Cybersecurity Center

Cybersecurity News

  • TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign (Monday September 09, 2024)
    A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is espionage-driven given the focus on military-related industry chains. The exact initial access vector used (HackerNews)
  • U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (Monday September 09, 2024)
    The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155). "These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm (HackerNews)
  • North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (Saturday September 07, 2024)
    Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector. "After an initial chat conversation, the attacker sent a ZIP file that contained (HackerNews)
  • FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals (Saturday September 07, 2024)
    Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire (HackerNews)
  • SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation (Friday September 06, 2024)
    SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management (HackerNews)
  • GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (Friday September 06, 2024)
    A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances. In (HackerNews)
  • GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code (Friday September 06, 2024)
    Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com). Adversaries targeting open-source repositories across (HackerNews)
  • The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025 (Friday September 06, 2024)
    The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However, (HackerNews)
  • Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (Friday September 06, 2024)
    Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an (HackerNews)
  • Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution (Friday September 06, 2024)
    A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid (HackerNews)
  • Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity (Friday September 06, 2024)
    Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed (HackerNews)
  • Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (Thursday September 05, 2024)
    Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky (HackerNews)
  • Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (Thursday September 05, 2024)
    Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1 (HackerNews)
  • U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown (Thursday September 05, 2024)
    The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design Agency (SDA), (HackerNews)
  • NIST Cybersecurity Framework (CSF) and CTEM – Better Together (Thursday September 05, 2024)
    It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally (HackerNews)
  • Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore (Thursday September 05, 2024)
    Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed (HackerNews)
  • New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (Thursday September 05, 2024)
    The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems. "KTLVdoor is a highly obfuscated malware that (HackerNews)
  • Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (Thursday September 05, 2024)
    Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account (HackerNews)
  • North Korean Hackers Targets Job Seekers with Fake FreeConference App (Wednesday September 04, 2024)
    North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for (HackerNews)
  • Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw (Wednesday September 04, 2024)
    Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the NIST National (HackerNews)
  • Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack (Wednesday September 04, 2024)
    A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in "hundreds of thousands" of malicious package (HackerNews)
  • The New Effective Way to Prevent Account Takeovers (Wednesday September 04, 2024)
    Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, "Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them" argues that the (HackerNews)
  • Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers (Wednesday September 04, 2024)
    Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection. "The improper neutralization of special elements in the (HackerNews)
  • Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database (Wednesday September 04, 2024)
    The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an "illegal database with billions of photos of faces," including those of Dutch citizens. "Facial recognition is a highly intrusive technology that you (HackerNews)
  • Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (Wednesday September 04, 2024)
    A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers (HackerNews)
  • Sextortion Scams Now Include Photos of Your Home (Tuesday September 03, 2024)
    An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more frightening and convincing. (KrebsOnSecurity)
  • Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus (Tuesday September 03, 2024)
    A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which (HackerNews)
  • New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems (Tuesday September 03, 2024)
    Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity (HackerNews)
  • Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users (Tuesday September 03, 2024)
    Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks," Dutch security company ThreatFabric said. "Finally, it can use all this exfiltrated (HackerNews)
  • Secrets Exposed: Why Your CISO Should Worry About Slack (Tuesday September 03, 2024)
    In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is (HackerNews)
  • New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access (Tuesday September 03, 2024)
    Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework. "If successful, the adversary could gain any privileges already granted to the affected (HackerNews)
  • Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt (Tuesday September 03, 2024)
    A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud. He was (HackerNews)
  • Owners of 1-Time Passcode Theft Service Plead Guilty (Monday September 02, 2024)
    Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target’s phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account. (KrebsOnSecurity)
  • RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors (Monday September 02, 2024)
    Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, (HackerNews)
  • Webinar: Learn to Boost Cybersecurity with AI-Powered Vulnerability Management (Monday September 02, 2024)
    The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That's where Artificial Intelligence (AI) comes in. AI isn't just a buzzword; it's a game-changer for vulnerability management. AI is poised to revolutionize vulnerability (HackerNews)
  • Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities (Monday September 02, 2024)
    The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate (HackerNews)
  • Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems (Monday September 02, 2024)
    Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. "By mimicking the popular 'noblox.js' library, attackers have published dozens of packages designed to steal sensitive data and compromise systems," Checkmarx (HackerNews)
  • North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (Saturday August 31, 2024)
    A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which has made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months. (HackerNews)
  • Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (Friday August 30, 2024)
    Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that's equipped to (HackerNews)
  • Iranian Hackers Set Up New Network to Target U.S. Political Campaigns (Friday August 30, 2024)
    Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a hacking group it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm ( (HackerNews)
  • Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals (Friday August 30, 2024)
    The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of (HackerNews)
  • New Malware Masquerades as Palo Alto VPN Targeting Middle East Users (Friday August 30, 2024)
    Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool. "The malware can execute remote PowerShell commands, download and exfiltrate files, encrypt communications, and bypass sandbox solutions, representing a significant threat to (HackerNews)
  • North Korean Hackers Target Developers with Malicious npm Packages (Friday August 30, 2024)
    Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named temp-etherscan-api, ethersscan-api, telegram-con, helmet-validate, and (HackerNews)
  • SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (Friday August 30, 2024)
    A comprehensive guide authored by Dean Parsons, SANS Certified Instructor and CEO / Principal Consultant of ICS Defense Force, emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the (HackerNews)
  • New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads (Friday August 30, 2024)
    Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report. The (HackerNews)
  • Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns (Friday August 30, 2024)
    Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes, (HackerNews)
  • Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32 (Thursday August 29, 2024)
    A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster tracked as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is (HackerNews)
  • Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (Thursday August 29, 2024)
    Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement (HackerNews)
  • U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks (Thursday August 29, 2024)
    U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to (HackerNews)
  • How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (Thursday August 29, 2024)
    Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, we’re going to look at what AitM phishing (HackerNews)
  • Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks (Thursday August 29, 2024)
    A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE)," Akamai researchers Kyle (HackerNews)
  • French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform (Thursday August 29, 2024)
    French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized (HackerNews)
  • When Get-Out-The-Vote Efforts Look Like Phishing (Wednesday August 28, 2024)
    Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign. (KrebsOnSecurity)
  • New 0-Day Attacks Linked to China’s ‘Volt Typhoon’ (Tuesday August 27, 2024)
    Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China. (KrebsOnSecurity)
  • Local Networks Go Global When Domain Names Collide (Friday August 23, 2024)
    The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here's a look at one security researcher's efforts to map and shrink the size of this insidious problem. (KrebsOnSecurity)
  • National Public Data Published Its Own Passwords (Monday August 19, 2024)
    New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today. (KrebsOnSecurity)
  • NationalPublicData.com Hack Exposes a Nation’s Data (Thursday August 15, 2024)
    A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We'll also take a closer look at the data broker that got hacked -- a background check company founded by an actor and retired sheriff's deputy from Florida. (KrebsOnSecurity)
  • Six 0-Days Lead Microsoft’s August 2024 Patch Push (Tuesday August 13, 2024)
    Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. (KrebsOnSecurity)
  • Cybercrime Rapper Sues Bank over Fraud Investigation (Wednesday August 07, 2024)
    In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade's social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Now the Kentucky native is suing his financial institution after it blocked a $75,000 wire transfer and froze his account, citing an active law enforcement investigation. (KrebsOnSecurity)
  • Low-Drama ‘Dark Angels’ Reap Record Ransoms (Monday August 05, 2024)
    A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn't get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim's operations. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.