Data-leak flaw in Qualcomm, HiSilicon-based Wi-Fi AP chips
WPA stands for will-provide-access, if you can successfully exploit a target's setup
cyberveille.decio.ch
MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.
Cyble — Demystifying Money Message Ransomware
CRIL analyses the anatomy of a new ransomware group named Money Message, which can encrypt network shares and target both Windows and Linux.
Water controllers for irrigating fields in the Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation.
Several water monitors – which monitor irrigation systems and wastewater treatment systems – were left dysfunctional on Sunday after a cyber attack targeted the monitoring systems. Specifically, water controllers for irrigating fields in the Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation.
Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company
The document, part of a cache of leaks recently circulated on the internet, suggests the hackers had the ability to cause an explosion and sought instruction from the FSB.
From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat
In recent days, the US Justice Department and Pentagon have begun investigating an apparent online leak of sensitive documents, including some that were marked “Top Secret”. A portion of the documents, which have since been widely covered by the news media, focused on Russia’s invasion of Ukraine, while others detailed analysis of potential UK policies on the South China Sea and the activities of a Houthi figure in Yemen. The existence of the documents was first reported by the New York Times after a number of Russian Telegram channels shared five photographed files relating to the invasion of Ukraine on April 5 – at least one of which has since been found by Bellingcat to be crudely edited.
MSI Confirms Breach as Ransomware Gang Claims Responsibility
UPDATE: A new statement(Opens in a new window) from MSI says users should avoid downloading firmware and BIOS updates from third-party sources, and instead only obtain such software from the company's official website. The statement suggests MSI is worried hackers could circulate malicious versions of the company's BIOS software when the ransomware gang, Money Message, claims it stole the PC maker's source code.
L'Anssi pourra bloquer les noms de domaine liés à des cyberattaques
La loi de programmation militaire prévoit que l'autorité n'aura pas besoin d'une décision de justice. Un contrôle sera réalisé a posteriori par l'Arcep.
Exploit available for critical bug in VM2 JavaScript sandbox library
Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment.
Samsung Fab Workers Leak Confidential Data While Using ChatGPT
Samsung fab personnel reportedly used ChatGPT to optimize operations and create presentations, leaking confidential data to the third-party AI.
Cyble — New Cylance Ransomware with Power-Packed CommandLine Options
CRIL analyzes Cylance, a new Ransomware variant that uses command-line options to target both Windows and Linux users.
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
A ransomware affiliate is targeting publicly exposed Veritas installations to gain access to organizations.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FIKHHFNOOL5BCFJ5TVZH47Y734U.png?width=92&height=69&ar=&mode=crop&format=avif&dpr=2)
Special Report: Tesla workers shared sensitive images recorded by customer cars | Reuters
Between 2019 and 2022, groups of Tesla employees privately shared via an internal messaging system sometimes highly invasive videos and images recorded by customers’ car cameras.
Apple fixes two zero-days exploited to hack iPhones and Macs
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.
Stopping cybercriminals from abusing security tools
Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by cybercriminals to distribute malware, including ransomware. This is a change in the way DCU has...
Resecurity uncovers STYX, new cybercriminal platform focused on financial fraud - Help Net Security
Resecurity has recently identified the STYX Innovation Marketplace, a new cybercriminal e-commerce platform focused on financial fraud.
Mac Malware MacStealer Spreads as Fake P2E Apps
We detected Mac malware MacStealer spreading via websites, social media, and messaging platforms Twitter, Discord, and Telegram. Cybercriminals lure victims to download it by plagiarizing legitimate play-to-earn (P2E) apps’ images and offering jobs as beta testers.
Troy Hunt: Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"
A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses and passwords to Have I Been Pwned
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.
Chinese fraudsters: evading detection and monetizing stolen credit card information
Cyber attacks are common occurrences that often make headlines, but the leakage of personal information, particularly credit card data, can have severe consequences for individuals. It is essential to understand the techniques employed by cyber criminals to steal this sensitive information. Credit card fraud in the United States has been on the rise, with total losses reaching approximately $12.16 billion in 2021, according to Insider Intelligence. Card-Not-Present (CNP) fraud constituted 72% of these losses, with a substantial portion attributed to Chinese fraudsters.
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
Responsible Cyber Power in Practice
The vision of the UK’s National Cyber Strategy (NCS) 2022 is that the UK will continue to be a leading, responsible and democratic cyber power, able to protect and promote its interests in and through cyberspace in support of national goals. The NCS 2022 set out how the UK will continue to adapt, innovate, and invest in order to pioneer a cyber future with the whole of the UK.
National Cyber Force reveals how daily cyber operations protect the UK
The NCF outlines how it conducts responsible cyber operations to counter state threats, support military operations, and disrupt terrorists and serious crime
Winter Vivern | Uncovering a Wave of Global Espionage
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group.
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist
A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020.
Rorschach – A New Sophisticated and Fast Ransomware
- Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) encountered a previously unnamed ransomware strain, we dubbed Rorschach, deployed against a US-based company. Rorschach ransomware appears to be unique, sharing no overlaps that could easily attribute it to any known ransomware strain. In addition, it does not bear any kind of branding which is a common practice among ransomware groups. * The ransomware is partly autonomous, carrying out tasks that are usually manually performed during enterprise-wide ransomware deployment, such as creating a domain group policy (GPO). In the past, similar functionality was linked to LockBit 2.0. * The ransomware is highly customizable and contains technically unique features, such as the use of direct syscalls, rarely observed in ransomware. Moreover, due to different implementation methods, Rorschach is one of the fastest ransomware observed, by the speed of encryption. * The ransomware was deployed using DLL side-loading of a Cortex XDR Dump Service Tool, a signed commercial security product, a loading method which is not commonly used to load ransomware. The vulnerability was properly reported to Palo Alto Networks.
3CX Desktop App Compromised (CVE-2023-29059)
FortiGuard Labs highlights how a digitally signed 3CX desktop app was reportedly used in a supply chain attack against 3CX Voice over Internet Protocol (VoIP) customers. Check back for analysis and coverage updates.
Android app from China executed 0-day exploit on millions of devices | Ars Technica
Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
Cyble — Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide
Cyble Research & Intelligence Labs analyzes Cl0p ransomware which is rapidly gaining attention for its success in extorting businesses.
Western Digital discloses network breach, My Cloud service down
Western Digital announced today that its network has been breached and an unauthorized party gained access to multiple company systems. The California-based computer drive maker and provider of data storage services says in a press release that the network security incident was identified last Sunday, on March 26. An investigation is in early stages and the company is coordinating efforts with law enforcement authorities.