files disguised as game tweaks and modifications.ZScalar
March 13, 2024 – Cryptocurrency
Spanish High Court Upholds Temporary Worldcoin Ban Full Text
Abstract
The Spanish High Court upheld a three-month ban on Worldcoin, a digital identity and cryptocurrency platform, due to privacy concerns raised by the country's data regulator.Bank Info Security
March 13, 2024 – Phishing
FakeBat Delivered via Several Active Malvertising Campaigns Full Text
Abstract
The malvertising campaigns employed a new redirection chain, abusing legitimate websites to evade detection, with several campaigns impersonating brands such as OneNote, Epic Games, and the Braavos smart wallet application.Malware Bytes
March 13, 2024 – Business
Nozomi Networks Raises $100 Million to Help Secure Critical Infrastructure Full Text
Abstract
The investment, which includes contributions from Mitsubishi Electric and Schneider Electric, underscores the growing need for OEM-agnostic security solutions in the face of escalating attacks on critical infrastructure worldwide.Help Net Security
March 13, 2024 – Privacy
Tor’s New WebTunnel Bridges Mimic HTTPS Traffic to Evade Censorship Full Text
Abstract
While some countries have found ways to detect and block traditional Tor connections, the Tor Project has developed WebTunnel to make it harder for censors to block connections by blending the traffic with HTTPS-encrypted web traffic.Bleeping Computer
March 13, 2024 – Breach
Over 2.3 Million Records of Family Entertainment Business Exposed in Data Leak Full Text
Abstract
Cybersecurity Researcher, Jeremiah Fowler, discovered a non-password protected database containing over 2.3 million documents belonging to Kids Empire, a US operator of recreational centers.VPN Mentor
March 12, 2024 – Ransomware
New DoNex Ransomware Observed in the Wild Targeting Enterprises Full Text
Abstract
The DoNex ransomware strain is actively targeting companies in the United States and Europe, employing a double-extortion method to hold files and sensitive data hostage.TTB Antivirus
March 12, 2024 – Government
ODNI Appoints New Election Security Leader Ahead of Presidential Race Full Text
Abstract
The Office of the Director of National Intelligence (ODNI) has appointed Jessica Brandt as the director of the Foreign Malign Influence Center, which aims to combat foreign interference in U.S. elections.The Record
March 12, 2024 – Business
Steadybit’s Chaos Engineering Platform Attracts $6M in Series A Funding Full Text
Abstract
By simulating disturbances and potential failures, Steadybit helps organizations preempt and mitigate system vulnerabilities, ultimately improving performance and user experience.Tech EU
March 12, 2024 – Vulnerabilities
Experts Released PoC Exploit for Critical Progress Software OpenEdge Bug Full Text
Abstract
Researchers from Horizon3.ai have disclosed technical details and a proof-of-concept exploit for a critical security flaw (CVE-2024-1403) in Progress Software OpenEdge Authentication Gateway and AdminServer.Security Affair
March 12, 2024 – Cryptocurrency
Report: Victims Lose $47 Million to Crypto Phishing Scams in February Full Text
Abstract
Impersonated accounts on X, formerly known as Twitter, have been responsible for a majority of crypto phishing attacks in the previous month. Per Scam Sniffer, victims lost almost $47 million to cybercriminals who stole from over 57,000 individuals.Infosecurity Magazine
March 12, 2024 – Hacker
Muddled Libra Threat Group Abuses Pentesting Tools to Infiltrate Networks Full Text
Abstract
Muddled Libra threat actors leverage pentesting tools to identify vulnerabilities in target systems and networks, enabling them to exploit security gaps and gain unauthorized access.GBHackers
March 12, 2024 – Phishing
Tax-Related Scams Escalate as Filing Deadline Approaches Full Text
Abstract
Scammers are taking advantage of the rush to file personal federal income tax returns, using tactics such as impersonation, phone calls, tax identity theft, phishing scams, and unethical tax return preparers.Help Net Security
March 12, 2024 – Criminals
Incognito Darknet Market Mass-Extorts Buyers, Sellers Full Text
Abstract
The darknet narcotics market Incognito Market is extorting its vendors and buyers by threatening to publish their cryptocurrency transaction and chat records if they refuse to pay a fee.Krebson Security
March 12, 2024 – General
Report: Three-Quarters of Cyber Incident Victims are Small Businesses Full Text
Abstract
Over 90% of cyber-attacks on small and medium businesses involve data or credential theft, with a notable increase in information-stealing malware targeting macOS, according to Sophos.Infosecurity Magzaine
March 12, 2024 – Malware
Malicious PyPI Packages Target Crypto Wallet Recovery Passwords in BIPClip Campaign Full Text
Abstract
The malicious packages used name squatting, disguised dependencies, and legitimate-looking code to steal mnemonic phrases, evading detection and targeting crypto assets without broader system compromise.Reversing Labs
March 11, 2024 – Attack
Belgian Village Whose Brewery was Hit by Cyberattack Faces Another on its Coffee Roastery Full Text
Abstract
The Belgian village of Breendonk has experienced cyberattacks targeting both Duvel Moortgat Brewery and local coffee roasters Koffie Beyers, with the incidents occurring at the same time and in close geographic proximity.The Record
March 11, 2024 – Attack
BianLian Group Exploits JetBrains TeamCity Bugs in Ransomware Attacks Full Text
Abstract
The BianLian ransomware group exploited vulnerabilities in JetBrains TeamCity software to gain initial access to target environments. The group attempted to execute a custom GO backdoor but switched to LotL and utilized a PowerShell backdoor instead.Security Affairs
March 11, 2024 – Malware
Fake Leather Wallet App on Apple App Store is a Crypto Drainer Full Text
Abstract
The developers of the Leather cryptocurrency wallet have issued a warning about a counterfeit app on the Apple App Store. This fake app has led to users reporting that it drains their wallets and steals their digital assets.Bleeping Computer
March 11, 2024 – Business
Funding Round Secures $20M for Reach Security Full Text
Abstract
The Series A funding was led by new investors Ballistic Ventures and Artisanal Ventures, as well as existing backers Webb Investment Network, Ridge Ventures, and TechOperators.SC Magazine
March 11, 2024 – Outage
UK: Cyberattack Cripples Leicester City Council Systems Until ‘At Least Midweek’ Full Text
Abstract
While the nature of the cyberattack has not been disclosed, it is noted that this incident is part of a series of attacks on local authorities this year, with the latest affecting the council's ability to provide essential services.Leicestershire
March 11, 2024 – Privacy
Dozens of Data Brokers Disclose Selling Reproductive Healthcare Info, Precise Geolocation and Data Belonging to Minors Full Text
Abstract
New information from the state of California reveals that many data brokers collect and sell sensitive information, including data related to reproductive health, geolocation, and minors.The Record
March 11, 2024 – Attack
Iran-Linked ‘Lord Nemesis’ Group Appears Intent on Intimidating Israeli Organizations, Report Says Full Text
Abstract
An Iranian state-backed hacking group, known as Lord Nemesis, targeted an Israeli academic administration software company called Rashim Software. The attackers used their access to infiltrate several of the company's clients.The Record
March 11, 2024 – Education
How New and Old Security Threats Keep Persisting Full Text
Abstract
New research by Cymulate highlights the correlation between threat exposures, vulnerabilities, misconfigurations, and security controls. It emphasizes the importance of proactive security measures to prevent cyberattacks.Help Net Security
March 11, 2024 – Outage
CISA Forced to Take Two Systems Offline Last Month After Ivanti Compromise Full Text
Abstract
The breach was limited to two systems, the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT), which house critical information about U.S. infrastructure interdependency and private sector chemical security plans.The Record
March 11, 2024 – Policy and Law
Bills Targeting Data Brokers and TikTok Approved in House Committee Full Text
Abstract
The House Energy and Commerce Committee approved two significant data privacy bills, including one targeting TikTok's Chinese ownership and another blocking data brokers from selling Americans' data to foreign adversaries.The Record
March 9, 2024 – Vulnerabilities
Canva Warns of Three Security Vulnerabilities in Fonts Full Text
Abstract
The first, CVE-2023-45139, involved a high-severity bug in the FontTools library. The second and third vulnerabilities, CVE-2024-25081 and CVE-2024-25082, were related to naming conventions and compression.The Register
March 9, 2024 – Criminals
Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools Full Text
Abstract
The Tycoon and Storm-1575 threat groups use stealthy tactics, social engineering, and phishing techniques to bypass MFA protections and target Microsoft 365 credentials at large US school districts.Hack Read
March 9, 2024 – Vulnerabilities
Flaws in Public Records Management Tool Could Let Hackers Nab Sensitive Data Linked to Requests Full Text
Abstract
The GovQA platform, used by state and local governments for public records requests, had vulnerabilities that could have allowed hackers to access sensitive personal information, edit requests, and download unsecured files.Nextgov
March 9, 2024 – Malware
New Malware Campaign Found Exploiting Stored XSS in Popup Builder Full Text
Abstract
A new malware campaign was found targeting the Popup Builder WordPress plugin, exploiting a vulnerability disclosed in November 2023. The campaign injects malicious code into websites, leading to over 3,300 infections.Sucuri
March 9, 2024 – Government
CISA Adds Apple iOS and iPadOS Memory Corruption Bugs to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
These memory corruption vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, were exploited in attacks against iPhone devices. Apple released emergency security updates to address these zero-day vulnerabilities.Security Affairs
March 8, 2024 – General
Law Enforcement Personnel Say LexisNexis Retaliated When Asked to Remove Data Full Text
Abstract
More than 18,000 New Jersey law enforcement personnel are alleging that LexisNexis retaliated against them by freezing their credit and falsely reporting them as identity theft victims after they requested their information to remain private.The Record
March 8, 2024 – General
Today’s Biggest AI Security Challenges Full Text
Abstract
Adversaries can exploit AI-powered applications to manipulate information, create harmful content, and develop deep fake media, posing significant risks to organizations.Help Net Security
March 8, 2024 – General
Report: 78% of MSPs Identify Cybersecurity as Prime IT Challenge Full Text
Abstract
Investment in the right technology and IT partners has led to fewer SMBs experiencing cyberattacks, with 64% of MSPs reporting less than 10% of their SMB customers being hit, according to Kaseya.Help Net Security
March 8, 2024 – Disinformation
Russian Influence Operations Against Baltic States and Poland Having ‘Significant Impact’ on Society Full Text
Abstract
These campaigns aim to downplay the impact of Western sanctions on Russia's economy, fuel confrontation among Western countries, and spread fear and panic among the targeted populations.The Record
March 8, 2024 – Vulnerabilities
Google Releases Android March 2024 Patches, Including Fixes for Two Critical Issues Full Text
Abstract
Google has released the Android March 2024 security patches, addressing a total of 38 vulnerabilities, including two critical issues. These vulnerabilities could lead to remote code execution and elevation of privilege for attackers.Beyond Machines
March 8, 2024 – Solution
Tazama: Open-Source Real-Time Fraud Management Full Text
Abstract
Tazama is an open-source platform that offers scalable and cost-effective solutions for fraud management in digital payment systems, aiming to democratize access to advanced financial monitoring tools.Help Net Security
March 8, 2024 – Malware
New Python-Based Snake Info-Stealer Spreads Through Facebook Messages Full Text
Abstract
The Snake malware campaign has been active since at least August 2023 and is attributed to Vietnamese-speaking individuals based on indicators such as targeted browsers and comments in the scripts.Security Affairs
March 8, 2024 – Disinformation
National Intelligence Agency of Moldova Warns of Russia Attacks Ahead of the Presidential Election Full Text
Abstract
The Russian cyber operations are expected to manipulate public sentiment, interfere with the referendum to join the EU, and discredit pro-European candidates during the presidential elections.Security Affairs
March 8, 2024 – Government
CISA, NSA Share Best Practices for Securing Cloud Services Full Text
Abstract
The NSA and CISA have issued five joint bulletins outlining best practices for securing cloud environments, covering identity and access management, key management, encryption, data security, and mitigating risks from managed service providers.Bleeping Computer
March 8, 2024 – APT
China-Linked Evasive Panda APT Leverages Monlam Festival to Target Tibetans Full Text
Abstract
The attacks involved compromising websites, such as the Kagyu International Monlam Trust's website, to specifically target users in India, Taiwan, Hong Kong, Australia, and the U.S.Welive Security
March 7, 2024 – Attack
Minnesota’s South St. Paul Public Schools Investigating Potential Cybersecurity Threat Full Text
Abstract
This incident is impacting online platforms, emails, and other digital services. The school district is working to restore its systems and maintain a secure online environment for students and staff.Twin Cities
March 7, 2024 – Outage
Canadian City Says Timeline for Recovery From Ransomware Attack ‘Unknown’ Full Text
Abstract
The city of Hamilton, Canada, is recovering from a ransomware attack that has disrupted online government services, forcing residents to use cash transactions and manual methods for payments.The Record
March 7, 2024 – Breach
Ransomware Attackers Leak Sensitive Swiss Government Documents, Login Full Text
Abstract
The leaked data included 65,000 documents, with 5% related to the federal government. Most of the leaked federal government files contained personal data, technical information, classified data, and passwords.Infosecurity Magazine
March 7, 2024 – Vulnerabilities
Update: Critical TeamCity Flaw Now Widely Exploited to Create Admin Accounts Full Text
Abstract
Hackers are exploiting a critical authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, leading to the creation of hundreds of unauthorized users on unpatched instances.Bleeping Computer
March 7, 2024 – Outage
Duvel Says It Has “More Than Enough” Beer After Ransomware Attack Full Text
Abstract
The Duvel Moortgat Brewery in Belgium was hit by a ransomware attack, causing the halt of beer production in their bottling facilities. The company's IT systems detected the attack, leading to an immediate stop in production.Bleeping Computer
March 7, 2024 – General
AI Tools Put Companies at Risk of Data Exfiltration Full Text
Abstract
The rise of GenAI, along with cloud applications, has made it challenging to monitor and protect critical data. As a result, organizations are concerned about the impact of AI on sensitive data and struggle to comply with data protection laws.Help Net Security
March 7, 2024 – Policy and Law
Feds Get Second Guilty Plea in Prosecution of Nigerian-Led BEC Case Full Text
Abstract
Nigerian national Henry Onyedikachi Echefu pleaded guilty to wire fraud and money laundering in connection with a $6 million business email compromise scheme dating back to 2017.The Record
March 7, 2024 – General
ITRC Finds Online Job Scams on the Rise Full Text
Abstract
The surge in online job scams, targeting job seekers for personal information, has seen a significant increase in reported incidents, with a 545% spike in January 2024 compared to December 2023, according to the Identity Theft Resource Center (ITRC).Security Boulevard
March 7, 2024 – Solution
RiskInDroid Performs Open-Source Risk Analysis of Android Apps Full Text
Abstract
RiskInDroid is an open-source tool for analyzing the risk level of Android applications using machine learning. Unlike other tools, RiskInDroid conducts reverse engineering on apps to extract permissions and assess their usage in the bytecode.Help Net Security
March 7, 2024 – Policy and Law
EU Agrees ‘Cyber Solidarity Act’ to Bolster Incident Response and Recovery Full Text
Abstract
The regulations will establish an EU-wide cybersecurity alert system and a cybersecurity emergency mechanism to support preparedness, financial assistance, and a cybersecurity reserve for large-scale incidents.Infosecurity Magazine
March 6, 2024 – General
Organizations are Knowingly Releasing Vulnerable Applications Full Text
Abstract
Application security responsibilities have shifted to involve both AppSec managers and developers, with a high percentage of companies knowingly releasing vulnerable applications due to time and business pressures.Help Net Security
March 6, 2024 – Business
CrowdStrike to Buy Israeli Data Defense Vendor Flow Security Full Text
Abstract
CrowdStrike has announced plans to acquire Tel Aviv-based Flow Security, a data security posture management startup, for an undisclosed amount with the deal expected to close by the end of April.Bank Info Security
March 6, 2024 – Business
Hornetsecurity Buys Vade to Fuel Strength in France, Germany Full Text
Abstract
The joint company plans to integrate their products and teams by the end of 2024, enabling MSPs to manage security, compliance, and data loss prevention for Microsoft 365 from a single control portal.Bank Info Security
March 6, 2024 – Malware
Researchers Warn of Stuxnet-Style Web-Based PLC Malware Full Text
Abstract
Researchers from the Georgia Institute of Technology have developed web-based malware called IronSpider, targeting modern programmable logic controllers (PLCs) used in industrial control systems.Industrial Cyber
March 6, 2024 – Business
– Business
DTEX Systems Raises $50M in Series E Funding Full Text
Abstract
The funding round was led by CapitalG, with James Luo joining the DTEX board of directors. The company plans to utilize the funding to expand its U.S. engineering team and grow its global go-to-market operations.Finsmes
March 6, 2024 – Breach
Fidelity Customers’ Financial Information Feared Stolen in Cyberattack Full Text
Abstract
Nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information, including bank account and routing numbers, may have been stolen after criminals breached Infosys' IT systems.The Register
March 6, 2024 – Vulnerabilities
Apple Emergency Security Updates Fix Two New iOS Zero-Days Full Text
Abstract
The vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, are related to kernel and RTKit memory corruptions. The affected devices include iPhone XS and later, iPad Pro, iPad Air, and iPad mini models.yware
March 6, 2024 – Business
Axonius, a Specialist in Cyber Asset Management, secures $200M at a $2.6B Valuation Full Text
Abstract
Axonius, a leader in enterprise asset management, has secured an additional $200 million in funding to support its business expansion. The investment is an extension of its existing Series E round, maintaining a valuation of $2.6 billion.Tech Crunch
March 6, 2024 – Malware
New WogRAT Malware Abuses Online Notepad Service to Store Malicious Code Full Text
Abstract
The 'WogRAT' malware targets both Windows and Linux systems and uses the online notepad platform 'aNotepad' to store and retrieve malicious code, making its infection chain stealthy.Bleeping Computer
March 6, 2024 – Malware
Android and Windows RATs Distributed Via Online Meeting Lures Full Text
Abstract
The attackers used fake Russian-language online meeting sites hosted on a single IP address to distribute malicious APK and BAT files targeting Windows and Android users.ZScalar
March 5, 2024 – Breach
Mr. Green Gaming Suffers Data Breach, Exposing Personal Information of 27,000 Users Full Text
Abstract
The Mr. Green Gaming data breach compromised the sensitive information of approximately 27,000 users, highlighting the urgent need for enhanced cybersecurity measures in the gaming industry.The Cyber Express
March 5, 2024 – Outage
Cyberattack Forces Canada’s Financial Intelligence Agency to Take Systems Offline Full Text
Abstract
Canada’s financial intelligence agency FINTRAC has experienced a cybersecurity incident, prompting the agency to take its corporate systems offline as a precautionary measure.The Record
March 5, 2024 – Malware
New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs Full Text
Abstract
The malware uses DLL sideloading techniques to discreetly execute malicious code, actively monitors victims' interactions with financial portals, and communicates with a C2 server to facilitate data theft and deceptive pop-up windows.Hack Read
March 5, 2024 – Ransomware
GhostLocker 2.0 Haunts Businesses Across Middle East, Africa, and Asia Full Text
Abstract
Cybercriminal groups GhostSec and Stormous have collaborated to unleash GhostLocker 2.0 ransomware in targeted attacks across the Middle East, Africa, and Asia, affecting organizations in various sectors.Dark Reading
March 5, 2024 – Ransomware
Update: BlackCat Ransomware Turns off Servers Amid Claim They Stole $22 Million Ransom Full Text
Abstract
The shutdown may indicate an exit scam, with the affiliate claiming they still have critical data from Optum and other providers, while ALPHV/BlackCat has shut down its negotiation sites and messaging platform.Bleeping Computer
March 5, 2024 – Attack
Hacktivist Collective NoName057(16) Strikes European Targets Full Text
Abstract
The cyber threat actor NoName057(16) is adapting its DDoS tactics with enhanced encryption and tailored software versions to target European entities, particularly those supporting Ukraine.Infosecurity Magazine
March 5, 2024 – Breach
Ukraine Claims it Hacked Russian Ministry of Defense Servers Full Text
Abstract
The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense has announced that it successfully breached the servers of the Russian Ministry of Defense (Minoborony) and obtained sensitive documents.Bleeping Computer
March 5, 2024 – Attack
South Korea Says Semiconductor Industry Targeted by Cyber-Spies From North Korea Full Text
Abstract
The National Intelligence Service (NIS) of South Korea reported that North Korean hackers targeted two South Korean microchip equipment companies, using "living-off-the-land" techniques to steal product designs and facility photos.The Record
March 5, 2024 – Malware
Self-Propagating Worm Created to Target Generative AI Systems Full Text
Abstract
Researchers from Israel Institute of Technology, Intuit and Cornell Tech have developed a computer worm called "Morris II" that targets generative AI (GenAI) applications to spread malware and steal personal data.Infosecurity Magazine
March 5, 2024 – Outage
Update: Optum Offering Financial Aid to Some Providers Hit by Outage Full Text
Abstract
UnitedHealth Group is offering short-term financial assistance to healthcare providers affected by the Change Healthcare IT outage, providing interest-free, fee-free funding.Bank Info Security
March 4, 2024 – Business
Silence Laboratories, a Cryptographic Security Startup, Secures Funding Full Text
Abstract
The funding, co-led by Pi Ventures and Kira Studio, brings the total raised to $6 million. The company plans to use the funding to expand its teams and research and development efforts.Tech Crunch
March 4, 2024 – Breach
American Express Credit Cards Exposed in Vendor Data Breach Full Text
Abstract
American Express has issued a data breach notification after one of its service providers experienced unauthorized access to its systems. This has led to the exposure of American Express Card account numbers, names, and card expiration dates.Bleeping Computer
March 4, 2024 – Vulnerabilities
Update: Ivanti Disputes CISA Findings of Post-Factory Reset Hacking Full Text
Abstract
Ivanti disputes the U.S. cybersecurity agency's claim that hackers can establish persistence on rooted appliances through a factory reset, stating that it won't succeed in a live customer environment.Cyware
March 4, 2024 – Breach
Update: ALPHV Website Goes Down Amid Growing Fallout From Change Healthcare Attack Full Text
Abstract
The website used by the ransomware group responsible for breaching a major US healthcare payment processor went down, causing financial pressure on medical providers and difficulty for consumers to access medicine.Cyware
March 4, 2024 – Breach
NTT Boss Takes Early Retirement to Atone for Data Leak Full Text
Abstract
NTT West president resigned to take responsibility for the leak of 9.28 million customers' data, reflecting the significance of social responsibility in Japanese corporate culture.Cyware
March 4, 2024 – Ransomware
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO Full Text
Abstract
The RA World ransomware employs multi-stage components to target healthcare organizations in the Latin American region, signifying a strategic and targeted approach to compromising systems within the target network.Cyware
March 4, 2024 – General
Cybercriminals Harness AI for New Era of Malware Development Full Text
Abstract
The Group-IB Hi-Tech Crime Trends 2023/2024 report highlights the increasing alliance between ransomware groups and initial access brokers, leading to a 74% rise in companies having their data uploaded on leak sites.Cyware
March 4, 2024 – Policy and Law
U.S. Judge Ordered NSO Group to Hand Over the Pegasus Spyware Code to WhatsApp Full Text
Abstract
This decision came after Meta won a legal battle against NSO Group. The lawsuit originated from allegations that NSO Group had conducted malicious attacks against WhatsApp users.Cyware
March 4, 2024 – Policy and Law
U.S. Authorities Charged an Iranian National for Long-Running Hacking Campaign Full Text
Abstract
Iranian national Alireza Shafie Nasab has been charged by the U.S. DoJ for orchestrating a multi-year hacking campaign targeting U.S. government and defense entities, using techniques like spear phishing and social engineering.Cyware
March 4, 2024 – Phishing
Malicious Meeting Invite Fix Targets Mac Users Full Text
Abstract
Scammers impersonating cryptocurrency investors on Telegram are luring targets into fake partnership meetings, using AppleScripts to compromise Mac users and gain administrator permissions.Cyware
March 2, 2024 – Breach
Taiwan’s Biggest Telco Breached by Suspected Chinese Hackers Full Text
Abstract
Hackers stole sensitive information, including military and government documents, from Chunghwa Telecom and sold it on the dark web. The leaked data included documents from the armed forces, foreign affairs ministry, coast guard, and other units.Cyware
March 2, 2024 – Criminals
Police Seized Crimemarket, the Largest German-Speaking Cybercrime Marketplace Full Text
Abstract
The platform had over 180,000 registered users and was accessible through both the "Darknet" and the "Clearnet." The investigation is ongoing, with plans to identify and target the platform's users.Cyware
March 2, 2024 – Government
CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2023-29360 Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog, which allows attackers to gain SYSTEM privileges.Cyware
March 2, 2024 – Government
UK Unveils Draft Cybersecurity Governance Code Full Text
Abstract
The UK Department for Science, Innovation and Technology (DSIT) has revealed what its future Cybersecurity Governance Code of Practice will look like and the five principals it will include.Cyware
March 2, 2024 – Phishing
CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack Full Text
Abstract
A sophisticated phishing kit with novel tactics targets cryptocurrency platforms and the FCC through a combination of email, SMS, and voice phishing, successfully stealing high-quality data from mobile device users in the United States.Cyware
March 1, 2024 – Breach
Golden Corral Restaurant Chain Suffers Data Breach Impacting 183,000 People Full Text
Abstract
The stolen data may include a wide range of personal information such as Social Security numbers, financial account details, medical information, and usernames and passwords.Cyware
March 1, 2024 – Government
FBI, CISA Release IoCs for Phobos Ransomware Full Text
Abstract
The Phobos ransomware strain, distributed through ransomware-as-a-service, has targeted a wide range of organizations, including governments, healthcare, education, and critical infrastructure sectors.Cyware
March 1, 2024 – Malware
New Bifrost Variant Uses Domain Deception Tactic to Deceive Users Full Text
Abstract
The latest variant of BIFROSE masquerades as VMware by reaching out to a deceptive domain. There has been a spike in BIFROSE activity since October 2023, and a new Arm version of the malware has been discovered.Cyware
March 1, 2024 – Vulnerabilities
Researchers Found a Zero-Click Facebook Account Takeover Full Text
Abstract
The critical vulnerability in Facebook's password reset process involved a rate-limiting issue in a specific endpoint, which could be exploited to brute-force a nonce and gain access to a user's account.Cyware
March 1, 2024 – Breach
Leaky Database Spilled 2FA Codes for Global Tech Giants Full Text
Abstract
An exposed database belonging to YX International leaked sensitive data including one-time security codes for major tech and online companies like Facebook, Google, and TikTok.Cyware
March 1, 2024 – Breach
Law Firm Reports Data Breach Affecting More Than 325,000 People Full Text
Abstract
The breached data included names, Social Security numbers, financial account information, and medical information. An unauthorized third party accessed the firm's network, leading to a data breach.Cyware
March 1, 2024 – Attack
Update: Irish Foreign Affairs Ministry Says ‘No Evidence’ of Cyber Breach Following Extortion Claim Full Text
Abstract
The Department of Foreign Affairs in Ireland has found no evidence to support the claim of a cyber extortion group called Mogilevich that it stole data from their IT systems.Cyware
March 1, 2024 – Ransomware
Abyss Locker Ransomware Attacks Both Windows And Linux Users Full Text
Abstract
This ransomware steals and encrypts files, demanding ransom for decryption and not releasing stolen data. It is based on the HelloKitty ransomware source code and has been observed in various regions.Cyware
March 1, 2024 – Malware
Chinese PC-Maker Acemagic Shipped Machines Infected with Malware Full Text
Abstract
The company attributed the infection to software adjustments made by developers to reduce boot times, which inadvertently affected network settings and omitted digital signatures.Cyware
March 1, 2024 – Attack
New Silver SAML Attack Bypasses Golden SAML MItigations Full Text
Abstract
The technique works with identity providers like Microsoft Entra ID and can enable attackers to access applications by forging SAML responses with compromised private keys.Cyware