German airport websites downed by DDoS attacks
A series of distributed denial-of-service (DDoS) attacks shut down seven German airports' websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights.
FBI says it has 'contained' cyber incident on bureau's computer network
The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network in recent days, according to people briefed on the matter. FBI officials believe the incident involved an FBI computer system used in investigations of images of child sexual exploitation, two sources briefed on the matter told CNN.
Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day
The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations.
GoDaddy: Hackers stole source code, installed malware in multi-year breach
Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.
Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero
We've talked about this tiny gadget before: the Flipper Zero. Officially, it's a $170 tamagotchi-fied hacking gadget with a sub-gigahertz radio and some accessory pins. Unofficially, it's a menace's best friend.
Lockbit 3.0 and Royal Mail – Chats Published
The loss of availability Ransomware causes is enough to make your day/week/s bad, the loss of data, bad month/quarter or longer. Lockbit posted “Royal Mail need new negotiator.” Followed by “ALL AVAILABLE DATA PUBLISHED !” What we actually found is that they published the chat history:
Microsoft February 2023 Patch Tuesday
Microsoft today patched 80 different vulnerabilities. This includes the Chromium vulnerabilities affecting Microsoft Edge. Nine vulnerabilities are rated as "Critical" by Microsoft. Three of the vulnerabilities, all rated "important", are already being exploited
Cisco warns of critical flaw in ClamAV antivirus
Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution
Hyundai and Kia issue software upgrades to thwart theft hack
Gone in 60 seconds using a USB-A plug and brute force instead of a key
Ethical hackers can now legally hack Belgian companies
A new Belgian law will allow ethical hackers to hack into the data of Belgian companies without any prior permission. Until now such practices could land you in jail.
The Israelis Destabilizing Democracy and Disrupting Elections Worldwide - National Security & Cyber - Haaretz
No Morals, No Qualms, No Borders: From an Office Building in Israel, Experts in Technological Manipulation Are Attacking Democracies, Media and Elections Across the World
Ces hackers israéliens qui ont piraté les élections en Afrique
Dans du projet « Story Killers » qui poursuit le travail de la journaliste indienne Gauri Lankesh sur la désinformation, le consortium Forbidden Stories révèle aujourd’hui l’existence d’une entreprise israélienne ultra-secrète impliquée dans la manipulation d’élections à grande échelle et le piratage de responsables politiques africains. Une plongée inédite au cœur d’un monde où s’entremêlent armée de trolls, cyber espionnage et jeux d’influence. Story Killers, une enquête mondiale sur les mercenaires de la désinformation, que Mondafrique a le fierté de publier. Cécile Andrzejewski « Les choses n’ont pas forcément besoin d’être vraies, du moment qu’elles sont crues. » Voilà une citation qui
Havoc Across the Cyberspace
ThreatLabz observed a new campaign targeting a Government organization in which the threat actors utilized a new Command & Control (C2) framework named Havoc
IoC detection experiments with ChatGPT
We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains.
Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign
Learn how fake URL shorteners are redirecting hacked website traffic to crypto themed websites to generate fraudulent AdSense revenue.
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.
Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
This was a weekend of record-breaking DDoS DDoS. Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks. The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46M rps in June 2022.
Apple sued for promising privacy, failing at it
What's allowed for Cupertino is verboten for everyone else Apple has again been sued for promising privacy and allegedly failing to provide it. The complaint [PDF], filed in Northern California District Court on behalf of plaintiff Julie Cima, claims Apple captures iPhone customer data despite device settings declaring a preference that information should not be shared.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FHPRM7HSERJMGFG6XGG4D4J3HIM.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Iran marks revolution anniversary, hackers interrupt state TV coverage
Hackers dropped their logo into the online broadcast and a voice shouted, “Death to the Islamic Republic.”
Uncle Sow: Dark Caracal in Latin America
In 2018, EFF along with researchers from Lookout Security published a report describing the Advanced Persistent Threat (APT) we dubbed "Dark Caracal." Now we have uncovered a new Dark Caracal campaign operating since March of 2022, with hundreds of infections across more than a dozen countries. In this report we will present evidence that the cyber mercenary group Dark Caracal is still active and continues to be focused on Latin America, as was reported last year. We have discovered that Dark Caracal, using the Bandook spyware, is currently infecting over 700 computers in Central and South America, primarily in The Dominican Republic and Venezuela.
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
n late November 2022, a few days after ETH Alumni launched their new feature “Who is who” which allows them to look up and connect to other members, I came across a severe access control vulnerability. Without any authorization over the internet, it allowed extracting at least 35418 member profiles, including full name, postal address, nationality, title, graduation field, study start year, gender, profile picture and hashed passwords.
Killnet Threat to Health and Public Sectors
Infinity Team, a collaboration between Killnet and Deanon Club, has established its own forum and marketplace called Infinity
Investigating Intrusions From Intriguing Exploits
On 02 February 2023, an alert triggered in a Huntress-protected environment. At first glance, the alert itself was fairly generic - a combination of certutil using the urlcache flag to retrieve a remote resource and follow-on scheduled task creation - but further analysis revealed a more interesting set of circumstances. By investigating the event in question and pursuing root cause analysis (RCA), Huntress was able to link this intrusion to a recently-announced vulnerability as well as to a long-running post-exploitation framework linked to prominent ransomware groups.
UZH -University of Zurich - Cyberattack on the University of Zurich
The University of Zurich is currently the target of a serious cyberattack. The perpetrators appear to be acting in a very professional manner and are part of a current accumulation of attacks on educational and health institutions. Several attacks have been carried out on universities in German-speaking countries in recent weeks, resulting in suspension of their IT services for extended periods of time. The attacks are usually carried out by compromising several individual accounts and systems.
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study
A recent study shows that top-of-the-line Android phones sold in China are a total privacy nightmare.
AI deepfake 'news anchors' found in pro-China footage on social media, research firm says - Hong Kong Free Press HKFP
The “news broadcasters” appear stunningly real, but they are AI-generated deepfakes in first-of-their-kind propaganda videos that a research report published Tuesday attributed to Chinese state-aligned actors. The fake anchors — for a fictious news outlet called Wolf News — were created by artificial intelligence software and appeared in footage on social media that seemed to […]
Britain and US make major move against ransomware gangs by sanctioning seven individuals - The Record from Recorded Future News
The United Kingdom and United States on Thursday sanctioned seven people connected to what officials have told The Record is a single network behind the Conti and Ryuk ransomware gangs as well as the Trickbot banking trojan. The sanctions are described as the first major move of a “new campaign of concerted action” between Britain and the United States, and insiders say that further actions should be expected later this year.
UK cracks down on ransomware actors
The UK has sanctioned 7 Russian cyber criminals through coordinated actions with the US government.
A Backdoor with Smart Screenshot Capability
Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer.
HTML Smuggling: The Hidden Threat in Your Inbox
Last October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments to deliver malware and phishing for credentials.