Microsoft will require MFA for all Azure users
Multi-factor authentication makes you, your company and your cloud investments safer
Cybercriminals Exploit Docusign With Customizable Phishing Templates
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing…
Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.
To the Moon and back(doors): Lunar landing in diplomatic missions
ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs
Log4j Exploited by XMRig Cryptominer Malware: Analysis & Mitigation
Learn how the Log4j vulnerability (CVE-2021-44228) is exploited by XMRig cryptominer malware. Discover attack methods, indicators, and effective mitigation strategies.
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches
Cyber Official Speaks Out, Reveals Mobile Network Attacks in U.S.
A CISA official breaks with the government narrative and tells the FCC that SS7 and similar networks and protocols have been used to track people in the U.S. in recent years.
Popular Cyber Crime Forum Breach Forums Seized by Police
The cybercrime and hacker forum Breach Forums has been seized by the Federal Bureau of Investigation (FBI) and the Department of Justice.
An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.
Santander reports customer, employee data breach in Spain, Chile, Uruguay
Spanish bank Santander said on Tuesday some customer and employee data in a database hosted by an outside provider was accessed by an unauthorized party, but that the bank's own operations and systems have not been affected.
Investigation into Helsinki Education Division data breach proceeds | City of Helsinki
On 2 May 2024, the City of Helsinki issued a notice of a data breach targeted at its Education Division. Investigation into the data breach proceeds through a cooperative effort by the City´s own and external experts. On Monday, 13 May 2024, the City of Helsinki held a press conference on the progress of this investigation.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
Leveraging DNS Tunneling for Tracking and Scanning
This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls. This allows C2 traffic and data exfiltration that can remain hidden from some traditional detection methods.
2023 Kaspersky Incident Response report
The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. #Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services
Malicious Go Binary Delivered via Steganography in PyPI
On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into
Ongoing Malvertising Campaign leads to Ransomware
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.
Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR
There are two types of malicious documents that are distributed via email recently: those exploiting equation editor and those including external link URLs. This post will describe the infection flow of the DanaBot malware that is distributed through documents containing external links, the latter method, as well as the evidence and detection process with the AhnLab EDR product’s diagram. Figure 1 shows the content of a spam email with a Word document attached that contains an external link. As you can see, it is a sophisticatedly disguised email pretending to be a job application form to deceive the recipient. The attached file (.docx) is a Word document that contains an external link.
My life as a Chinese spy: Secret police agent tells all - ABC News
A Chinese spy who is now on Australian soil has revealed his incredible story to Four Corners.
Stolen children’s health records posted online in extortion bid
Cybercriminals have published another batch of data stolen from NHS Dumfries and Galloway in Scotland, this time including information about children.
Europol confirms web portal breach, says no operational data stolen
Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. #Breach #Computer #Data #EPE #Europol #InfoSec #Leak #Security #Theft
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery
Ivanti Connect Secure (ICS) devices are under attack! Two critical vulnerabilities are being exploited to deploy the notorious Mirai botnet.
Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign
Russia-Linked APT28 Strikes Poland with Malware Campaign Polish government bodies were hit by a sophisticated malware attack orchestrated by the infam
The UK Says a Huge Payroll Data Breach by a ‘Malign Actor’ Has Exposed Details of Military Personnel
The UK Ministry of Defense said a breach at a third-party payroll system exposed as many as 272,000 armed forces personnel and veterans.
Chi sono gli operatori telefonici sfruttati dall’azienda italiana di sorveglianza Carro
Con il sistema Carro Gwp è possibile ottenere in tempo reale informazioni sulla posizione di un cellulare partendo dal solo numero di telefono. La tecnologia è venduta a governi e agenzie di intelligence
Un logiciel russe utilisé par Fedpol et Armasuisse suscite des inquiétudes sécuritaires
Un système russe de décryptage des iPhone et PC est utilisé par Fedpol et Armasuisse. Certains experts n'excluent pas les risques de cybersécurité que font encourir l'usage par ces deux institutions fédérales du logiciel russe.
Safari Flaw Can Expose iPhone Users in the EU to Tracking
Apple's implementation of installing marketplace apps from Safari is heavily flawed and can allow a malicious marketplace to track users across websites
Big Vulnerabilities in Next-Gen BIG-IP
Our ongoing research has identified remotely exploitable vulnerabilities in F5’s Next Central Manager that can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager. These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing malicious persistence within the environment. At the time of writing, we have not seen any indication that these vulnerabilities have been exploited in the wild.
Zscaler takes "test environment" offline after rumors of a breach
Zscaler says that they discovered an exposed