Telekopye transitions to targeting tourists via hotel booking scam
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms.
Pokemon developer Game Freak hit with hack, internal info leaking
Pokemon developer Game Freak hit with big hack, leaking source code news about MMO-like game Synapse with ILCA, and more.
UK Ambulance Services targeted by Kremlin-protected Russian hackers
A cyber security expert warns the hack, uncovered by i, presents a 'terrible threat to public health safety'
Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’
The breach does not appear to impact the main consumer Verizon network, and instead involves the company’s push to talk (PTT) product, marketed to public sector agencies and enterprises.
A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines | WIRED
It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. #Deprecated #L2TP #Microsoft #PPTP #Server #VPN #Windows
Hacked Robot Vacuums Across the U.S. Started Yelling Slurs
"It could have been worse," one owner incredibly concluded.
After breach of billions of records, National Public Data files for bankruptcy | Cybernews
National Public Data, a company responsible for a massive leak of Social Security numbers in the summer, has filed for bankruptcy. That's unsurprising.
U.S., Microsoft seize over 100 websites allegedly used by Russian spies
The FBI and Microsoft have seized more than 100 web domains they say Russian intelligence used for cyber-espionage, according to court documents unsealed Thursday.
Internet Archive hacked, data breach impacts 31 million users
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
The PrintNightmare is not Over Yet
Following the publication of my blog post A Practical Guide to PrintNightmare in 2024, a few people brought to my attention that there was a way to bypass the Point and Print (PnP) restrictions recommended at the end. So, rather than just updating this article with a quick note, I decided to dig a little deeper, and see if I could find a better way to protect against the exploitation of PnP configurations.
CVE-2024-31227: Finding a DoS Vulnerability in Redis
A case study on advanced fuzzing techniques for network services.
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
AI girlfriend site breached, user fantasies stolen
Chatbot companion platform muah.ai was hacked and had its chatbot prompts stolen.
Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips
EXC: Security researchers at Google and Amnesty International discovered hackers exploiting the bug in an active hacking campaign.
From Perfctl to InfoStealer
From Perfctl to InfoStealer, Author: Xavier Mertens
Zero Day Initiative — The October 2024 Security Update Review
It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
Ukraine Claims Cyberattack Blocked Russian State TV Online on Putin’s Birthday
Ukrainian hackers carried out a cyberattack that took down online broadcasts of Russian state television and radio channels on Monday, according to an official in Kyiv with knowledge of the operation. #A #Dmitry #Emerging #Europe #Infrastructure #Markets #Media #Peskov #Putin #Radio #Russia #Ukraine #Vladimir #business #cybersecni #cybersecurity #politics #technology
The 30-year-old internet backdoor law that came back to bite
China reportedly hacked the wiretap systems required by U.S. internet providers under a 1994 U.S. wiretapping law.
Mamba 2FA: A new contender in the AiTM phishing ecosystem - Sekoia.io Blog
Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit and sold as phishing-as-a-service (PhaaS).
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
New Gorilla botnet launches over 300,000 DDoS attacks globally, exploiting IoT devices and Apache Hadoop flaws.
Cyber Cops Stopped 500 Ransomware Hacks Since 2021, DHS Says - Bloomberg
Homeland Security Investigations is stopping hacks before they occur.
GTA 6 Hacker Arion Kurtaj Became a Legend Attacking Companies. Then His Rivals Attacked Him
The City of London Police had put the teenage boy in the suburban Travelodge to protect him. They even set up a code with him and his mom to signal it was safe to open the door: “Lucky lucky.” Then they grew suspicious. The teen had a history with the police. It was September 2022, and 17-year-old Arion Kurtaj had been arrested twice earlier that year for his alleged role in a hacking group that stole data and demanded ransoms from some of the world’s biggest tech companies. Kurtaj, who is autistic, was released both times. The second time, that March, he had been let go under the condition that he stay offline.
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
14 new DrayTek router vulnerabilities, including critical flaws, could allow attackers to take control. Patch now
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Perfctl is particularly elusive and persistent malware employing several sophisticated techniques
Arrests in international operation targeting cybercriminals in West Africa
Eight individuals have been arrested as part of an ongoing international crackdown on cybercrime, dealing a major blow to criminal operations in Côte d’Ivoire and Nigeria. The arrests were made as part of INTERPOL’s Operation Contender 2.0, an initiative aimed at combating cyber-enabled crimes, primarily in West Africa, through enhanced international intelligence sharing. Phishing scam targets Swiss citizens In Côte d’Ivoire authorities dismantled a large-scale phishing scam, thanks to a collaborative effort with Swiss police and INTERPOL.
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which…
DOJ, Microsoft seize more than 100 domains used by the FSB
The simultaneous actions targeted the Star Blizzard espionage operation, which targeted government and civil society around the world.
Further Evil Corp cyber criminals exposed, one unmasked as LockBit affiliate - National Crime Agency
Sixteen individuals who were part of Evil Corp, once believed to be the most significant cybercrime threat in the world, have been sanctioned in the UK, with their links to the Russian state and other prolific ransomware groups, including LockBit, exposed. Sanctions have also been imposed by Australia and the US, who have unsealed an indictment against a key member of the group.