Important Security Update – Enhance your VPN Security Posture!
Over the past few months, we have observed increased interest of malicious groups in leveraging remote-access VPN environments as an entry point and
Ransomware Group Claims Responsibility for Christie’s Hack
The hacking group RansomHub is threatening to release “sensitive personal information” about the auction house’s clients.
Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling
Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different
Cyber Signals: Inside the growing risk of gift card fraud
In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. The latest edition of Cyber Signals dives deep into the world of Storm-0539, also known as Atlas Lion, shedding light on their sophisticated methods of gift and payment card theft.
Pwn2Own Toronto 2022 : A 9-year-old bug in MikroTik RouterOS
DEVCORE research team found a 9-year-old WAN bug on RouterOS, the product of MikroTik. Combined with another bug of the Canon printer, DEVCORE becomes the first team ever to successfully complete an attack chain in the brand new SOHO Smashup category of Pwn2Own. And DEVCORE also won the title of Master of Pwn in Pwn2Own Toronto 2022.
Russia Steps Up a Covert Sabotage Campaign Aimed at Europe
Russian military intelligence, the G.R.U., is behind arson attacks aimed at undermining support for Ukraine’s war effort, security officials say.
Exploiting the Cloud: How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data
Discover how SMS scammers are exploiting cloud storage to host scam websites with the intention of stealing sensitive information
New ShrinkLocker ransomware uses BitLocker to encrypt your files
A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker.
Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail
A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.
Foxit PDF “Flawed Design” Exploitation
PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments. PDFs have evolved into a standard format for presenting text, images, and multimedia content with consistent layout and formatting, irrespective of the software, hardware, or operating system used to view them. This versatility has made PDFs indispensable in fields ranging from business and academia to government and personal use, serving as a reliable means of exchanging information in a structured and accessible manner.
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below.
Putin hijacked Austria’s spy service. Now he's going after its government
Intelligence officials suspect Wirecard COO Jan Marsalek of colluding with the far-right Freedom Party on Moscow’s behalf.
Hacker defaces spyware app’s site, dumps database and source code
A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data.
Stark Industries Solutions: An Iron Hammer in the Cloud
Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and…
Why Your Wi-Fi Router Doubles as an Apple AirTag
Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available…
Malicious PyPI packages targeting highly specific MacOS machines
In this post, we analyze a cluster of malicious PyPI packages targeting specific MacOS machines.
How Apple Wi-Fi Positioning System can be abused to track people around the globe
Academics have suggested that Apple's Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare. In a paper titled, "Surveilling the Masses with Wi-Fi-Based Positioning Systems," Erik Rye, a PhD student at the University of Maryland (UMD) in the US, and Dave Levin, associate professor at UMD, describe how the design of Apple's WPS facilitates mass surveillance, even of those not using Apple devices.
A root-server at the Internet’s core lost touch with its peers. We still don’t know why.
For 4 days, the c-root server maintained by Cogent lost touch with its 12 peers.
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog
Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording solutions for courtroom environments. According to the vendor’s website, JAVS technologies are used in courtrooms, chambers and jury rooms, jail and prison facilities, and council, hearing, and lecture rooms. Their company website cites over 10,000 installations of their technologies worldwide.
When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains
Cybersecurity has always been transient: what is deemed to be secure today, may be considered easily hackable tomorrow. Domain names in web and e-mail addresses, such as info@inti.io, are leased in time. This means that if nobody thinks of renewing them after they expire, they will be put up for sale. It made me wonder what would happen to the graveyard of cloud accounts attached to the e-mail addresses that once belonged to these expired domains.
Criminal record database of millions of Americans dumped online
A notorious cybercriminal involved in breaches has released a database containing 70 million US criminal records.
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
CVE-2023-34992 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.
'Got that boomer!': How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch
The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets. “This is the PayPal security team here. We’ve detected some unusual activity on your account and are calling you as a precautionary measure,” the caller’s robotic voice says. “Please enter the six-digit security code that we’ve sent to your mobile device.”
QNAPping At The Wheel (CVE-2024-27130 and friends)
Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products intended to manage - and safeguard - this precious resource.
Andrew Tate’s The Real World exposes 22M user messages
The Real World, a learning platform from the controversial social media personality Andrew Tate, has leaked nearly a million users and over 22 million messages. Hundreds of thousands of exposed users, millions of messages, and session tokens – that’s the reality that The Real World finds itself in. The Cybernews research team has uncovered an exposed MongoDB instance with 88GB from one of The Real World’s servers.
Exclusive: Flutterwave loses ₦11 billion in security breach
One month after obtaining a court order to recover $24 million lost to unauthorised POS transactions, Flutterwave suffered another security breach that allowed unknown persons to divert billions of naira to several bank accounts. The perpetrators illegally transferred ₦11 billion ($7 million) to several accounts in April 2024, one financial services insider with direct knowledge of the incident said. A second insider claimed the amount involved was at least ₦20 billion ($13.5 million).
Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee | CNN Business
A British multinational design and engineering company behind world-famous buildings such as the Sydney Opera House has confirmed that it was the target of a deepfake scam that led to one of its Hong Kong employees paying out $25 million to fraudsters. A spokesperson for London-based Arup told CNN on Friday that it notified Hong Kong police in January about the fraud incident, and confirmed that fake voices and images were used. “Unfortunately, we can’t go into details at this stage as the incident is still the subject of an ongoing investigation. However, we can confirm that fake voices and images were used,” the spokesperson said in an emailed statement.
Microsoft will require MFA for all Azure users
Multi-factor authentication makes you, your company and your cloud investments safer