Cyber intrusions affecting telecom providers previously attributed to the Chinese hacking group LightBasin (UNC1945) are now believed to come from another Chinese-sponsored group, according to CrowdStrike. In a November 19 testimony in front of the US Senate Judiciary Subcommittee on Privacy, Technology, and the Law, Adam Meyers, CrowdStrike Senior Vice President of Counter Adversary Operations,
Month: November 2024
Nov 20, 2024Ravie LakshmananPayment Security / Cybercrime Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple
Palo Alto Networks has released a security patch to fix a critical vulnerability in instances of its firewall management interfaces. The security vendor disclosed the flaw on November 8 and later confirmed evidence of in-the-wild exploitation. It was initially tracked by Palo Alto as PAN-SA-2024-0015. It has now been allocated a common vulnerabilities and exposures
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. “At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers
A new phishing campaign is luring victims with a fake story about an attempt on President-elect Donald Trump’s life. While there have been real assassination attempts against Trump, this one is fake news. The story, which implies it is from the New York Times (NYT), describes Trump in a critical condition after being shot by
According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year’s report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects
Attack surface management provider watchTowr claims to have found a new zero-day vulnerability in cybersecurity provider Fortinet’s products. This flaw would allow a managed FortiGate device to elevate privileges and seize control of the FortiManager instance. This new vulnerability is similar to a previous flaw discovered in October, CVE-2024-47575, also known as “FortiJump.” Researchers at watchTowr
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind
The hacker behind one of the largest cryptocurrency heists in history will spend five years in a US prison. US resident Ilya Lichtenstein, 35, was sentenced on November 14 to five years in jail after he hacked into Bitfinex, one of the largest cryptocurrency exchange platforms, in 2016. Lichtenstein stole 120,000 bitcoins and started laundering the
Nov 16, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from
An unauthenticated remote command execution (RCE) vulnerability against Palo Alto Networks’ internet-exposed firewall management interfaces is actively being exploited, according to the cybersecurity provider. On November 8, Palo Alto published a security advisory to warn of a zero-day vulnerability affecting some of its PAN-OS firewall management interfaces. The flaw is an unauthenticated RCE vulnerability affecting
Nov 15, 2024Ravie LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have disclosed two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. “By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to
China-affiliated hackers have compromised US officials’ data through a large-scale hack on telecommunications providers, according to the US government. The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory on November 13 in which they shared more details on what they called “a broad and significant cyber espionage campaign.” They
Nov 14, 2024Ravie LakshmananArtificial Intelligence / Cryptocurrency Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. “Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users,” Laurie Richardson, VP and
A threat actor who posted 2.8 million lines of Amazon employee data last week has taken to the dark web to claim they are doing so to raise awareness of poor security practice. The individual, who goes by the online moniker “Nam3L3ss,” claimed in a series of posts to have obtained data from 25 organizations
Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker’s inner workings, allowing the researchers to discover a “specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted disks.” ShrinkLocker
Most enterprise security leaders are now turning to personal indemnity insurance to mitigate mounting breach risks and boardroom pressure, according to Panaseer. The continuous controls monitoring specialist interviewed 400 CISOs and similar in US and UK organizations in order to compile its Panaseer 2025 Security Leaders Report. It revealed that 61% of organizations suffered a
Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and
Italy has led a simulation exercise to test EU institutions’ preparedness to handle large-scale cyber-attacks. This annual drill, the Blueprint Operational Level Exercise (Blue OLEx), involves senior cybersecurity officials from EU member states and the Commission, with the support of EU The exercise helps cybersecurity leaders identify areas for improvement in the standardized way of
Nov 11, 2024Ravie LakshmananCybersecurity / Hacking News ⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers
A notorious North Korean affiliated threat actor is targeting crypto firms using multi-stage malware and a novel persistence mechanism, SentinelLabs has reported. The campaign, dubbed ‘Hidden Risk’, is assessed with high confidence to be perpetrated by the BlueNoroff advanced persistent threat (APT) group, known for financially-motivated attacks. It is designed to target macOS devices. The
Nov 09, 2024Ravie LakshmananCryptocurrency / Cybercrime The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier
Russian-associated cyber-attacks on South Korea have ramped up following the deployment of North Korean troops in Ukraine, South Korea’s President’s Office has warned. The activity by pro-Kremlin groups has primarily been distributed denial-of-service (DDoS) attacks against government websites and private companies, which the Seoul government is actively responding to. The President’s Office said that access
On October 28th, 2024, the Dutch National police, alongside the FBI, Eurojust, and several other law enforcement organizations, performed a takedown of the infamous RedLine Stealer malware-as-a-service (MaaS) operation, and its clone called META Stealer. This global effort, named Operation Magnus, resulted in the takedown of three servers in the Netherlands, the seizure of two
Nov 09, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management
A ransomware attack has significantly disrupted the operations of a key supplier to the US oil industry. In a regulatory filing sent to the US Securities and Exchange Commission (SEC) on November 7, Texan company Newpark Resources said an unauthorized third party gained access to some of its internal information systems on October 29, an
ESET Research, Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024 Jean-Ian Boutin 07 Nov 2024 • , 3 min. read ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented
Nov 08, 2024Ravie LakshmananCyber Espionage / Threat Intelligence High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer
The UK’s data protection regulator has warned AI recruitment tool providers to better protect job seekers’ data rights, mitigating discrimination and other privacy concerns. AI is increasingly being used by recruitment companies to make their processes more efficient, such as helping to source potential candidates, summarize CVs and score applicants. However, an audit by the
We Live Science The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversity 06 Nov 2024 Renowned ethologist and conservationist Jane Goodall offers a sobering, but hopeful reflection on the precarious state of our planet.