Cybersecurity Center

Cybersecurity News

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar (Friday September 29, 2023)
    Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week. DoubleFinger was first (HackerNews)
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (Friday September 29, 2023)
    The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding (HackerNews)
  • Post-Quantum Cryptography: Finally Real in Consumer Apps? (Friday September 29, 2023)
    Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.  Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or (HackerNews)
  • Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites (Friday September 29, 2023)
    Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations. Introduced by Microsoft in February 2023, Bing Chat is an  (HackerNews)
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server (Friday September 29, 2023)
    Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a (HackerNews)
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts (Friday September 29, 2023)
    Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled. The (HackerNews)
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions (Thursday September 28, 2023)
    A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code (HackerNews)
  • China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies (Thursday September 28, 2023)
    Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a malicious cyber actor dubbed BlackTech by the U.S. National Security Agency (NSA), Federal Bureau of (HackerNews)
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies (Thursday September 28, 2023)
    The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle (HackerNews)
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies (Thursday September 28, 2023)
    Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team, (HackerNews)
  • Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability (Thursday September 28, 2023)
    Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can (HackerNews)
  • Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors (Wednesday September 27, 2023)
    A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack attitude," adding that "the phishing attack activity captured this time is part of the attacker's targeted strike on (HackerNews)
  • Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data (Wednesday September 27, 2023)
    A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of (HackerNews)
  • ‘Snatch’ Ransom Group Exposes Visitor IP Addresses (Wednesday September 27, 2023)
    The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord. (KrebsOnSecurity)
  • New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On (Wednesday September 27, 2023)
    Data security is in the headlines often, and it’s almost never for a positive reason. Major breaches, new ways to hack into an organization’s supposedly secure data, and other threats make the news because well, it’s scary — and expensive.  Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but they are even more costly when they occur, with the  (HackerNews)
  • New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software (Wednesday September 27, 2023)
    A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report. "The malware is a modular remote access trojan (RAT) with information (HackerNews)
  • Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score (Wednesday September 27, 2023)
    Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially (HackerNews)
  • Microsoft is Rolling out Support for Passkeys in Windows 11 (Tuesday September 26, 2023)
    Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step. Based on FIDO standards, Passkeys were first announced in May (HackerNews)
  • ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families (Tuesday September 26, 2023)
    Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a joint technical report. The actor, active (HackerNews)
  • Essential Guide to Cybersecurity Compliance (Tuesday September 26, 2023)
    SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance? (HackerNews)
  • Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions (Tuesday September 26, 2023)
    An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors. Some of the other targeted prominent (HackerNews)
  • Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX (Tuesday September 26, 2023)
    How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from Fastly’s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). This report (HackerNews)
  • Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign (Tuesday September 26, 2023)
    A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to "Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government, (HackerNews)
  • Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers (Tuesday September 26, 2023)
    A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following responsible disclosure on September 6, (HackerNews)
  • Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals (Monday September 25, 2023)
    Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface," Securonix researchers Den (HackerNews)
  • Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks (Monday September 25, 2023)
    Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand.  On the other end of this fencing match: risk. From IP leakage and data privacy risks to the empowering of cybercriminals with AI tools, generative AI (HackerNews)
  • Are You Willing to Pay the High Cost of Compromised Credentials? (Monday September 25, 2023)
    Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them? 83% of compromised passwords would satisfy the password complexity and length requirements of compliance standards. That’s because bad actors already have access to billions of stolen credentials that can be used to compromise additional accounts by (HackerNews)
  • From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese (Monday September 25, 2023)
    Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed EvilBamboo to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy browser-based exploits against targeted users," Volexity security researchers Callum Roxan, Paul (HackerNews)
  • New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government (Monday September 25, 2023)
    An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims' machines, each cluster is characterized by distinct tools, modus operandi, and infrastructure," Palo Alto (HackerNews)
  • Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (Saturday September 23, 2023)
    Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET said in a new report shared with The Hacker News. "This combination (HackerNews)
  • New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware (Saturday September 23, 2023)
    The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the (HackerNews)
  • LastPass: ‘Horse Gone Barn Bolted’ is Strong Password (Friday September 22, 2023)
    The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. (KrebsOnSecurity)
  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks (Friday September 22, 2023)
    An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number," (HackerNews)
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results (Friday September 22, 2023)
    Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation.  This testing is critical for evaluating vendors because it’s virtually impossible to evaluate cybersecurity vendors based on their own (HackerNews)
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations (Friday September 22, 2023)
    Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential (HackerNews)
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (Friday September 22, 2023)
    Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647 (CVSS score: 7.5) - A deserialization (HackerNews)
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable (Friday September 22, 2023)
    Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a (HackerNews)
  • Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents (Thursday September 21, 2023)
    A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as a vehicle to deploy a novel implant called LuaDream. "The activities we (HackerNews)
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge (Thursday September 21, 2023)
    The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. "This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware's developers are operating at an extremely high development cadence," Cado Security researcher Matt Muir (HackerNews)
  • The Rise of the Malicious App (Thursday September 21, 2023)
    Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a “hub” app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the permission scopes that are granted to the third party apps, and the potential (HackerNews)
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers (Thursday September 21, 2023)
    China's Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries. In a message posted on WeChat, the government authority said U.S. intelligence agencies have "done everything possible" to conduct surveillance, secret theft, and intrusions on (HackerNews)
  • Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers (Thursday September 21, 2023)
    A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated (HackerNews)
  • Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (Thursday September 21, 2023)
    The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software," it said in an alert last week. "Only a small subset of users, specifically (HackerNews)
  • Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT (Thursday September 21, 2023)
    A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked (HackerNews)
  • Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (Wednesday September 20, 2023)
    Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. "The site operated as a hidden service in the encrypted TOR network," the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. "The site has been used in anonymous criminal activities such as narcotics trade." The agency (HackerNews)
  • Critical Security Flaws Exposed in Nagios XI Network Monitoring Software (Wednesday September 20, 2023)
    Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with (HackerNews)
  • Do You Really Trust Your Web Application Supply Chain? (Wednesday September 20, 2023)
    Well, you shouldn’t. It may already be hiding vulnerabilities. It's the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep their customers happy, but this chain of dependencies is also what makes them so vulnerable. Many of (HackerNews)
  • Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys (Wednesday September 20, 2023)
    Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, @am-fe/watermark-core, (HackerNews)
  • Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (Wednesday September 20, 2023)
    Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT. "Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity," enterprise security firm Proofpoint said in a report shared with The (HackerNews)
  • Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (Wednesday September 20, 2023)
    Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current (HackerNews)
  • GitLab Releases Urgent Security Patches for Critical Vulnerability (Wednesday September 20, 2023)
    GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to run pipelines as an arbitrary user via scheduled (HackerNews)
  • Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability (Wednesday September 20, 2023)
    Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that's bundled along with the software. The complete list of impacted (HackerNews)
  • Who’s Behind the 8Base Ransomware Website? (Tuesday September 19, 2023)
    The victim shaming website operated by the cybercriminals behind 8Base -- currently one of the more active ransomware groups -- was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website's code was written by a 36-year-old programmer residing in the capital city of Moldova. (KrebsOnSecurity)
  • FBI Hacker Dropped Stolen Airbus Data on 9/11 (Thursday September 14, 2023)
    In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle "USDoD" had infiltrated the FBI's vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors. (KrebsOnSecurity)
  • Adobe, Apple, Google & Microsoft Patch 0-Day Bugs (Tuesday September 12, 2023)
    Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. (KrebsOnSecurity)
  • Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach (Wednesday September 06, 2023)
    In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. (KrebsOnSecurity)
  • Why is .US Being Used to Phish So Many of Us? (Friday September 01, 2023)
    Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States. (KrebsOnSecurity)
  • U.S. Hacks QakBot, Quietly Removes Botnet Infections (Tuesday August 29, 2023)
    The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet's online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems. (KrebsOnSecurity)
  • Kroll Employee SIM-Swapped for Crypto Investor Data (Friday August 25, 2023)
    Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack targeting an employee of Kroll -- the company handling both firms' bankruptcy restructuring. (KrebsOnSecurity)
  • Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. (Tuesday August 22, 2023)
    In large metropolitan areas, tourists are often easy to spot because they're far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.