Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices
We analyze Mirai variant IZ1H9, which targets IoT devices. Our overview includes campaigns observed, botnet configuration and vulnerabilities exploited.
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
Observer investigation reveals Meta Pixel tool passed on private details of web browsing on medical sites
Armenia spyware victims: Pegasus hacking in war
A joint investigation by civil society and independent researchers has uncovered hacking of Armenia spyware victims with NSO Group's Pegasus spyware.
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant
Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.
Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) - Help Net Security
A vulnerability (CVE-2023-2868) in Barracuda Networks' ESG appliances is actively exploited by attackers, the company has warned.
Analysis of new active malware: MediaArena – PUA
Analysis of new active malware: MediaArena – PUA
Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations
Learn how the U.S. National Security Agency (NSA) issued a joint cybersecurity advisory highlighting a cluster of activity it attributes to a People’s Republic of China (PRC) state-sponsored threat group.
Free VPN Service SuperVPN Exposes 360 Million User Records
This time, SuperVPN has exposed a whopping 133 GB of data, including personal details of its unsuspecting users, such as IP addresses.
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version 2.10.2, offers unauthenticated attackers the ability to add malicious JavaScript to a website, potentially allowing ...Read More
Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023.
Barracuda Networks's Status Page - Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023..
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Chinese state-sponsored actor Volt Typhoon is using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.
Malvertising via brand impersonation is back again
Web search is about to embark on a new journey thanks to artificial intelligence technology that online giants such as Microsoft and Google are experimenting with. Yet, there is a problem when it comes to malicious ads displayed by search engines that AI likely won't be able to fix.
German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack
Rheinmetall confirmed on Monday that the Black Basta ransomware group was behind a cyberattack it detected last month.
IT employee impersonates ransomware gang to extort employer
A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized computer access with criminal intent and blackmailing his employer.
ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery
Plugins can return malicious content and hijack your AI.
Apple fixes three new zero-days exploited to hack iPhones, Macs
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.
File Archiver In The Browser
This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain.
What if we had the SockPuppet vulnerability in iOS 16?
The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this detailed analysis, we find out what might happen if SockPuppet were to meet kalloc_type in iOS 16.
Don't @ Me: URL Obfuscation Through Schema Abuse
Attackers are distributing malware using a technique that abuses the URL schema.
BlackCat Ransomware Deploys New Signed Kernel Driver
In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase.
%3Aquality(70)%2Fcloudfront-eu-central-1.images.arcpublishing.com%2Firishtimes%2F2CPK6P2LVLSFYP6NL4AHMFBWH4.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Up to 100 cases taken over HSE cyberattack, judge told
European court to decide key liability issues over data breach but question mark hangs over HSE liability for ‘non-material’ damage such as stress
Beijing Bans Micron as Supplier to Big Chinese Firms, Citing National Security
Cyberspace Administration says chip maker failed review, in a move that seems aimed at hitting back at U.S. chip ban
Apple Restricts Employee Use of ChatGPT, Joining Other Companies Wary of Leaks
The iPhone maker is concerned workers could release confidential data as it develops its own similar technology.
Popular Android TV boxes sold on Amazon are laced with malware
The malware-infected AllWinner and RockChip-powered Android TV models are still available to purchase on Amazon.
MalasLocker ransomware targets Zimbra servers, demands charity donation
A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking.
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.
Visualizing QakBot Infrastructure
This blog post seeks to draw out some high-level trends and anomalies based on our ongoing tracking of QakBot command and control (C2) infrastructure. By looking at the data with a broader scope, we hope to supplement other research into this particular threat family, which in general focuses on specific infrastructure elements; e.g., daily alerting on active C2 servers.
“FleeceGPT” mobile apps target AI-curious to rake in cash
Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
A vulnerability (CVE-2023-32784) in KeePass can be exploited to retrieve the master password from the software's memory.
GitHub - vdohney/keepass-password-dumper
The vulnerability was assigned CVE-2023-32784. It should be fixed in KeePass 2.54, which should come out in ~July 2023. Thanks again to Dominik Reichl for his fast response and creative fix!