Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S.
Microchip Technology Reports $21.4 Million Cost From Ransomware Attack
Microchip Technology (NASDAQ: MCHP) revealed in its latest financial report on Tuesday that expenses related to the recent cybersecurity incident reached $21.4 million.
Nokia says hackers leaked third-party app source code
Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted.
See how threat actors have abused Remcos to collect sensitive information from victims and remotely control their computers to perform further malicious acts.
Government of Canada orders the wind up of TikTok Technology Canada, Inc. following a national security review under the Investment Canada Act
“As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national security and intelligence community, the Government of Canada has ordered the wind up of the Canadian business carried on by TikTok Technology Canada, Inc. The government is taking action to address the specific national security risks related to ByteDance Ltd.’s operations in Canada through the establishment of TikTok Technology Canada, Inc. The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners.
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vector
Three weeks ago, Gootloader samples suddenly dried up. This has happened before, so I switched VPNs and tried new locations—coffee shops, friends’, and family’s Wi-Fi networks—but still couldn’t re…
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities – Mickey's Blogs – Exploring the world with my sword of debugger :)
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities This is a blog post for my presentation at the conference POC2024. The slides are uploaded here. In the macOS system, most processes are running in a restricted sandbox environment, whether they are Apple’s own services or third-party applications. Consequently, once an attacker gains Remote Code Execution (RCE) from these processes, their capabilities are constrained. The next step for the attacker is to circumvent the sandbox to gain enhanced execution capabilities and broader file access permissions. But how to discover sandbox escape vulnerabilities? Upon reviewing the existing issues, I unearthed a significant overlooked attack surface and a novel attack technique. This led to the discovery of multiple new sandbox escape vulnerabilities: CVE-2023-27944, CVE-2023-32414, CVE-2023-32404, CVE-2023-41077, CVE-2023-42961, CVE-2024-27864, CVE-2023-42977, and more.
Health care breaches lead to legislation Highlights of the new standard include: Performing and documenting a security risk analysis of exposure Documentation of a business continuity plan (BCP) Stress test of resiliency and documentation of any planned changes to the BCP A signed statement by both the CEO and CISO of compliance * A third-party audit to certify compliance (no later than six months after enactment)
ThreatLabz has developed a tool named SmokeBuster to detect, analyze, and remediate infections. SmokeBuster supports 32-bit and 64-bit instances of SmokeLoader and versions 2017-2022. The tool is compatible with Windows 7 to Windows 11. SmokeLoader is a malware downloader that originated in 2011. The malware is primarily designed to deliver second-stage payloads, which include information stealers and ransomware. Despite a major disruption by Operation Endgame in May 2024, SmokeLoader continues to be used by numerous threat groups largely due to numerous cracked versions publicly available on the internet. The last four versions of SmokeLoader contain coding flaws that significantly impact an infected system’s performance.
In the last few days, many Tor relay operators - mainly hosting relay nodes on providers like Hetzner - began receiving abuse notices. All the abuses reported many failed SSH login attempts - part of a brute force attack - coming from their Tor relays. Tor relays normally only transport traffic between a guard and an exit node of the Tor network, and per-se should not perform any SSH connections to internet-facing hosts, let alone performing SSH brute force attacks.
Un prestataire des missions locales victime d’un acte de cyber-malveillance
Le ministère du Travail et de l’Emploi a pris connaissance de la violation du système d’information, porté par un prestataire de services, utilisé par le réseau des Missions locales. Cette cyber-attaque a eu lieu dans la nuit du 23 octobre 2024 au 24 octobre 2024. Des investigations sont en cours chez le prestataire pour connaître l’origine de cet évènement. La sécurité des systèmes d’information du réseau des Missions locales elles-mêmes n’est pas en cause.
AEP GmbH was the victim of a targeted cyber attack on October 28, which led to the partial encryption of the company's IT systems. The company's own security systems detected the attack. The company provides information about this on its website.
DDoS site Dstat.cc seized and two suspects arrested in Germany
The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years.
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices
Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.
Botnet 7777: Are You Betting on a Compromised Router?
Discover the latest insights on the Quad7 / 7777 botnet in our detailed analysis. Learn about the expansion of this resilient threat, its targeting patterns, and proactive measures to defend against compromised routers. Stay informed with our up-to-date findings and recommendations.
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […]
Exclusive: Chinese researchers develop AI model for military use on back of Meta's Llama
Papers show China reworked Llama model for military tool China's top PLA-linked Academy of Military Science involved Meta says PLA 'unauthorised' to use Llama model * Pentagon says it is monitoring competitors' AI capabilities
