Okta customers targeted in social engineering scam
Help desk staff duped into resetting MFA on Okta super admin accounts, allowing threat actors to move laterally across targeted organizations.
Attackers access military data through fencing supplier
Irony, not barbed wire, cuts the deepest
China Bans iPhone Use for Government Officials at Work
The directive is the latest step in Beijing’s campaign to cut reliance on foreign technology and could hurt Apple’s business in the country.
Zaun Data Breach
Zaun Data Breach – Update. Zaun Ltd - fencing and gate manufacturers. Our ranges include perimeter and security fencing, gates and railings.
Is macOS’s new XProtect behavioural security preparing to go live?
Apple released its first update to its new behavioural security protection in XProtect Behaviour Service on 8 August, and again on 1 September. Here are the details.
Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy
Child safety group Heat Initiative plans to launch a campaign pressing Apple on child sexual abuse material scanning and user reporting. The company issued a rare, detailed response on Thursday.
The Emergence of Ransomed: An Uncertain Cyber Threat in the Making
Ransomed, originally an illicit forum, is a ransomware collective that is finding new ways to extort victims by leveraging GDPR laws.
Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets
A group that operates through a data leak blog called Ransomed tells its alleged victims that shelling out an extortion payment is smarter than facing a government fine for a data breach.
Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
Roughly 78% of healthcare organizations fell victim to a cyberattack over the past year and 60% of the incidents impacted care delivery
VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard
In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021
Developers in the cryptocurrency sphere are being targeted once again, as yet another threat actor has been exposed. This user has been publishing malicious NPM packages with the purpose of exfiltrating sensitive data such as source code and configuration files from the victim’s machines. The threat actor behind this campaign has been linked to malicious activity dating back to 2021. Since then, they have continuously published malicious code.
New Twitter scam in China: sextortion scammers
Chinese sextortion scam accounts flood X (previously Twitter) after the platform introduced a blue-check policy allowing users to buy verified badges.
Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants
Hackers are modifying the open source code of a popular malware strain, adding tools and functions that make it easier to steal data.
LogicMonitor customers hit by hackers, because of default passwords | TechCrunch
An unknown number of LogicMonitor's customers have been hacked due to the fact that the company set weak default passwords.
Unmasking Trickbot, One of the World’s Top Cybercrime Gangs
A WIRED investigation into a cache of documents posted by an unknown figure lays bare the Trickbot ransomware gang’s secrets, including the identity of a central member.
Qakbot Malware Takedown and Defending Forward
On Tuesday, August 29, 2023, the Federal Bureau of Investigations Los Angeles announced that they and other international partners disrupted the Qakbot malware infrastructure in a successful takedown. First things first, this is awesome!!!
Raising Online Defenses Through Transparency and Collaboration | Meta
We're sharing a look into our defense strategy and the latest news on how we build it into our products. A recent study shows that de-platforming hate networks reduces consumption and production of hateful content on Facebook and diminishes the ability of these hate networks to operate online. We’re sharing new threat research on two of the largest known covert influence operations in the world from China and Russia, targeting 50+ apps and countries, including the US. * We added new transparency features to Threads, including state-controlled media labels to help people know exactly who they interact with on the new app.
How NightOwl for Mac Added a Botnet
NightOwl was supposed to make Macs work in dark mode. After a recent update, one developer discovered it was siphoning users’ data through a botnet.
It Costs Just $400 to Build an AI Disinformation Machine
A developer used widely available AI tools to generate anti-Russian tweets and articles. The project is intended to highlight how cheap and easy it has become to create propaganda at scale.
Xplain: les données de procédures pénales en cours sont sur le darknet
Suite à l’attaque contre le prestataire Xplain, des données sensibles issues des enquêtes du Parquet fédéral sont sur le dark web, selon les d'investigation du quotidien Le Temps. Une procédure de mise à jour d’un logiciel de Fedpol ne se serait pas déroulée comme le prévoit un protocole pourtant mis en place.
Exposing DuckTail
A comprehensive exploration of DuckTail's sophisticated infrastructure and insights gained from months of monitoring.
Qakbot botnet infrastructure shattered after international operation
Active since 2007, this prolific malware (also known as QBot or Pinkslipbot) evolved over time using different techniques to infect users and compromise systems. Qakbot infiltrated victims’ computers through spam emails containing malicious attachments or hyperlinks. Once installed on the targeted computer, the malware allowed for infections with next-stage payloads such as ransomware. Additionally, the infected computer became part of...
Telekopye: Hunting Mammoths using Telegram bot
ESET researchers uncover a toolkit that operates as a Telegram bot and helps scammers target victims on online marketplaces, mainly in Russia.
The Cheap Radio Hack That Disrupted Poland’s Railway System
The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.
Qakbot botnet dismantled after infecting over 700,000 computers
Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI and known as Operation 'Duck Hunt.'
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
UNC4841 has continued operations despite Barracuda ESG zero-day remediation efforts.
Attacks on Citrix NetScaler systems linked to ransomware actor
A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.
Adversary On The Defense: ANTIBOT.PW
Discover the lifecycle of a commercial web traffic filtering service originating from a GitHub project and how it found success within phishing operations, including how it evolved into a commercial platform offering under new branding.
#FuckStalkerware pt. 3 - ownspy got, well, owned
we continue our series on stalkerware with a write-up and batch of data sent to me by a source last night. this time it is the brazilian ownspy (aka webdetective and saferspy, by mobileinnova) that has been completely hacked. among other things ownspy claims to be the #1 most privacy focused "parental control app" allegedly featuring E2E encryption, if this sounds too good to be true that's because it mostly is, but more on that later.
GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room
International cybercrime, as portrayed by the movies and mass media, is a high-stakes game of shadowy government agencies and state-sponsored hacking groups. Hollywood casting will wheel out a charact...