Canada bans TikTok on government devices
Man stole nearly $18K in electricity in crypto mining operation
Nadeam Nahas, 39, of Norwell, MA is facing charges of allegedly running a secret cryptocurrency mining operation out of a crawlspace at a middle school.
Hard-to-spot Mac crypto-mining threat, XMRig, hits Pirate Bay
Jamf Threat Labs has spotted a family of Mac malware, XMRig, that spreads through pirated versions of Final Cut Pro, Photoshop and Logic Pro X.
PureCrypter targets government entities through Discord - Blog | Menlo Security
Menlo Labs has uncovered an unknown threat actor leveraging an evasive threat campaign distributed via Discord featuring the PureCrypter downloader and targeting government entities.
Stanford University discloses data breach affecting PhD applicants
Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Numerous threat actors were detected abusing a critical CVE-2022-47966 RCE vulnerability affecting products from ManageEngine. Read our advisory.
TA569: SocGholish and Beyond
- TA569 leverages many types of injections, traffic distribution systems (TDS), and payloads including, but not limited to, SocGholish. * In addition to serving as an initial access broker, these additional injects imply TA569 may be running a pay-per-install (PPI) service * TA569 may remove injections from compromised websites only to later re-add them to the same websites. * There are multiple opportunities for defense against TA569: educating users about the activity, using Proofpoint’s Emerging Threats ruleset to block the payload domains, and blocking .js files from executing in anything but a text editor.
EXFILTRATOR-22 - An Emerging Post-Exploitation Framework
Executive Summary The CYFIRMA Research team has provided a preliminary analysis of a new post- exploitation framework called EXFILTRATOR-22 a.k.a....
Cryptomonnaie: arrestation de deux Français suspectés d’avoir piraté la plateforme Platypus
Les deux hommes interpellés mercredi en région parisienne, des frères de 18 et 20 ans, ont causé pour 9,5 millions de dollars de préjudice à la société américaine de finance décentralisée.
OneNote Embedded file abuse
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. I first observed this OneNote abuse in the media via Didier’s post. This was later also mentioned in Xavier’s ISC diary and on the podcast. Later, in the beginning of February, the hacker news covered this as well.
When Low-Tech Hacks Cause High-Impact Breaches
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's…
Suspect in major data theft case linked to Dutch-subsidized cybersecurity org
One of three hackers recently arrested for large-scale data theft was active for cyber security organization DIVD, sources told NOS. DIVD is a government-subsidized association of Dutch security experts that researches unsafe computer systems.
Dole Experiences Cybersecurity Incident
Charlotte, NC – February 22, 2023– Dole plc (DOLE:NYSE) announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware.
A year after Russia's invasion, the scope of cyberwar in Ukraine comes into focus
The Ukraine war has inspired a defensive cyber effort that government officials and technology executives describe as unprecedented.
Beware of macOS cryptojacking malware.
You may have heard about the cryptojacking malware on macOS. Read about a new one spotted by Jamf Threat Labs.
Valve bans 40,000 Dota 2 cheaters through ‘honeypot’ patch
Valve fixed an exploit cheaters were used, and used that patch to catch them in the act. More than 40,000 people were banned for using the third-party cheat.
"Fobo" Trojan distributed as ChatGPT client for Windows
Attackers are distributing malware disguised as a ChatGPT desktop client for Windows offering “precreated accounts”
The Growing Threat of ChatGPT-Based Phishing Attacks
Cyble analyzes how Threat Actors are using the recent buzz around ChatGPT to launch Phishing attacks using various methods.
Google Delivers Record-Breaking $12M in Bug Bounties
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.
Activision's Data Breach Contains Employee Information, Call of Duty and More, Report
Insider Gaming has been able to obtain the entirety of the gaming giant Activision’s data breach initially reported by vx-underground and confirmed the data contains plans for Modern Warfare 2’s upcoming DLCs, Call of Duty 2023 (Codenamed Jupiter) and Call of Duty 2024 (Codenamed Cerberus), as well as sensitive employee information.
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs. This vulnerability allows remote code execution as the root user. (advisory https://www.fortiguard.com/psirt?date=02-2023)
Sensitive US military emails spill online
A security researcher told TechCrunch that a government server was exposing military emails to the internet because no password was set.
Cyber Attacks on Data Center Organizations
Resecurity notified several data center organizations about malicious cyber activity targeting them and their customers. The initial early-warning threat notification about this activity was sent around September 2021 with further updates during 2022 and January, 2023. Recent cyber-attacks on cloud service providers (CSPs) and managed services providers (MSPs) saw bad actors attempt to leverage a weakness in their cybersecurity supply chain with the goal of stealing sensitive data from their target enterprises and government organizations. Data centers are meaningful targets for attackers and an important element of the enterprise supply chain.
Hackers Start Selling Data Center Logins for Some of World’s Largest Corporations
Such credentials in the wrong hands could be dangerous, experts say, potentially allowing physical access to data centers. The affected data center operators say the stolen information didn’t pose risks for customer IT systems.
The Gravediggers: How Eliminalia, a Spanish reputation management firm, buries the truth
“Story Killers” project: Forbidden Stories investigated the seedy clients linked to Eliminalia and the manipulation tactics they use.
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
One year after the Russian invasion of Ukraine, we’re sharing insights into changes in the cyber threat landscape triggered by the war.
Magecart Attack Disguised as Google Tag Manager | Akamai
Magecart skimmers constantly evolve. Recent attacks aimed at stealing sensitive customer information illustrate the need for comprehensive security solutions.
Ransomware pushes City of Oakland into state of emergency
The Interim City Administrator of the City of Oakland declared a state of emergency.after a ransomware attack crippled the city’s services a week ago
German airport websites downed by DDoS attacks
A series of distributed denial-of-service (DDoS) attacks shut down seven German airports' websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights.
FBI says it has 'contained' cyber incident on bureau's computer network
The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network in recent days, according to people briefed on the matter. FBI officials believe the incident involved an FBI computer system used in investigations of images of child sexual exploitation, two sources briefed on the matter told CNN.