Skip to main content
To Customer Support To Customer Support

Welcome

News, Announcements, Tech Discussions

45072 Topics
C
Administrator
ConnorMThreat Research Analyst
published in Security Industry News
Cyber News Rundown: Romanian energy supplier suffers ransomware attackNews

Recently, one of the largest energy suppliers in Romania, Electrica, has revealed that they had fallen victim to a ransomware attack which had breached their internal systems. The Lynx ransomware group is claimed to be responsible for this incident, though no official statement has been released, nor has Electrica been added to the ransomware group’s data leak site.  As the investigation is ongoing, little is known about the initial attack vector, though authorities have provided a YARA script that was created to scan for malicious binaries on a network.Operation PowerOFF shuts down global DDoS platformsThe latest international law enforcement collaboration, Operation PowerOFF, has successfully shut down 27 notorious web platforms that offered Distributed Denial of Service (DDoS) capabilities, including what are known as ‘booster’ and ‘stressor’ websites, used to overload victim websites and other web-based services with excessive traffic. Operation PowerOFF, which had cooperation from

243
ProTruckDriver
Moderator
9 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Adds One Known Exploited Vulnerability to Catalog Release Date December 13, 2024

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload VulnerabilityThese types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing

50
TripleHelix
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
With 'TPUXtract,' Attackers Can Steal Orgs' AI Models

A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network — meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves.   December 13, 2024 By Nate Nelson Researchers have demonstrated how to recreate a neural network using the electromagnetic (EM) signals emanating from the chip it runs on.The method, called "TPUXtract," comes courtesy of North Carolina State University's Department of Electrical and Computer Engineering. Using many thousands of dollars worth of equipment and a novel technique called "online template-building," a team of four managed to infer the hyperparameters of a convolutional neural network (CNN) — the settings that define its structure and behavior — running on a Google Edge Tensor Processing Unit (TPU), with 99.91% accuracy. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Hacker Uses Info-Stealer Against Security Pros, Other Bad Actors

December 13, 2024 By Jeffrey Burt An unknown hacker using two initial access techniques has compromised hundreds of victims that include not only threat hunters, pen testers, and other cybersecurity researchers but also other cybercriminals.The bad actor, dubbed “MUT-1244” by threat researchers with Datadog Security Labs, has stolen sensitive information such as SSH private keys and Amazon Web Services (AWS) access keys from security pros as well as more than 390,000 credentials from other hackers that likely initially were bought on the dark web and seem to belong to accounts on WordPress websites.MUT-1244 – MUT refers to “mysterious unattributed threat” – has been active since at least October and, while using multiple initial access vectors to initially compromise its targets, delivers the same second-stage payload. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Hackers Steal 17M Patient Records in Attack on 3 Hospitals

IT Outage, Downtime Procedures Affecting Services at California Healthcare Provider December 13, 2024 By Marianne Kolbasuk McGee  PIH Health Whittier Hospital is among facilities affected by a Dec. 1 ransomware attack on the California healthcare system (Image: PIH Health)Cybercriminals claim they stole 17 million patient records from a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1. >>Full Article<<

70
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
CISA warns water facilities to secure HMI systems exposed online

December 13, 2024 By Sergiu Gatlan CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks.HMIs are dashboards or user interfaces that help human operators connect to, monitor, and control industrial machines and devices via tablets, portable computers, or built-in displays."In the absence of cybersecurity controls, threat actors can exploit exposed HMIs at WWS Sector utilities to view the contents of the HMI, make unauthorized changes, and potentially disrupt the facility's water and/or wastewater treatment process," the two federal agencies said on Friday."For example, in 2024, pro-Russia hacktivists manipulated HMIs at Water and Wastewater Systems, causing water pumps and blower equipment to exceed their normal operating parameters. In each case, the hacktivists maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords to lock ou

60
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

December 13, 2024 By Ravie Lakshmanan A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that involves phishing and several trojanized GitHub repositories hosting proof-of-concept (PoC) code for exploiting known security flaws."Victims are believed to be offensive actors – including pentesters and security researchers, as well as malicious threat actors – and had sensitive data such as SSH private keys and AWS access keys exfiltrated," researchers Christophe Tafani-Dereeper, Matt Muir, and Adrian Korn said in an analysis shared with The Hacker News. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Germany Sinkholes Botnet of 30,000 BadBox-Infected Devices

Germany’s cybersecurity agency BSI has sinkholed a botnet of 30,000 devices shipped with BadBox malware pre-installed. December 13, 2024 By Ionut Arghire At least 30,000 media devices were sold in Germany with pre-installed malware that ensnared them into a botnet, Germany’s Federal Office for Information Security (BSI) said on Thursday.The infected photo frames and streaming devices were running older Android versions and were infected with the BadBox malware prior to arriving on shelves, the German cybersecurity agency says.BSI says it has sinkholed the communication between the BadBox bots and their command-and-control (C&C) servers, instructing all internet providers in the country with more than 100,000 subscribers to help redirect traffic to the sinkhole. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.  December 13, 2024 By Tara Seals The Dubai Police are the latest victims of impersonation by fraudsters in the United Arab Emirates (UAE), who are sending thousands of text messages out to unwitting mobile users while purporting to represent the law enforcement agency.Researchers at BforeAI observed a recent surge in phishing attacks leveraging alleged police communications, which encourage text recipients to click on a malicious URL to respond to supposed legal trouble or to register with an "official" online portal. The included links redirect victims to fake websites designed to harvest sensitive information, including bank details or personal identification details.The campaign uses well-crafted lures with official branding, suggesting a moderate level of sophistication, according to BforeAI. But while the lures are tailored to UAE citizens, the ph

20
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
4.8 million healthcare records left freely accessible

 December 13, 2024 By Pieter Arntz Your main business is healthcare, so your excuse when you get hacked is that you didn’t have the budget to secure your network. Am I right?So, in order to prevent a ransomware gang from infiltrating your network, you could just give them what they want—all your data.The seemingly preferred method to accomplish this is to leave the information unprotected and unencrypted in an exposed Amazon S3 bucket.An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There is no limit to the amount of data you can store in an S3 bucket, and individual instances can be up to 5 TB in size. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
U.S. authorities seized cybercrime marketplace Rydox

December 13, 2024 By Pierluigi Paganini The U.S. Department of Justice (DoJ) announced the seizure of the cybercrime marketplace Rydox (“rydox.ru” and “rydox[.]cc”).The U.S. Department of Justice (DoJ) seized Rydox, a cybercrime marketplace for selling stolen personal data and fraud tools.Kosovars authorities arrested three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli. Kosovo nationals Ardit and Jetmir Kutleshi, Rydox administrators, were arrested in Kosovo and await extradition to the U.S. The third administrator, Sokoli, was arrested in Albania by SPAK and is set to face charges and prosecution in Albania.The Rydox marketplace has been active since February 2016, it facilitated over 7,600 sales of stolen PII, access devices, and cybercrime tools, generating $230,000 since 2016. It offered over 321,000 products to 18,000 users, including names, social security numbers, and hacking tools. Thousands of U.S. victims were affected.

20
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Russian cyberspies target Android users with new spyware

December 13, 2024 By Bill Toulas Russian cyberspies Gamaredon has been discovered using two Android spyware families named 'BoneSpy' and 'PlainGnome' to spy on and steal data from mobile devices.According to Lookout, which discovered the two malware families, BoneSpy has been active since 2021, while PlainGnome emerged in 2024. Both target Russian-speaking individuals in former Soviet states.Gamaredon (aka "Shuckworm") is believed to be part of Russia's Federal Security Agency (FSB), and its operations are closely tied to the country's national geopolitical interests.Although the threat group has used various malware tools, BoneSpy and PlainGnome are the first documented cases of Gamaredon malware targeting mobile devices, specifically Android. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Release notes for Microsoft Edge Security Updates December 12, 2024

December 12, 2024Microsoft has released the latest Microsoft Edge Stable Channel (Version 131.0.2903.99) that incorporates the latest updates of the Chromium project. For more information, see the Security Update Guide https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security Make sure to re-add back in the Privacy Protection area after every update. Click on GIF to see full size!  

80
TripleHelix
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
New stealthy Pumakit Linux rootkit malware spotted in the wild

December 12, 2024 By Bill Toulas A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems.The malware is a multi-component set that includes a dropper, memory-resident executables, a kernel module rootkit, and a shared object (SO) userland rootkit.Elastic Security discovered Pumakit in a suspicious binary ('cron') upload on VirusTotal, dated September 4, 2024, and reported having no visibility into who uses it and what it targets.Generally, these tools are used by advanced threat actors targeting critical infrastructure and enterprise systems for espionage, financial theft, and disruption operations.  >>Full Article<<

50
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed

December 12, 2024 By Bill Toulas US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability.Byte Federal is the largest US operator of Bitcoin ATMs across the United States, with over 1,200 ATMs located in forty-two states, allowing people to exchange cash for cryptocurrency.The company is now sending out data breach notifications warning that it suffered a data breach in November after hackers gained access to its systems by exploiting a GitLab vulnerability."On November 18, 2024, Byte Federal became aware of a security breach by a bad actor who gained unauthorized access to one of our servers by exploiting a vulnerability in GitLab, a third-party software platform commonly used by developers worldwide for project management and collaboration with comprehensive security features," reads the Byte Federal data breach notification letter. >>Full Article<<

30
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack

Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.   December 12, 2024 By Becky Bracken Internet of Things (IoT) vendor Ruijie Networks has shored up its Reyee cloud management platform against 10 newly discovered vulnerabilities that could have given adversaries control of thousands of connected devices in a single cyberattack.The Fuzhou, China-based infrastructure maker's Ruijie Networks devices, are commonly used to provide free Wi-Fi in public settings like airports, schools, shopping malls, and governments across more than 90 countries.A pair of researchers from Claroty Team82 have developed an attack they named "Open Sesame" that they used to successfully take control of Rujie Networks devices through its cloud-based Web management portal for remote monitoring and configuration."The Ruijie Reyee cloud platform lets admins remotely manage their access points and routers," researchers Noam Moshe and Tomer

30
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Thousands of sites remain unpatched against actively exploited WordPress plugin bug

Vulnerability with severity rating of 9.8 out of possible 10 still live on >8,000 sites. Dan Goodin – 12 Dec 2024 Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of malicious code, security researchers said.The vulnerability, tracked as CVE-2024-11972, is found in Hunk Companion, a plugin that runs on 10,000 sites that use the WordPress content management system. The vulnerability, which carries a severity rating of 9.8 out of a possible 10, was patched earlier this week. At the time this post went live on Ars, figures provided on the Hunk Companion page indicated that less than 12 percent of users had installed the patch, meaning nearly 9,000 sites could be next to be targeted. >>Full Article<<

40
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Microsoft MFA Bypassed via AuthQuake Attack

Oasis Security has disclosed AuthQuake, a method for bypassing Microsoft MFA within an hour without user interaction. December 12, 2024 By Eduard KovacsNon-human identity management firm Oasis Security has disclosed the details of an attack that allowed its researchers to bypass Microsoft’s multi-factor authentication (MFA) implementation.The attack method, dubbed AuthQuake, was reported to Microsoft in late June and a temporary fix was rolled out a few days later. The tech giant released a permanent fix in October. According to Oasis, the vulnerability, which is described as critical, could have allowed threat actors to bypass Microsoft’s MFA and gain access to accounts — provided that they had the target’s username and password.The security firm noted that the MFA bypass could have been exploited to access Outlook emails, OneDrive files, Teams chats, and Azure cloud instances, and highlighted the potential impact by pointing out that Microsoft recently reported having more than 400 m

30
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
US offers $5 million for info on North Korean IT worker farms

December 12, 2024 By Sergiu Gatlan ​The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees generating millions via illegal remote IT work schemes.The two companies, Chinese-based Yanbian Silverstar and Volasys Silverstar from Russia, tricked businesses worldwide into employing North Korean staff as freelance IT workers.These illegally obtained funds are then laundered in violation of international sanctions and sent back to the Pyongyang regime to support the country's UN-prohibited nuclear missile programs. As the FBI, the State Department, and the Justice Department said in a May 2022 tri-seal advisory, each of North Korea's IT workers can earn up to $300,000 annually, generating hundreds of millions of dollars collectively every year."Yanbian Silverstar and Volasys Silverstar together employ more than 130 DPRK IT workers, who refer to themselves as 'IT warriors,'" the Sta

20
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)

December 10, 2024 By Zeljka Zorz Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on Monday.“We’ve discovered at least 10 businesses whose Cleo servers were compromised with a notable uptick in exploitation observed on December 8 around 07:00 UTC. After some initial analysis, however, we have found evidence of exploitation as early as December 3,” they shared, and noted that there are more potential vulnerable Cleo servers out there.What’s happening?Which vulnerability are the attackers exploiting? Huntress researchers say it’s CVE-2024-50623, an unrestricted file upload and download vulnerability, a fix for which Cleo pushed out in late October 2024 in v5.8.0.21 of Harmony, VLTrader, and LexiCom.Huntress researchers found that the patch provided by Cleo “does not mitigate the software flaw.”

81
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
How Cryptocurrency Turns to Cash in Russian Banks

December 11, 2024 By Brian Krebs A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there.Richard Sanders is a blockchain analyst and investigator who advises the law enforcement and intelligence community. Sanders spent most of 2023 in Ukraine, traveling with Ukrainian soldiers while mapping the shifting landscape of Russian crypto exchanges that are laundering money for narcotics networks operating in the region.More recently, Sanders has focused on identifying how dozens of popular cybercrime services are getting paid by their customers, and how they are converting cryptocurrency revenue

20
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Spain busts voice phishing ring for defrauding 10,000 bank customers

December 12, 2024 By Bill Toulas The Spanish police, working with colleagues in Peru, conducted a simultaneous crackdown on a large-scale voice phishing (vishing) scam ring in the two countries, arresting 83 individuals.Thirty-five of the arrested people were located across Spain, including in Madrid, Barcelona, Mallorca, Salamanca, and Vigo, and another 48 were arrested in Peru.The leader of the ring was also apprehended in Spain during the 29 simultaneous raids conducted by the cooperating police forces, which also seized cash, mobile phones, computers, and documents.Impersonating banksAccording to the announcement from the Spanish police (Policia Nacional), the scammers operated a large call operation that employed 50 people in three distinct call centers, defrauding at least 10,000 people and making €3,000,000 ($3.15M) in proceeds.The calling agents used stolen databases, pre-written social engineering, and scripts to trick the call recipients into giving away their sensitive banki

20
Jasper_The_Rasper
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack

Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.   December 11, 2024 By Becky Bracken US doughnut dealer Krispy Kreme suffered a cybersecurity incident that's made a mess of online ordering but spared retail operations that continue to serve up sugar-coated confections nationwide.A Securities and Exchange Commission filing from Krispy Kreme disclosed the company was subject to an "unauthorized activity on a portion of its information technology systems" in late November."The Company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement," the Krispy Kreme 8-K filing explained. "As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known." >>Full Article<<

40
Jasper_The_Rasper
Moderator
11 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Operation PowerOFF shuts down 27 DDoS-for-hire platforms

December 11, 2024 By Bill Toulas Law enforcement agencies from 15 countries have taken 27 DDoS-for-hire services offline, also known as "booters" or "stressers," arrested three administrators, and identified 300 customers of the platforms.The action is part of 'Operation PowerOFF,' an international initiative to combat cybercrime, specifically distributed denial-of-service (DDoS) attacks.DDoS-for-hire services are platforms that utilize botnets on compromised devices to launch attacks on behalf of paying customers against online targets of their choice.These attacks can cause service outages and business disruption to the targets, especially during the peak holiday season, where they can disrupt the increased online shopping."This multifaceted operation, coordinated by Europol and involving 15 countries, targeted all levels of those engaged in this crime," reads a press release from Europol."Three administrators behind these illicit platforms were arrested, and several actions were tak

30
Jasper_The_Rasper
Moderator
11 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Photobucket sold users’ biometric data without consent, lawsuit says

Class action could foil Photobucket’s plan to turn old photos into AI goldmine.Ashley Belanger – 11 Dec 2024 Photobucket was sued Wednesday after a recent privacy policy update revealed plans to sell users' photos—including biometric identifiers like face and iris scans—to companies training generative AI models.The proposed class action seeks to stop Photobucket from selling users' data without first obtaining written consent, alleging that Photobucket either intentionally or negligently failed to comply with strict privacy laws in states like Illinois, New York, and California by claiming it can't reliably determine users' geolocation.Two separate classes could be protected by the litigation. The first includes anyone who ever uploaded a photo between 2003—when Photobucket was founded—and May 1, 2024. Another potentially even larger class includes any non-users depicted in photographs uploaded to Photobucket, whose biometric data has also allegedly been sold without consent. >>

102
Jasper_The_Rasper
Moderator
11 days ago

Badges

Show all badges

Join the Conversation

Terms & Conditions