New BLUFFS attack lets attackers hijack Bluetooth connections
Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks.
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload. The file, which was signed using a valid certificate issued to CyberLink Corp., is hosted on legitimate update infrastructure owned by the organization.
Medical Transcription Service Data Breach Impacts Multiple Health Systems
Northwell Health and Cook County Health both notified patients of a third-party data breach that originated at Perry Johnson & Associates, a medical transcription vendor. The HHS data breach portal now shows that the Perry Johnson & Associates data breach impacted nearly 9 million individuals, making it one of the largest reported healthcare data breaches this year.
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
Japan space agency hit with cyberattack, rocket and satellite info not accessed | Reuters
Japan's space agency was hit with a cyberattack but the information the hackers accessed did not include anything important for rocket and satellite operations, a spokesperson said on Wednesday.
Akamai SIRT has uncovered two zero-day vulnerabilities that are being actively exploited to spread a Mirai variant in the wild. Read on for details and mitigation.
Spyware Targeting Against Serbian Civil Society - The Citizen Lab
We confirm that two members of Serbian civil society were targeted with spyware earlier this year. Both have publicly criticized the Serbian government. We are not naming the individuals at this time by their request. The Citizen Lab’s technical analysis of forensic artifacts was conducted in support of an investigation led by Access Now in collaboration with the SHARE Foundation. Researchers from Amnesty International independently analyzed the cases and their conclusions match our findings.
DP World confirms data stolen in cyberattack, no ransomware used
International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. However, no ransomware payloads or encryption was used in the attack.
Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
440,000 Sets of Personal Info Affected by Hack of Line Operator | Nippon.com
LY Corp., which operates popular messaging app Line and internet portal Yahoo! Japan, said Monday that an estimated 440,000 records of personal information may have been compromised by a third-party breach of its system.
MadCat ransom gang caught stealing from other criminals
A new strain of ransomware called MadCat has been linked by security researchers to suspected scammers who pretend to sell passport details on the dark web so they can rip off their fellow crooks.
ESET research shares insights about groups operating Telekopye, Telegram bots that scam people in online marketplaces, their internal onboarding process, different tricks of trade that Neanderthals use, and more.
STA: Power utility HSE suffers serious cyberattack
HSE, Slovenia's largest power utility, has been targetted by a cyberattack that started on Wednesday night and escalated on Friday night. In-house and external experts are working to resolve the situation. The supply of electricity is not jeopardised.
Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence of Russian espionage activities, Gamaredon is notably conspicuous. The group behind it conducts large-scale campaigns while still primarily focusing on regional targets. The Security Service of Ukraine (SSU) identified the Gamaredon personnel as Russian Federal Security Service (FSB) officers.
iPhone: Why Apple is working hard to break into its own phones
In a secret location in Paris, Apple has hired an elite team of laser-wielding hackers to try and crack its iPhones. Andrew Griffin gets an inside look
How to bypass Windows Hello, log into vulnerable laptops
Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device. The research was carried out by Blackwing Intelligence, primarily Jesse D'Aguanno and Timo Teräs, and was commissioned and sponsored by Microsoft's Offensive Research and Security Engineering group. The pair's findings were presented at the IT giant's BlueHat conference last month, and made public this week. You can watch the duo's talk below, or dive into the details in their write-up here.
Le Conseil fédéral clarifie les tâches de l’Office fédéral de la cybersécurité
Le Conseil fédéral a précisé les tâches qui vont incomber, dès le 1er janvier 2024, aux nouvelles unités administratives impliquées dans le domaine de la cybersécurité. L’Office fédéral de la cybersécurité (OFCS) reprendra «dans les grandes lignes» les tâches de l’actuel NCSC. Une nouvelle entité, le Secrétariat d’Etat à la politique de sécurité (SEPOS), sera compétente en matière de politique de sécurité et de sécurité de l’information.
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.
Business Continuity in a Box – developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), with contributions from the United States Cybersecurity and Infrastructure Security Agency (CISA) – assists organisations with swiftly and securely standing up critical business functions during or following a cyber incident. By using Business Continuity in a Box, organisations can maintain or re-establish the basic functions needed to operate a business while responding to the issues affecting their existing systems.
It’s not every day that you discover a new Russian hacking group complete with a song and dance routine (performed live), a sleek user interface (with dark mode!) and a clearly thought-out business model. But that is exactly what our security research team discovered with “AlphaLock,” a “pentesting training organization” that trains hackers and then monetizes their services through a dedicated affiliate program. ... We originally discovered their group through a public Telegram channel that has since become private. This post will serve as a detailed investigation and description of one of the most brazen, strange, and best marketed cybercrime groups to appear in 2023. Cybercrime sophistication and commoditization continues to grow: We now have a real life example of a threat group that seeks to create its own talent pool through a training program, goes to extensive lengths to market itself, and plans to monetize this through a hacker-for-hire scheme. The level of technical sophistication required to do this isn’t very high, but the level of organizational sophistication and business acumen is quite interesting. Ransomware isn’t the only game in town: Cybercriminals typically choose the path of least resistance that is most likely to prove profitable, this has been increasingly the case as the cybercrime ecosystem has evolved into a functional market economy. However AlphaLock represents another potential method to both monetize and democratize cybercrime. This could be a particularly interesting model alternative for ransomware groups if the U.S. follows through with the proposal of banning ransomware payments. A Technical Threat Actor Supply Shortage? One of the most fascinating things about AlphaLock is they want to create a pipeline of talent to populate their hacker marketplace. This suggests that there may be limitations on the supply of talented threat actors that have the required degree of sophistication to the point where they have tried to build their own pipeline of actors. The Brand: Our researchers have noted an increasing focus on group “brand” and identity among financially motivated threat groups. AlphaLock has clearly made significant investments in time to create a brand and reputation for itself. Notice in the final post they even advertise that they are looking to hire someone to market themselves on Telegram and social media. * Blurred Lines: Many security practitioners have often assumed that threat actors primarily operate on the dark web. In most cases today this isn’t the case. There are increasingly blurred lines between clear web sites, Tor, and social media applications such as Telegram that create easy avenues for threat actors to congregate and communicate.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FINHIMMZQFBJP5HCXGXXGTFC7EE.jpg?width=92&height=69&ar=&mode=crop&format=avif&dpr=2)
