Cybersecurity Center

Cybersecurity News

  • Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services (Friday July 26, 2024)
    Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google's "Sign in with Google" feature. (KrebsOnSecurity)
  • This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps (Friday July 26, 2024)
    A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform" (HackerNews)
  • Offensive AI: The Sine Qua Non of Cybersecurity (Friday July 26, 2024)
    "Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program named (HackerNews)
  • U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals (Friday July 26, 2024)
    The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. "Rim Jong Hyok and his co-conspirators deployed (HackerNews)
  • Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining (Friday July 26, 2024)
    Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023. "Unbeknownst to (HackerNews)
  • CrowdStrike Warns of New Phishing Scam Targeting German Customers (Friday July 26, 2024)
    CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter (HackerNews)
  • Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk (Friday July 26, 2024)
    Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. "In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code (HackerNews)
  • North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (Thursday July 25, 2024)
    A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt, (HackerNews)
  • 6 Types of Applications Security Testing You Must Know About (Thursday July 25, 2024)
    Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the SDLC has never been more essential. Traditional pentesting provides a crucial snapshot of an (HackerNews)
  • Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams (Thursday July 25, 2024)
    Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. "These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said. "They targeted primarily adult men in the U.S. and used fake accounts to mask (HackerNews)
  • Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security (Thursday July 25, 2024)
    The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both (HackerNews)
  • Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform (Thursday July 25, 2024)
    Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. "An attacker could escalate their privileges to the Default Cloud Build Service Account and (HackerNews)
  • Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins (Thursday July 25, 2024)
    Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length set (HackerNews)
  • CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software (Thursday July 25, 2024)
    The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and (HackerNews)
  • New Chrome Feature Scans Password-Protected Files for Malicious Content (Thursday July 25, 2024)
    Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that (HackerNews)
  • How a Trust Center Solves Your Security Questionnaire Problem (Wednesday July 24, 2024)
    Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the (HackerNews)
  • Telegram App Flaw Exploited to Spread Malware Hidden in Videos (Wednesday July 24, 2024)
    A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11. " (HackerNews)
  • How to Reduce SaaS Spend and Risk Without Impacting Productivity (Wednesday July 24, 2024)
    There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface—and with (HackerNews)
  • Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool (Wednesday July 24, 2024)
    The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week. The activity cluster, also (HackerNews)
  • CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices (Wednesday July 24, 2024)
    Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company (HackerNews)
  • Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers (Wednesday July 24, 2024)
    A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity (HackerNews)
  • CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List (Wednesday July 24, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure (HackerNews)
  • Phish-Friendly Domain Registry “.top” Put on Notice (Tuesday July 23, 2024)
    The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.” (KrebsOnSecurity)
  • Chinese Hackers Target Taiwan and U.S. NGO with MgBot and MACMA Malware (Tuesday July 23, 2024)
    Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on (HackerNews)
  • New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure (Tuesday July 23, 2024)
    Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP (HackerNews)
  • How to Securely Onboard New Employees Without Sharing Temporary Passwords (Tuesday July 23, 2024)
    The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging in-person meetings to verbally communicate these (HackerNews)
  • Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files (Tuesday July 23, 2024)
    Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the (HackerNews)
  • Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model (Tuesday July 23, 2024)
    Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant that the model adopted for Facebook and Instagram might potentially violate (HackerNews)
  • Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware (Tuesday July 23, 2024)
    The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using (HackerNews)
  • Google Abandons Plan to Phase Out Third-Party Cookies in Chrome (Tuesday July 23, 2024)
    Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web (HackerNews)
  • Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking (Monday July 22, 2024)
    The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox is tracking the proprietor (HackerNews)
  • PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (Monday July 22, 2024)
    A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google (HackerNews)
  • How to Set up an Automated SMS Analysis Service with AI in Tines (Monday July 22, 2024)
    The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization’s security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already (HackerNews)
  • MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting (Monday July 22, 2024)
    As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, “Your First 100 Days as a vCISO – 5 Steps to Success”, which covers all the phases entailed in launching a successful vCISO engagement, along with recommended (HackerNews)
  • SocGholish Malware Exploits BOINC Project for Covert Cyberattacks (Monday July 22, 2024)
    The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer computing" platform maintained by the University of California with an aim to carry out "large-scale (HackerNews)
  • New Linux Variant of Play Ransomware Targeting VMware ESXi Systems (Monday July 22, 2024)
    Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a (HackerNews)
  • Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware (Saturday July 20, 2024)
    Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix. The attack chains involve distributing a ZIP archive file named "crowdstrike-hotfix.zip," (HackerNews)
  • 17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K. (Saturday July 20, 2024)
    Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of (HackerNews)
  • Global Microsoft Meltdown Tied to Bad Crowdstrike Update (Friday July 19, 2024)
    A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike's solution needs to be applied manually on a per-machine basis. (KrebsOnSecurity)
  • Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide (Friday July 19, 2024)
    Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not impacted. This is (HackerNews)
  • Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks (Friday July 19, 2024)
    Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario. Astamirov was arrested in Arizona by U.S. law (HackerNews)
  • Safeguard Personal and Corporate Identities with Identity Intelligence (Friday July 19, 2024)
    Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital. (HackerNews)
  • Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware (Friday July 19, 2024)
    A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future's Insikt Group said. Targets of the ongoing campaign (HackerNews)
  • APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K. (Friday July 19, 2024)
    Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group. "APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since (HackerNews)
  • Summary of "AI Leaders Spill Their Secrets" Webinar (Friday July 19, 2024)
    Event Overview The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing's Product Manager. Key Speakers and Their (HackerNews)
  • SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software (Friday July 19, 2024)
    SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS (HackerNews)
  • WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach (Friday July 19, 2024)
    Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and (HackerNews)
  • Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver (Thursday July 18, 2024)
    Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET, which (HackerNews)
  • AppSec Webinar: How to Turn Developers into Security Champions (Thursday July 18, 2024)
    Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs — a way to turn developers from (HackerNews)
  • Automated Threats Pose Increasing Risk to the Travel Industry (Thursday July 18, 2024)
    As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023—a significant jump from 37.4% in 2022.  (HackerNews)
  • SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks (Thursday July 18, 2024)
    Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers (HackerNews)
  • TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks (Thursday July 18, 2024)
    Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America, (HackerNews)
  • Meta Halts AI Use in Brazil Following Data Protection Authority's Ban (Thursday July 18, 2024)
    Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the (HackerNews)
  • Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks (Monday July 15, 2024)
    At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain. (KrebsOnSecurity)
  • Crooks Steal Phone, SMS Records for Nearly All AT&T Customers (Friday July 12, 2024)
    AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). (KrebsOnSecurity)
  • The Stark Truth Behind the Resurgence of Russia’s Fin7 (Wednesday July 10, 2024)
    The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia. (KrebsOnSecurity)
  • Microsoft Patch Tuesday, July 2024 Edition (Tuesday July 09, 2024)
    Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. (KrebsOnSecurity)
  • The Not-So-Secret Network Access Broker x999xx (Wednesday July 03, 2024)
    Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is "x999xx," the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups. (KrebsOnSecurity)
  • KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO (Thursday June 20, 2024)
    On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity. (KrebsOnSecurity)
  • Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested (Saturday June 15, 2024)
    A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.