Iran linked hacker group Handala Hack Team claim pager explosions linked to Israeli battery company
Back in May, I started tracking Handala, a hacktivist branded group expressing pro-Palestine views:
cyberveille.decio.ch
Telegram Changes Policy, Says It Will Provide User Data to Authorities
In an update to its privacy policy, Telegram says it will now share IP addresses and phone numbers to authorities in response to valid orders. The change is a dramatic switch for the social network app, which has become a hotbed for criminals.
Rental Car Vendor's Security Flaw Exposed Damage Claims Reports
Legitimate emails with bad practices and an insecure website add insult to injury.
China urges netizens to be vigilant against Taiwanese cyberattacks
The hacking group's X account shared videos comparing Xi Jinping to an emperor and others commemorating the 1989 Tiananmen Square demonstrations.
Microsoft ends development of Windows Server Update Services (WSUS)
Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel.
Insecure software makers are the real cyber villains – CISA
Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret'
Germany seizes 47 crypto exchanges tied to ‘underground economy’
German authorities sent a loud and clear message to criminal users of the exchanges: We found their servers and have your data — see you soon.
Problems in the Parking Lot: Threat Actors Use IRL Quishing to Target Travelers
- At least two threat groups identified, one of which Netcraft can link to customs tax and postal scams carried out earlier this year. Up to 10,000 potential victims identified visiting this group’s phishing websites between June 19 and August 23. At least 2,000 form submissions, indicating how much personal data has been extracted from victims, including payment information. * Evidence suggesting the group is running activity across Europe, including France, Germany, Italy, and Switzerland.
Global infostealer malware operation targets crypto users, gamers
A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named #Atomic #Computer #Info #InfoSec #Information #Information-stealing #Marko #Polo #Rhadamanthys #Security #Stealc #Stealer #malware
CERN prepares to expel Russian scientists — but won’t completely cut ties
The laboratory has ended its agreement with the nation, but will continue working with a Russian nuclear-research institute, raising tensions among researchers.
Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America | Europol
Investigators reported 483 000 victims worldwide, who had attempted to regain access to their phones and been phished in the process. The victims are mainly Spanish-speaking nationals from European, North American and South American countries.The successful operation took place thanks to international cooperation between law enforcement and judiciary authorities from Spain, Argentina, Chile, Colombia, Ecuador and Peru.The action week took...
4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways
- Affected chipsets: MT6890, MT7915, MT7916, MT7981, MT7986, MT7622 * Affected software: SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02
Ukraine bans official use of Telegram app over fears of Russian spying
- Restrictions apply only to official devices, not personal phones Telegram heavily used in Ukraine and Russia since 2022 invasion Budanov: Issue of Telegram is a matter of national security
GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
Learn more about GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Enterprise ServiceNow Knowledge Bases at Risk
Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.
Thousands of orgs at risk of ServiceNow KB data leaks
Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations. Aaron Costello and Dan Meged, of the AppOmni and Adaptive Shield security shops respectively, separately published their findings this week, concluding that pages set to "private" could still be read by tinkering with a ServiceNow customer's KB widgets. These widgets are essentially containers of information used to construct the pages in KB articles. These can include page elements that allow users to leave feedback on articles, either through star ratings or comments, for example.
New Criminal Complaint Over Pegasus Spyware Hacking of journalists and activists in the UK
Four victims of Pegasus spyware in the UK have this week filed a criminal complaint with the Metropolitan Police.
Is Tor still safe to use?
This blog post is a response to an investigative news report about a large-scale law-enforcement attack that managed to de-anonymize a user of an old version of the long-retired app Ricochet. This blog post aims to provide insight into what we know so far. Nothing that the Tor Project has learned about this incident suggests that Tor Browser was attacked or exploited. Tor users can continue to use Tor Browser to access the web securely and anonymously.
New macOS malware HZ RAT lets attackers control Macs remotely
It lets attackers control Macs remotely.
Clever 'GitHub Scanner' campaign abusing repos to push malware
A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution
Our TDR team has been investigating the WebDAV infrastructure used to distribute the Emmenhtal loader. Here are some key insights:
Emmenhtal: a little-known Emmenhtal distributing commodity infostealers worldwide
- Following detections from our Managed Threat Detection (CyberSOC) teams, our CERT analysts were able to uncover several recent campaigns leading to CryptBot and Lumma infostealers. Some of these campaigns are still active and target various organizations worldwide. These campaigns leverage a little-documented loader we dubbed “Emmenhtal”, (because we are cheese lovers), which hides in the padding of a modified legitimate Windows binary and uses HTA. Emmenhtal likely surfaced at the beginning of 2024 and is possibly being distributed by several financially motivated threat actors through various means (from traditional email phishing lures to fake videos). IoCs can be found on our dedicated GitHub page here. Note: The analysis cut-off date for this report was August 07, 2024.
Australian police infiltrate encrypted messaging app Ghost and arrest dozens
Australian police say they have infiltrated Ghost, an encrypted global communications app developed for criminals, leading to dozens of arrests.
Europol takes down "Ghost" encrypted messaging platform used for crime
Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called
Police Hack Into ‘Ghost’, An Encrypted Platform for Criminals
Operation Kraken is a sign that organized criminals are moving away from larger encrypted phone companies to a decentralized collection of smaller players and consumer access apps that the rest of us use.
Taking over Train infrastructure in Poland /Traction power substation and lighting systems
(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024) I’m a big fan of trains, i like them, but never tough that someday i would take over train traction power substation located in Poland from my home in Costa Rica. I’m not a train expert/engineer and i had no idea how the train management works , I’m a cyber security professional doing research in the internet about OT Industrial equipment exposed potentially vulnerable or misconfigured. Everything explained here is just what i learned reading official documentation from the Elester-pkp website . https://elester-pkp.com.pl/
Mastercard invests in continued defense of global digital economy with acquisition of Recorded Future
Mastercard today expanded its cybersecurity services with an agreement to acquire global threat intelligence company Recorded Future from Insight Partners for $2.65 billion.
Vanir Ransomware Group onion site seized by German law enforcement
Threat actors called Vanir Ransomware Group posted a few listings in July. Tonight, however, their onion site has a seized message: ” THIS HIDDEN SITE HAS BEEN SEIZED by the State Bureau of Investigation Baden-Württemberg as a part of a law enforcement action taken against Vanir Ransomware Group “
Port of Seattle refuses to pay Rhysida ransom, warns of data leak
The cyberattack over Labor Day weekend severely hampered operations at Seattle's airport, which is managed by the Port of Seattle.
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.