Skip to main content
To Customer Support To Customer Support

Welcome

News, Announcements, Tech Discussions

45081 Topics
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Release notes for Microsoft Edge Security Updates December 5, 2024

Version 131.0.2903.86: December 5, 2024Fixed various bugs and performance issues.Stable channel security updates are listed here. https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel  Make sure to re-add back in the Privacy Protection area after every update. Click on GIF to see full size!  

40
TripleHelix
Moderator
17 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Microsoft November 2024 Security Updates (Patch Tuesday)

This release consists of the following 89 Microsoft CVEs: Microsoft security update summary for November 2024November 12, 2024Here’s a summary of Microsoft security updates released on this date.Critical security updates.NET 9.0 installed on Linux .NET 9.0 installed on Mac OS .NET 9.0 installed on Windows Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2022 version 17.11 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2022 version 17.8 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server

487
TripleHelix
Moderator
17 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
‘DroidBot’ Android Trojan Targets Banking, Cryptocurrency Applications

The newly discovered DroidBot Android trojan targets 77 banks, cryptocurrency exchanges, and national organizations. December 5, 2024 By Ionut Arghire A newly discovered Android remote access trojan (RAT) is targeting 77 banks, cryptocurrency exchanges, and national entities, fraud prevention firm Cleafy warns.Dubbed DroidBot, and active since mid-2024, the RAT has been used in multiple campaigns in Europe, mainly targeting users in France, Italy, Spain, and Turkey. Attacks were observed in the UK and Portugal as well, and Cleafy found evidence that they could expand to Latin America.DroidBot features sophisticated capabilities, including hidden VNC, overlay attack techniques, spyware capabilities, such as keylogging and user monitoring, and a dual-channel communication mechanism, for increased flexibility. >>Full Article<<

10
Jasper_The_Rasper
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
African Law Enforcement Nabs 1,000+ Cybercrime Suspects

Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms. December 5, 2024 By Robert Lemos  A combined effort among Interpol, Afripol, cybersecurity firms, and authorities in 19 different African nations resulted in the arrest of more than 1,000 suspects who allegedly took part in ransomware schemes, business email compromise (BEC), and other cybercrimes and digital fraud.The collection of law enforcement investigations, dubbed Operation Serengeti, resulted in the arrest of 1,006 suspects linked to more than $192 million in financial losses and affecting at least 35,000 victims.The African nations that took part in the joint law enforcement collaboration include Algeria, Angola, Benin, Cameroon, Côte d'Ivoire, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe. >>Full Art

20
Jasper_The_Rasper
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
US arrests Scattered Spider suspect linked to telecom hacks

December 5, 2024 By Sergiu Gatlan ​U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms.Remington Goy Ogletree (also known online as "remi") breached the three companies' networks using credentials stolen in text and voice phishing messages targeting their employees.He also impersonated the victims' IT support departments in calls designed to pressure the employees into accessing phishing sites where they were asked to enter their user names and passwords.The U.S. financial institution allegedly hacked by Ogletree told the FBI that roughly 149 of its employees were targeted in a phishing campaign (between late October 2023 and mid-November 2023) that redirected them to phishing landing pages impersonating the company. >>Full Article<<

30
Jasper_The_Rasper
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Major USAID contractor Chemonics says 263,000 affected by 2023 data breach

 December 5, 2024 By Jonathan Greig A large contractor for the U.S. government said a 2023 cyberattack exposed the critical personal information of more than 263,000 people.Chemonics, an international development firm with $1.4 billion in U.S. government contracts, announced the incident this week — notifying regulators in several states and posting a notice on its website. The company said it discovered suspicious activity on December 15 and launched an investigation that revealed hackers had been in its systems since May 30, 2023 and continued to have access until January 9, 2024.Chemonics declined to comment about why the company waited more than a year to notify victims but said the investigation “took time to complete.” >>Full Article<<

10
Jasper_The_Rasper
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Meta Highlights Misinformation Trends Based on 2024 Detection

December 5, 2024 By Andrew Hutchinson Meta has published its latest “Adversarial Threat Report” which looks at coordinated influence behavior detected across its apps.And in this report, Meta’s also provided some insight into the key trends that its team has noted throughout the year, which point to ongoing, and emerging concerns within the global cybersecurity threat landscape.First off, Meta notes that the majority of coordinated influence efforts continue to come out of Russia, as Russian operatives seek to bend global narratives in their favor.As per Meta: >>Full Article<<

20
Jasper_The_Rasper
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Mitel MiCollab zero-day flaw gets proof-of-concept exploit

December 5, 2024 By Bill Toulas Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem.Mitel MiCollab is an enterprise collaboration platform that consolidates various communication tools into a single application, offering voice and video calling, messaging, presence information, audio conferencing, mobility support, and team collaboration functionalities.It's utilized by various organizations, including large corporations, small to medium-sized enterprises, and companies operating on a remote or hybrid workforce model.The latest vulnerability in the product was discovered by researchers at watchTowr, who, despite having reported to the vendor since August, it remains unfixed after 90 days of being disclosed and waiting for a patch."watchTowr contacted Mitel on August 26 about the new vulnerability. Mitel informed watchTowr of plans to patch the first week of December 2024. At

10
Jasper_The_Rasper
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Bootloader Vulnerability Impacts Over 100 Cisco Switches

More than 100 Cisco products are affected by an NX-OS vulnerability that allows attackers to bypass image signature verification. December 5, 2024 By Ionut Arghire Cisco on Wednesday announced patches for a vulnerability in the NX-OS software’s bootloader that could allow attackers to bypass image signature verification.Tracked as CVE-2024-20397, the high-impact security defect exists due to insecure bootloader settings that enable an attacker to execute specific commands to bypass the verification process and load unverified software.While authentication is not required for the successful exploitation of the flaw, physical access is, Cisco notes in its advisory. The bug can also be exploited by an authenticated, local attacker that has administrative privileges.According to Cisco, the issue is only relevant for its MDS, Nexus, and UCS Fabric Interconnect products that support secure boot, and not for legacy devices without the feature. In total, the company’s advisory lists more than

20
Jasper_The_Rasper
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
New Android spyware found on phone seized by Russian FSB

December 5, 2024 By Bill Toulas After a Russian programmer was detained by Russia's Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discovered that a new spyware was secretly installed on his device upon its return.The programmer, Kirill Parubets, was arrested by the FSB after being accused of donating to Ukraine. After regaining access to his mobile device, the programmer suspected it was tampered with by the Russian government after it exhibited unusual behavior and displayed a notifications stating, "Arm cortex vx3 synchronization."After sharing it with Citizen Lab for forensic analysis, investigators confirmed that spyware had been installed on the device that impersonated a legitimate and popular Android app 'Cube Call Recorder,' which has over 10,000,000 downloads on Google Play.Contrary to the legitimate app, though, the spyware has access to a broad range of permissions, giving it unfettered access to the device and allowing the attackers to mo

20
Jasper_The_Rasper
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
'Earth Minotaur' Exploits WeChat Bugs, Sends Spyware to Uyghurs

The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called "DarkNimbus" to ethnic minorities, including Tibetans. December 5, 2024 By Elizabeth Montalbano  A newly identified cyber-threat operation is using a known exploit kit to target security vulnerabilities in the popular WeChat app, to deliver previously unreported spyware to both Android and Windows devices belonging to the Tibetan and Uyghur ethnic-minority communities in China.A group that researchers at Trend Micro are tracking as Earth Minotaur is wielding the Moonshine exploit kit, which first surfaced in 2019, to deliver a backdoor called DarkNimbus. The malware can steal data and monitor device activity, they revealed in a blog post published today, while Moonshine typically targets vulnerabilities in instant messaging apps on Android devices to deliver the malware. It also exploits multiple k

20
Jasper_The_Rasper
Moderator
18 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Releases New Public Version of CDM Data Model Document Release Date December 04, 2024

Related topics:Cybersecurity Best PracticesToday, the Cybersecurity and Infrastructure Security Agency (CISA) released an updated public version of the Continuous Diagnostics and Mitigation (CDM) Data Model Document. Version 5.0.1 aligns with fiscal year 2023 Federal Information Security Modernization Act (FISMA) metrics.The CDM Data Model Document provides a comprehensive description of a common data schema to ensure that prescribed diagnostic activities within CDM solutions are consistent across all participating federal agencies. Agencies leverage the common data schema to accomplish these critical objectives: Reduce agency threat surface. Increase visibility into the federal cybersecurity posture. Improve federal cybersecurity response capabilities. Streamline FISMA reporting.Vendors also can benefit from the CDM Data Model Document.For additional information, visit the Continuous Diagnostics and Mitigation (CDM) Program web page. https://www.cisa.gov/news-events/alerts/2024/12/04/

20
TripleHelix
Moderator
18 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
UK disrupts Russian money laundering networks used by ransomware

December 4, 2024 By Sergiu Gatlan ​A law enforcement operation led by the United Kingdom's National Crime Agency (NCA) has disrupted two Russian money laundering networks working with criminals worldwide, including ransomware gangs.Dubbed "Operation Destabilise," this international investigation has led to the arrest of 84 Russian-speaking suspects linked to the Smart (led by Ukrainian George Rossi) and TGR (controlled by Russian Ekaterina Zhdanova) criminal organizations."The networks also support Russian cyber criminals to launder their illicit profits. In 2021, Zhdanova laundered over $2.3million of suspected ransoms paid in crypto by victims to the Ryuk ransomware group," the NCA said today."The NCA assesses that the group, members of which were sanctioned by the UK in 2023, was responsible for extorting at least £27m from 149 UK victims, including hospitals, schools, businesses and local authorities. However, their true impact is likely to be much higher." >>Full Article<

20
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Why Phishers Love New TLDs Like .shop, .top and .xyz

December 3, 2024 By Brian Krebs Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.Image: Shutterstock.A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024.Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile

40
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

 December 3, 2024 By Pieter Arntz Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information.AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names.But the way its solution is set up introduces an extra link in the chain in the flow of personally identifiable information (PII) from the customer to the company that deployed the chatbot, leaving an additional risk of exposure.Given the variety in the data the researchers found in the 346,381 files, they suspect that it stems from several WotNot customers. Some of the records that were found included:Identification documents including passports, which contain information like full names, dates of birth, passport numbers, and other information cybercriminals love to get their hands on. Medical records including diagnoses,

20
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
British telecoms giant BT confirms attempted cyberattack after ransomware gang claims hack

 December 4, 2024 By Alexander Martin  The telecommunications giant BT Group, one of Britain’s largest companies, confirmed on Wednesday “an attempt to compromise” its conferencing platform after the Black Basta ransomware group claimed on its darknet leak site to have obtained the company's corporate data.A spokesperson for the company, which is listed on the London Stock Exchange, stressed the “incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated.” BT employs around 100,000 people globally and recorded revenues of over £20 billion (about $25.4 billion) in 2023. The privatised successor organisation to a former state monopoly, the company is responsible for a significant amount of Britain’s telephone infrastructure and operates the vast majority of its telephone exchanges, although there is no indication these have been impacted. >>Full Article<<

10
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Deloitte Hacked – Brain Cipher Ransomware Group Allegedly Stolen 1 TB of Data

December 4, 2024 By Balaji N   Notorious ransomware group Brain Cipher has claimed to have breacked Deloitte UK, allegedly exfiltrating over 1 terabyte of sensitive data from the professional services giant.Brain Cipher is a ransomware group that emerged in June 2024, quickly gaining notoriety for its cyberattacks on organizations worldwide. Notably, it was responsible for a significant attack on Indonesia’s National Data Center, which disrupted services for over 200 government agencies, including immigration and passport control.According to statements posted by Brain Cipher, the attack has exposed critical vulnerabilities in Deloitte UK’s cybersecurity infrastructure.The ransomware group claims to have accessed and stolen compressed data exceeding 1 terabyte in volume, raising serious concerns about data protection practices at one of the “Big Four” accounting firms.“Soon we will tell you about this incident. We will provide an example of data that has leaked. The volume of compresse

10
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Hackers are building bespoke Mac malware using GenAI

December 4, 2024 By Craig Hale  Apple fans have been warned (Image credit: Jack Skeens / Shutterstock)Mac users need to stop believing that macOS is safer than Windows Generative AI has helped non-coders to create their own malware Social engineering continues to be the most common attack methodCybersecurity experts from Moonlock are warning of the increasing prevalence of sophisticated macOS malware created with the help of generative AI.In its 2024 Threat Report, Moonlock explored how publicly available tools like ChatGPT have enabled hackers to work around the technical barriers they were previously subject to in order to create malicious software more quickly.The research found screenshots posted to darknet forums showing hackers using artificial intelligence to guide them through the development of Mac-bound malware step by step. >>Full Article<<

20
Jasper_The_Rasper
Moderator
19 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Adds One Known Exploited Vulnerability to Catalog Release Date December 04, 2024

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-51378CyberPanel Incorrect Default Permissions VulnerabilityThese types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely re

30
TripleHelix
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Japan warns of IO-Data zero-day router flaws exploited in attacks

December 4, 2024 By Bill Toulas Japan's CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall.The vendor has acknowledged the flaws in a security bulletin published on its website. However, the fixes are expected to land on December 18, 2024, so users will be exposed to risks until then unless mitigations are enabled.The vulnerabilitiesThe three flaws that were identified on November 13, 2024, are information disclosure, remote arbitrary OS command execution, and the ability to disable firewalls.The issues are summarized as follows:CVE-2024-45841: Permissions on sensitive resources are misconfigured, allowing users with low-level privileges to access critical files. For example, a third party who knows the guest account credentials may access files containing authentication information. CVE-2024-47133: Allows authenticated administrative users to inject and execute arbit

50
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

December 4, 2024 By Pierluigi Paganini Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks in a joint advisory.Australia, Canada, New Zealand, and the U.S. issued a joint advisory to warn of People’s Republic of China (PRC)-linked cyber espionage targeting telecom networks.“The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that People’s Republic of China (PRC)-affiliated threat actors compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign.” reads the joint advisory. >>Full Article<<

20
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Solana’s popular web3.js library backdoored in supply chain compromise

December 4, 2024 By Zeljka Zorz A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry.Just like the recent Lottie Player supply chain compromise, this attack was reportedly made possible due to compromised (phished) npm.js account credentials.What happened?“Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana [decentralized apps]. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly,” Steven Luscher, one of the library’s maintainers, confirmed on Tuesday. >>Full Article<<

10
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
U.S. Offered $10M for Hacker Just Arrested by Russia

December 4, 2024 By Brian Krebs In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.An FBI wanted poster for Matveev.Matveev, a.k.a. “Wazawaka” and “Boriselcin” worked with at least three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies, U.S. prosecutors allege. >>Full Article<<

20
Jasper_The_Rasper
Moderator
19 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Russian hackers hijack Pakistani hackers' servers for their own attacks

December 4, 2024 By Bill Toulas The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156's infrastructure to launch their own covert attacks on already compromised victims.Using this tactic, Turla (aka "Secret Blizzard") accessed networks Storm-0156 had previously breached, like in Afghan and Indian government organizations, and deployed their malware tools.According to a report from Lumen's Black Lotus Labs, which tracked this campaign since January 2023 with the help of Microsoft's Threat Intelligence Team, the Turla operation has been underway since December 2022.Turla (aka Secret Blizzard) is a Russian state-sponsored hacking group linked to Center 16 of Russia's Federal Security Service (FSB), the unit responsible for the interception, decoding, and collection of data from foreign targets. >>Full Article<<

10
Jasper_The_Rasper
Moderator
19 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Storm-1811 Hackers Exploits RMM Tools to Deliver Black Basta Ransomware

December 3, 2024 Storm-1811, a financially driven threat actor that employs social engineering techniques, has recently been observed exploiting RMM tools to distribute the Black Basta ransomware.The threat actor exploits the client management tool, Microsoft Quick Assist, with the intention of delivering Black Basta ransomware as the ultimate payload over the network.Quick Assist is an application that allows a user to remotely connect to another person and share their Windows or macOS device. This allows the connecting user to view the device’s display, make annotations, or take complete control—usually for troubleshooting—by remotely connecting to the receiving user’s device. Full Article

40
TripleHelix
Moderator
19 days ago

Badges

Show all badges

Join the Conversation

Terms & Conditions