Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance
The targeting of the Republican presidential ticket’s phones is part of what appears to be a wide-ranging effort to gather information about American leaders.
Rubavano informazioni da banche dati strategiche e nazionali: sei indagati. Spiati anche alcuni politici
Quattro le persone ai domiciliari e due sotto misura interdettiva. Tra loro appartenenti o ex delle forze dell'ordine e hacker
Fake IT Workers: How HYPR Stopped a Fraudulent Hire
HYPR recently experienced a fake IT worker attempting to gain employment. We are sharing the details to bring awareness to how widespread the problem is.
Embargo ransomware: Rock’n’Rust
ESET researchers uncover new Rust-based tools that we named MDeployer and MS4Killer and that are actively utilized by a new ransomware group called Embargo.
The Global Surveillance Free-for-All in Mobile Ad Data – Krebs on Security
Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a…
Triad Nexus: Silent Push exposes FUNNULL CDN hosting DGA domains for suspect Chinese gambling sites, investment scams, a retail phishing campaign, and a polyfill.io supply chain attack impacting 110,000+ sites
Key findings Executive summary Background Join the Silent Push Community Sign up for a free Silent Push Community account FUNNULL and fake trading apps FUNNULL’s CDN, rising up from corrupted soil Additional hostname analysis FUNNULL CNAME chains An in-depth look at FUNNULL’s corporate brand Suncity Group connections Suncity Group-related infrastructure accounted for more than 6,500
Apple Shares Private Cloud Compute Virtual Research Environment, Provides Bounties for Vulnerabilities - MacRumors
Private Cloud Compute is a cloud intelligence system that Apple designed for private artificial intelligence processing, and it's what Apple is...
Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police
After federal police came to an employee’s house to ask questions, encrypted messaging company Session has decided to leave Australia and switch to a foundation model based in Switzerland.
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function [CWE-306] in the FortiManager fgfmd daemon that allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The vulnerability carries a CVSS v3 score of 9.8.
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks
Threat actors exploit Amazon S3 in ransomware attacks, using AWS credentials for data theft.
ShadyShader: Crashing Apple Devices with a Single Click
ShadyShader: Crashing Apple M-Series Devices with a Single Click
Rogue RDP – Revisiting Initial Access Methods
MThe Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red […]
Authenticated Remote Code Execution in multiple Xerox printers
Multiple Xerox printers (EC80xx, AltaLink, VersaLink, WorkCentre) were affected by an authenticated remote code execution vulnerability which allowed an attacker with administrative web credentials to fully compromise the devices with root privileges on the operating system.
How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends
Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild.
Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do.
ESET themed wiper Targets Israel
It all started with an ESET statement on their official account on "X", wherein they mentioned that their partner company in Israel has gone under a targeted malicious email campaign that they managed to block within 10 minutes.
ESET Distributor’s Systems Abused to Deliver Wiper Malware
ESET has launched an investigation after the systems of its official product distributor in Israel were abused to send out emails delivering wiper malware. The targeted users received an email — signed by ESET’s Advanced Threat Defense (ATD) team — informing them about government-backed attackers trying to compromise their devices.
Decrypted: Mallox ransomware
Researchers uncover flaw in Mallox ransomware, offering free file recovery for early victims
Researchers link Polyfill supply chain attack to huge network of copycat gambling sites
A supply chain hack targeting 100,000 websites was launched to redirect internet users to a massive online gambling network.
Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security
Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited.
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union.
Invisible text that AI chatbots understand and humans can’t? Yep, it’s a thing. - Ars Technica
A quirk in the Unicode standard harbors an ideal steganographic code channel.
Lynx Ransomware: A Rebranding of INC Ransomware
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics.
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim’s network. Learn more.
FASTCash for Linux
Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.
Spate of ransomware attacks on German-speaking schools hits another in Switzerland
The Vocational Training Center, or Berufsbildungszentrum (BBZ), in the canton of Schaffhausen reported a ransomware attack, making it the latest in a wave against German-speaking schools and universities.
The War on Passwords Is One Step Closer to Being Over
“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.
THREAT ANALYSIS: Beast Ransomware
In this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and how to defend against it through the Cybereason Defense Platform.
Tricks and Treats: GHOSTPULSE’s new pixel-level deception
The updated GHOSTPULSE malware has evolved to embed malicious data directly within pixel structures, making it harder to detect and requiring new analysis and detection techniques.