%3Aquality(70)%2Fcloudfront-eu-central-1.images.arcpublishing.com%2Firishtimes%2F2CPK6P2LVLSFYP6NL4AHMFBWH4.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Up to 100 cases taken over HSE cyberattack, judge told
European court to decide key liability issues over data breach but question mark hangs over HSE liability for ‘non-material’ damage such as stress
Beijing Bans Micron as Supplier to Big Chinese Firms, Citing National Security
Cyberspace Administration says chip maker failed review, in a move that seems aimed at hitting back at U.S. chip ban
Popular Android TV boxes sold on Amazon are laced with malware
The malware-infected AllWinner and RockChip-powered Android TV models are still available to purchase on Amazon.
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.
Visualizing QakBot Infrastructure
This blog post seeks to draw out some high-level trends and anomalies based on our ongoing tracking of QakBot command and control (C2) infrastructure. By looking at the data with a broader scope, we hope to supplement other research into this particular threat family, which in general focuses on specific infrastructure elements; e.g., daily alerting on active C2 servers.
“FleeceGPT” mobile apps target AI-curious to rake in cash
Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
A vulnerability (CVE-2023-32784) in KeePass can be exploited to retrieve the master password from the software's memory.
GitHub - vdohney/keepass-password-dumper
The vulnerability was assigned CVE-2023-32784. It should be fixed in KeePass 2.54, which should come out in ~July 2023. Thanks again to Dominik Reichl for his fast response and creative fix!
Discord discloses data breach after support agent got hacked
Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised.
SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack
Attacker activity in Microsoft Azure that we attribute to a financially motivated threat actor.
Malicious VSCode extensions with more than 45K downloads steal PII and enable backdoors - Check Point Blog
Highlights: CloudGuard Spectrals detected malicious extensions on the VSCode marketplace Users installing these extensions were enabling attackers to
Review and analysis of fake Trezor cryptowallet
Fake hardware cryptowallet, and how bitcoins were stolen from it.
FBI confirms access to Breached cybercrime forum database
Today, the FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its…
Securonix Threat Labs Security Advisory: Latest Update: Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm Payloads
An unusual attack/phishing campaign delivering malware while using meme-filled code and complex obfuscation methods continues dropping Xworm payloads for the last few months and is still ongoing today.
WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers
A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks.
Hackers offer personal information of 500,000 Israeli students for sale
Weeks after breach of college chain Atid servers, hacker group Sharp Boys puts stolen information up for sale and releases additional data of students; Atid: ‘These are Iranian hackers, and most of the materials are outdated’
Ex-ByteDance Executive Accuses TikTok Parent Company of ‘Lawlessness’
The former executive sued ByteDance, which owns TikTok, for wrongful termination and accused the company of lifting content from rivals and “supreme access” by the Chinese Communist Party.
How an Indiana hospital fought to recover from a cyberattack
It was October 2021 and the staff at Johnson Memorial Health were hoping they could finally catch their breaths. They were just coming out of a weeks-long surge of COVID hospitalizations and deaths, fueled by the Delta variant.
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai
The time for attackers to respond to known vulnerabilities is shrinking. See an example of an attacker using sample code. * The Akamai Security Intelligence Group (SIG) has been analyzing attack attempt activity following the announcement of a critical vulnerability in a WordPress custom fields plug-in affecting more than 2 million sites. * Exploiting this vulnerability could lead to a reflected cross-site scripting (XSS) attack, in which malicious code is injected into a victim site and pushed to its visitors. * On May 4, 2023, the WP Engine team announced the security fix in version 6.1.6, including sample exploit code as a proof of concept (PoC). * Starting on May 6, less than 48 hours after the announcement, the SIG observed significant attack attempt activity, scanning for vulnerable sites using the sample code provided in the technical write-up. * This highlights that the response time for attackers is rapidly decreasing, increasing the need for vigorous and prompt patch management.
Toyota: Car location data of 2 million customers exposed for ten years
Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released a patch in March 2023.
Multinational tech firm ABB hit by Black Basta ransomware attack
Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations.
White Phoenix: Beating Intermittent Encryption
Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted...
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
This blog post is about the Essential Addons for Elementor plugin vulnerability. If you’re a Essential Addons for Elementor user, please update the plugin to at least version 5.7.2. Patchstack Developer and Business plan users are protected from the vulnerability. You can also sign up for the Patchstack Community plan to be notified about vulnerabilities […]
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
While the official conflict between Russia and Ukraine began in February 2022, there is a long history of physical conflict between the two nations, including the 2014 annexation of Crimea by Russia and when the regions of Donetsk and Luhansk declared themselves independent from Ukraine and came under Russia's umbrella. Given this context, it would not be surprising that the cybersecurity landscape between these two countries has also been tense.
Akira Ransomware is “bringin’ 1988 back”
A new recently observed ransomware family dubbed Akira uses a retro aesthetic on their victim site very reminiscent of the 1980s green screen consoles and possibly takes its namesake from the popular 1988 anime film of the same name.
infosec company owned completely by 4chan user
yesterday evening an anonymous 4chan user dumped a leak on the /g/ technology board, claiming to have completely owned risk visualization company optimeyes:
Google will provide dark web monitoring to all US Gmail users
Google announced the opening of the dark web monitoring report security feature to all Gmail users in the United States. Google is going to offer dark web monitoring to all U.S. Gmail users, the feature allows them to search for their email addresses on the dark web. Dark web scans for Gmail address was previously […]
Ghost in the network
Our investigation shows how Fink has built a surveillance apparatus that he has put at the disposal of governments and companies around the world – including Israel’s Rayzone Group, a top-tier cyber intelligence company. Fink’s set-up is capable of exploiting loopholes in mobile phone connection protocols to track the location of phone users and even redirect their SMS messages to crack internet accounts.
Cybersecurity Firm Breach Exposes Tobacco Giant Philip Morris
The data appears to have been dumped by an anonymous user. Data from Philip Morris USA, the nation’s leading cigarette manufacturer, has been exposed online following an apparent breach at a cybersecurity firm. The data, taken from the cybersecurity risk assessment company OptimEyes, was located within a 68GB cache posted to the notorious imageboard 4chan on Tuesday.