Microsoft working on OS update to prevent another IT outage
Existing low-level access for security solutions will undergo a rework
Hadooken Malware Targets Weblogic Applications
Nautilus researchers identified a new Linux malware targeting Weblogic servers with running Hadooken malware
Apple is well on its way to making iPhones theft-proof
Apple’s latest theft-prevention measure went live for beta testers yesterday: Activation Lock for iPhone components. The move is likely to...
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager.
Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
The nation’s top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks.
German radio station forced to broadcast 'emergency tape' following cyberattack
Radio Geretsried, a local station in Bavaria, said it was trying to save music files and restore systems after an apparent ransomware attack.
23andMe Agrees To $30 Million Settlement For Last Year's Data Breach
Affected users can try to claim up to $10,000 if the breach at 23andMe led to financial fraud or paying up for security or mental health services.
Scammers advertise fake AppleCare+ service via GitHub repos
Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.
'Vo1d' Trojan Malware Infects 1.3 Million Android-Based TV Boxes Globally
Antivirus firm Dr.Web has flagged a type of Android malware known as Android.Vo1d that has infected about 1.3 million TV boxes across 197 countries. The malware effectively enables a backdoor into the TV box's system that allows an attacker to download and install malicious third-party software. The R4 TV box model running Android 7.1.2, a TV Box running Android 12.1, and the KJ-SMART4KVIP TV box running Android 10.1 were the types of devices reportedly impacted.
UK arrests teen linked to Transport for London cyber attack
U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency.
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
With the US election on the horizon, it’s a good time to explore the concept of social media weaponization and its use in manipulating public opinion.
Apple Suddenly Drops NSO Group Spyware Lawsuit
Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.
Chinese APT Abuses VSCode to Target Government in Asia
A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims' environments for Southeast Asian espionage. A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims' environments for Southeast Asian espionage.
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram
Hackers, fraudsters, and drug dealers are all leaving the platform in one way or another. Some are worried that Telegram may start providing user data to the authorities.
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.
Kawasaki’s European HQ recovers from cyber attack
At the start of September, Kawasaki Motors Europe, (KME) was the subject of a cyber-attack which, although not successful, resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day. KME and its country Branches operate a large number of servers and, as a precaution, it was decided to isolate each one and put a cleansing process in place whereby all data was checked and any suspicious material identified and dealt with.
Data centres as vital as NHS and power grid, government says
Data centres in the UK are to be classified as critical national infrastructure, joining the emergency services, finance and healthcare systems, and energy and water supplies. It means they would get extra government support during a major incident, such as a cyber attack, an IT outage or extreme weather, in order to minimise disruption.
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai
CVE-2024-29847 Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability.
TfL confirms 5,000 customers' bank data exposed
Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be reset via in-person appointments.
Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers
Overview While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from […]
Fortinet suffers third-party data breach affecting Asia-Pacific customers - Cyber Daily
International cyber security giant Fortinet has disclosed that it has suffered a data breach.
Europe’s privacy watchdog probes Google over data used for AI training
Meta and X have already paused some AI training over same set of concerns.
Telegram: 'The dark web in your pocket'
The arrest of Telegram’s chief executive in France has ignited a debate about moderation on his app. About nine months ago while researching a story, I found myself added to a large Telegram channel which was focused on selling drugs. I was then added to one about hacking and then one about stolen credit cards. I realised my Telegram settings had made it possible for people to add me to their channels without me doing anything. I kept the settings the same to see what would happen.
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft on Tuesday raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system.
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
We recently performed research that started off "well-intentioned" (or as well-intentioned as we ever are) - to make vulnerabilities in WHOIS clients and how they parse responses from WHOIS servers exploitable in the real world (i.e. without needing to MITM etc). As part of our research, we discovered that a few years ago the WHOIS server for the .MOBI TLD migrated from whois.dotmobiregistry.net to whois.nic.mobi – and the dotmobiregistry.net domain had been left to expire seemingly in December 2023.
A glimpse into the Quad7 operators' next moves and associated botnets
Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.
Tracking Ransomware - August 2024 - CYFIRMA
August 2024 witnessed a noticeable increase in ransomware activity, with emerging groups like Lynx and RansomHub showing dramatic...
Wifi routers and VPN appliances targeted by notorious botnet Quad7
The mysterious Quad7 botnet has evolved its tactics to compromise several brands of Wi-Fi routers and VPN appliances. It’s armed with new backdoors, multiple vulnerabilities, some of which were previously unknown, and new staging servers and clusters, according to a report by Sekoia, a cybersecurity firm.
Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts
In recent threat activity observed by Arctic Wolf, Akira ransomware affiliates carried out ransomware attacks with an initial access vector involving the compromise of SSLVPN user accounts on SonicWall devices.