Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware
Cloudflare's TryCloudflare is being exploited by cybercriminals for malware delivery via phishing emails, reports say.
Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and…
Learn more about how four malware, XWorm, AsyncRAT, VenomRAT, and PureLogs Stealer, are leveraging TryCloudflare and get security recommendations from our…
Black Basta ransomware switches to more evasive custom malware
The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network.
UNC4393 Goes Gently into the SILENTNIGHT
In mid-2022, Mandiant's Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant's initial identification of UNC4393, the primary user of BASTA ransomware. Mandiant has responded to over 40 separate UNC4393 intrusions across 20 different industry verticals. While healthcare organizations have not traditionally been a focus for UNC4393, several breaches in the industry this year indicate a possible expansion of their interests. However, this represents only a fraction of the cluster's victims, with the Black Basta data leak site purporting over 500 victims since inception. Over the course of this blog post, Mandiant will detail the evolution of UNC4393's operational tactics and malware usage throughout its active lifespan, with a focus on the period following the QAKBOT botnet takedown. We will highlight the cluster's transition from readily available tools to custom malware development as well as its evolving reliance on access brokers and diversification of initial access techniques.
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova
Russian and Moldovan companies targeted by XDSpy phishing campaign, deploying DSDownloader malware, amid escalating cyber conflicts.
How the theft of 40M UK voter register records was entirely preventable
A scathing rebuke by the U.K. data protection watchdog reveals what led to the compromise of tens of millions of U.K. voters' information.
US sues TikTok for collecting mass data on kids 13 and under
The US government is suing TikTok and its Chinese parent company ByteDance over “widespread” privacy violations that it illegally collects data on kids 13 and under.
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.
Don’t Let Your Domain Name Become a “Sitting Duck”
More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars,…
Mozilla follows Google in distrusting Entrust’s TLS certs • The Register
Compliance failures and unsatisfactory responses mount from the long-time certificate authority
Turkey blocks access to Instagram – POLITICO
A senior official previously condemned the platform for ‘censoring’ Hamas-related content.
News Greek Court Clears State Institutions of Involvement With Illegal Spyware
Supreme Court ruling that Greek state agencies were not involved in the use of illegal spy software shocks opposition leader who says confidence in the justice system had been 'seriously shaken'.
Who are the two major hackers Russia just received in a prisoner swap?
Both men committed major financial crimes—and had powerful friends.
Risk assessment report on cyber resilience on EU’s telecommunications and electricity sectors
EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published the first report on the cybersecurity and resilience of Europe’s telecommunications and electricity sectors.
Certificate Revocation Incident
DigiCert will be revoking certificates that did not have proper Domain Control Verification (DCV). Before issuing a certificate to a customer, DigiCert validates the customer’s control or ownership over the domain name for which they are requesting a certificate using one of several methods approved by the CA/Browser Forum (CABF). One of these methods relies on the customer adding a DNS CNAME record which includes a random value provided to them by DigiCert. DigiCert then does a DNS lookup for the domain and verifies the same random value, thereby proving domain control by the customer..
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
A major company made a staggering $75 million ransomware payment to hackers earlier this year, according to cybersecurity vendor Zscaler. Zscaler made the claim in a Tuesday report examining the latest trends in ransomware attacks, which continue to ensnare companies, hospitals, and schools across the country.
Nouvelles vagues de vandalisme sur les fibres optiques : Internet perturbé en France - Next
Cette nuit, de nouveaux actes de vandalisme viennent perturber l’accès à Internet cette fois-ci. Selon nos informations, des fibres « longhaul » (longues distances, généralement plusieurs centaines de kilomètres) sont coupées à plusieurs endroits, provoquant des perturbations au niveau national. Les fibres relient des grandes villes – Paris, Lille, Strasbourg, Marseille, Lyon… – et servent d’artères pour Internet.
Swiss stock exchange halts trading due to technolgy issues
The stock exchange was forced to halt equity trading for several hours on Wednesday due to persistent technical snags.
CrowdStrike is sued by shareholders over huge software outage
CrowdStrike (CRWD.O), opens new tab has been sued by shareholders who said the cybersecurity company defrauded them by concealing how its inadequate software testing could cause the July 19 global outage that crashed more than 8 million computers. In a proposed class action filed on Tuesday night in the Austin, Texas federal court, shareholders said they learned that CrowdStrike's assurances about its technology were materially false and misleading when a flawed software update disrupted airlines, banks, hospitals and emergency lines around the world.
'Error' in Microsoft's DDoS defenses amplified Azure outage
o you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability. No one has blamed the actual product named "Windows Defender," we must note. According to Microsoft, the initial trigger event for yesterday's outage, which took out great swathes of the web, was a distributed denial-of-service (DDoS) attack. Such attacks are hardly unheard of, and an industry has sprung up around warding them off.
IBM: Cost of a breach reaches nearly $5 million, with healthcare being hit the hardest
Businesses that fall victim to a data breach can expect a financial hit of nearly $5 million on average — a 10% increase compared to last year — according to IBM’s annual report on cybersecurity incidents.
Cyberattack hits blood-donation nonprofit OneBlood
A cyberattack has hit a blood-donation nonprofit that serves hundreds of hospitals in the southeastern US. The hack, which was first reported by CNN, has raised concerns about potential impacts on OneBlood’s service to some hospitals, multiple sources familiar with the matter said, and the incident is being investigated as a potential ransomware attack.
Microsoft says massive Azure outage was caused by DDoS attack
Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack.
Google ads push fake Google Authenticator site installing malware
Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.
La Bourse suisse interrompt ses transactions pendant plusieurs heures
Les transactions à la Bourse suisse ont été suspendues ce mercredi après une panne technique empêchant la diffusion
New Mandrake Android spyware version discovered on Google Play | Securelist
Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play.
French fiber optic cables hit by ‘major sabotage’ in second Olympics attack
The attack comes a few days after a coordinated arson assault on the French rail network.
Hackers Exploited a PC Driving Sim to Pull Off Massive Disney Data Breach
A Disney employee downloaded what they thought was a safe add-on for video game BeamNG.drive, but it was anything but.
Ferrari exec foils deepfake plot by asking a question only the CEO could answer
“Sorry, Benedetto, but I need to identify you,” the executive said.
Websites are Blocking the Wrong AI Scrapers (Because AI Companies Keep Making New Ones)
Hundreds of sites have put old Anthropic scrapers on their blocklist, while leaving a new one unblocked.