Security

A significant botnet campaign leveraging a new variant of the infamous Mirai malware, dubbed Murdoc_Botnet, has been observed targeting AVTECH cameras and Huawei HG532 routers, exploiting known vulnerabilities to infect devices and establish a vast network for malicious activities. Identified by researchers at Qualys, the Murdoc_Botnet campaign uses exploits such as CVE-2024-7029 and CVE-2017-17215 to

Hewlett Packard Enterprise (HPE) has launched an investigation into claims by prominent hacker, IntelBroker, who alleges to have stolen sensitive data from the tech giant. The hacker announced on January 16 on BreachForums that they are selling files purportedly taken from HPE systems. The data allegedly includes source code for products like Zerto and iLO, private

Russian nation-state group Star Blizzard has been targeting WhatsApp accounts, with the group shifting its focus following a law enforcement takedown of its infrastructure. Microsoft Threat Intelligence observed Star Blizzard undertake a social engineering campaign in mid-November 2024. This new campaign aimed to compromise the WhatsApp accounts of individuals working in government and other policy-related

Notorious North Korea state-sponsored Lazarus group is targeting software developers in an ongoing campaign, researchers from SecurityScorecard have revealed. The campaign, dubbed ‘Operation 99’, was identified on January 9. It is designed to steal sensitive data from developer environments, including source code, secrets and configuration files and cryptocurrency wallet keys. The researchers said the campaign

Latest action by the US Supreme Court has inched social media giant TikTok towards an outright ban in the US unless the platform is sold to a US firm.   On January 17, the US Supreme Court rejected a free speech challenge filed by ByteDance, the Chinese owner of TikTok, over a bill requiring ByteDance

Real estate scams have been rising across the Middle East as scammers exploit the trust associated with online listings and the urgency often felt when securing a property.  With the increasing use of digital platforms for property searches, many users skip essential verification steps, leaving them vulnerable to fraudsters. Group-IB’s latest analysis, published today, highlights

A new initiative aimed at improving collaboration on artificial intelligence (AI) cybersecurity across critical infrastructure has been introduced by the Cybersecurity and Infrastructure Security Agency (CISA) in the US. The JCDC AI Cybersecurity Collaboration Playbook provides detailed guidance for AI developers, providers and adopters on voluntarily sharing cybersecurity information with CISA and its Joint Cyber

The Biden-Harris Administration has introduced a new Interim Final Rule on Artificial Intelligence Diffusion aimed at enhancing US national security and preventing the misuse of advanced US technology by countries of concern. The rule strengthens protections against misuse of advanced AI technologies by countries of concern. Measures defined in the new rule include: Continuing restrictions on

A cyber-espionage campaign targeting diplomatic entities in Kazakhstan and Central Asia has been linked to the Russia-aligned intrusion setUAC-0063. According to recent findings by cybersecurity firm Sekoia, the campaign involved weaponized Microsoft Word documents designed to deliver HatVibe and CherrySpy malware, collecting strategic intelligence on Kazakhstan’s diplomatic and economic relations. Infection Chain and Malware Analysis Sekoia’s

US dental and medical billing firm Medusind is notifying over 360,000 customers that their personal, financial and medical data may have been accessed by a cybercriminal actor. The breach relates to a cyber incident that took place back on December 29, 2023, and was discovered later the same day. After taking affected systems offline, Medusind

A large-scale cyber-attack originating from outside Slovakia’s borders has hit the information system of the Office of Geodesy, Cartography and Cadastre of the Slovak Republic (UGKK). The UGKK is used by the cadastral departments to record and manage information about land and property. All systems have been shut down as a response to the incident.

Cybercriminals are impersonating CrowdStrike recruiters to distribute a cryptominer on victim devices. CrowdStrike said it identified phishing campaign exploiting its recruitment branding on January 7. The campaign starts with a phishing email, which purports to part of the cybersecurity firm’s recruitment process. The email invites the target to schedule an interview for a junior developer

Two significant security vulnerabilities have been identified in the Fancy Product Designer premium plugin, which allows the customization of WooCommerce products. The issues remain unpatched in the latest version, 6.4.3, affecting WordPress websites using the plugin. The plugin, developed by Radykal, has over 20,000 sales and enables extensive product customization. However, Patchstack researchers discovered two

The US has launched a Cyber Trust Mark for Internet of Things (IoT) devices, enabling consumers to easily assess the cybersecurity standards of such products when making purchasing decisions. Consumer smart device manufacturers that qualify for the Cyber Trust Mark will soon able to display a trademarked, distinct shield logo on their products. This will

Security researchers have identified multiple attack scenarios targeting MLOps platforms like Azure Machine Learning (Azure ML), BigML and Google Cloud Vertex AI, among others. According to a new research article by Security Intelligence, Azure ML can be compromised through device code phishing, where attackers steal access tokens and exfiltrate models stored in the platform. This

A supply chain attack targeting key components of the Ethereum development ecosystem has affected the Nomic Foundation and Hardhat platforms. The attackers infiltrated the ecosystem using malicious npm packages, exfiltrating sensitive data such as private keys, mnemonics and configuration files. Attack Details and Methodology This attack, discovered by Socket, involves the distribution of 20 malicious

The co-founder and former CEO of a cryptocurrency business has been extradited to the US to face fraud charges. South Korean national Do Hyeong Kwon, 33, appeared in a Manhattan court on Thursday after being extradited from Montenegro on Tuesday. Between 2018 and 2022, he is accused of defrauding investors in Terraform cryptocurrencies, resulting in

Atos Group has refuted a recent claim by ransomware group Space Bears that the firm’s database had been compromised by the threat actors. In a statement issued on January 3, the French IT giant said that the allegations made by Space Bears were unfounded. “No infrastructure managed by Atos was breached, no source code accessed,

The US government has issued sanctions against a China-based cybersecurity company for its involvement in a large-scale botnet targeting American organizations, including critical infrastructure. Beijing-based Integrity Technology Group has been accused of playing a role in multiple computer intrusion incidents that have been attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has

A groundbreaking malware disinfection campaign targetingthe PlugX worm has been executed with the collaboration of international authorities. Led by the Sekoia Threat Detection & Research team, the operation disinfected compromised systems across multiple countries. The PlugX worm, often linked toMustang Panda, can spread through infected flash drives, making it highly pervasive. After gaining control of

Interpol has claimed success with a new online operation designed to uncover human trafficking victims and facilitators operating in South America and Europe. The policing group teamed up with inter-governmental body the Organization for Security and Co-operation in Europe (OSCE), in response to a growing and concerning trend. Victims are lured by fake or deceptive

A series of high-profile compromises targeting popular open source packages have been uncovered, exposing the growing risk of malicious code infiltration in widely used software tools.  Threat actors implanted cryptomining malware in packages associated with rspack, a JavaScript bundler, and vant, a Vue UI library for mobile web apps. Together, these tools see hundreds of

More than two-thirds (69%) of UK small and medium enterprises (SMEs) lack a cybersecurity policy, according to figures from specialist insurance firm Markel Direct. The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies. This included 43% admitting that their employees are not trained on best practices and

A series of critical vulnerabilities affecting the widely used WPLMS and VibeBP plugins for WordPress have been identified by security researchers. These plugins are essential components of the WPLMS premium LMS theme, which counts over 28,000 sales. They are primarily used for creating online courses, managing students and selling educational content. The vulnerabilities, now patched,

Security researchers have urged customer-facing businesses to improve their verification checks after discovering a large-scale identity farming operation on the dark web. The unnamed underground group compiled a large collection of identity documents and corresponding facial images in a bid to trick Know Your Customer (KYC) verification checks, according to IProov’s Biometric Threat Intelligence service.

The past year marked a year of “growth and transition” for the US Cybersecurity and Infrastructure Security Agency (CISA), according to its departing Director, Jen Easterly. In the foreword of the Agency’s 2024 Year in Review, Easterly’s final report before she steps down in January, she highlighted how CISA has focused on “working collaboratively to

The Lumma Stealer infostealer malware is increasingly sought after by cybercriminals, according to cybersecurity firm ESET which reported a 369% surge in detections in its telemetry in the second half of 2024. Lumma Stealer first appeared in the wild in 2022, eventually appearing on the list of top ten infostealers detected by ESET products in

A controversial Israeli spyware maker has been found liable for the compromise of hundreds of WhatsApp users, in a historic US court ruling. Judge Phyllis Hamilton said on Friday that NSO Group broke state and federal laws and WhatsApp’s terms of service, by using zero-day exploits in the popular messaging tool to deploy its Pegasus

US and Japanese authorities have attributed a major cryptocurrency heist worth $308m to North Korean hackers. An alert from the FBI, Department of Defense Cyber Crime Center and National Police Agency of Japan said the May 2024 theft from Japan-based crypto firm DMM was carried out by a North Korean threat group tracked as TraderTraitor,

Around 5.6 million individuals have had their sensitive personal, medical and financial information breached as a result of a ransomware attack on US healthcare giant Ascension. The company shared the extent of the data breach in a filing to the Office of the Maine Attorney General on December 19. Following an investigation, Ascension discovered that