Read more on Ivanti vulnerabilities: Bad news continues to pile up for Utah-based IT software provider Ivanti as a new vulnerability has been discovered in its products. On February 8, Ivanti disclosed a new authentication bypass vulnerability impacting its Connect Secure, Policy Secure, and ZTA gateways. This new vulnerability, identified as CVE-2024-22024, is the latest
Month: February 2024
Video Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI’s broader implications. Alžbeta Kovaľová 15 Feb 2024 Artificial intelligence (AI) is clearly the topic du jour as technologies that fall under the umbrella term of AI
Feb 16, 2024NewsroomRansomware / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it’s being likely exploited in Akira ransomware attacks. The vulnerability in question is
A recent study conducted by the FortiGuard team has shed light on a sophisticated malware distribution strategy observed throughout 2023. In a technical write-up published on Wednesday, the team identified a series of malware droppers dubbed the “TicTacToe dropper,” which were utilized to deliver various malicious payloads to victims. These droppers, designed to obscure the final-stage
Feb 15, 2024NewsroomMalware / Cyber Espionage The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in December 2023. “TinyTurla-NG, just like TinyTurla, is a small ‘last chance’ backdoor that is left behind to be used when all other
The Trend Micro Zero Day Initiative (ZDI) has recently unearthed a critical vulnerability, identified as CVE-2024-21412, which they’ve dubbed ZDI-CAN-23100. The flaw was reported to Microsoft as part of a Microsoft Defender SmartScreen bypass utilized in a complex zero-day attack chain orchestrated by the APT group known as Water Hydra (AKA DarkCasino). Their targets were
Digital Security As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern Phil Muncaster 13 Feb 2024 • , 5 min. read Fake news has dominated election headlines ever since it became a big story during the race for
Feb 14, 2024NewsroomArtificial Intelligence / Cyber Attack Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts
Southern Water has confirmed that personal data of both customers and employees has been accessed in a recent ransomware attack. The UK water supplier revealed that it plans to notify 5-10% of its customer base to inform them that their personal information has been impacted. With the firm serving around 4.6 million customers in Southern
Feb 13, 2024NewsroomCryptocurrency / Rootkit The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. “This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that
An Islamic charitable non-profit organization based in Saudi Arabia has been the target of a prolonged cyber-espionage campaign. The campaign began in May 2023 and involved sophisticated tactics employed by an unidentified threat actor. According to a new advisory by cybersecurity firm Talos, the attackers, whose initial access vector remained undisclosed, used malware dubbed “Zardoor” to
Feb 12, 2024NewsroomVulnerability / Data Recovery Cybersecurity researchers have uncovered an “implementation vulnerability” that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). “Through a comprehensive analysis
Linux developers have addressed a new security flaw discovered in Shim, a component crucial for the boot process in Linux-based systems. This vulnerability poses a significant risk by allowing the installation of malware that operates at the firmware level (secure boot bypass), presenting challenges for detection and removal. Tracked as CVE-2023-40547, the flaw has been
Feb 11, 2024NewsroomMalware / Cybercrime The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and three others – were “used to sell computer malware used by cybercriminals to secretly access and steal data from
February 2024 marks 20 years of Facebook’s existence. Despite the brand being well established worldwide and in our day to day lives, only 6% of people trust it and other social media companies with their personal data. In a survey of 12,000 people across the globe, the Thales 2024 Digital Trust Index found that trust in social media
Video, Ransomware Called a “watershed year for ransomware”, 2023 marked a reversal from the decline in ransomware payments observed in the previous year 09 Feb 2024 Ransomware payments in 2023 reached a record-breaking $1.1 billion in 2023, according to an analysis by Chainalysis, a blockchain research firm. Calling 2023 a “watershed year for ransomware”, Chainalysis
Feb 10, 2024NewsroommacOS Malware / Cyber Threat Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, codenamed RustDoor by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures. The exact initial
The US Federal Communications Commission (FCC) has introduced a ban on robocalls that contain voices generated by AI to protect US voters from spamming ahead of the November presidential election. Callers must obtain prior express consent from the called party before making a call that utilizes artificial or pre-recorded voice simulated or generated through AI
Business Security Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses? Phil Muncaster 08 Feb 2024 • , 5 min. read Cybersecurity is finally becoming a board-level issue. That’s as
Feb 09, 2024NewsroomMalware / Dark Web The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that “Raspberry Robin has access to an exploit seller or its authors develop the
Raspberry Robin, a malware initially identified in 2021, has demonstrated remarkable adaptability and sophistication in its recent operations, according to a new report. The findings come from Check Point researchers, who published a new analysis on Wednesday revealing unique and innovative methods employed by the malware, including exploiting vulnerabilities to gain higher privileges. According to
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam. “Volt Typhoon’s choice of
The threat actors behind the KV-botnet made “behavioral changes” to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert
Malware-as-a-Service (MaaS) infections were the biggest threat to organizations in the second half of 2023, according to a new Darktrace report. The 2023 End of Year Threat Report highlighted the cross-functional adaption of many of the malware strains. This includes malware loaders like remote access trojans (RATs) being combined with information-stealing malware. Through reverse engineering
Feb 06, 2024NewsroomSocial Engineering / Malvertising Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. “This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors,” Trustwave SpiderLabs said
The Pennsylvania Courts system has been hit by a cyber-attack, taking down parts of its website. The Administrative Office of Pennsylvania Courts revealed via social media that the service had suffered a denial of service (DoS) attack. The statement noted that court web systems such as PACFile, the use of online docket sheets and the
Scams With Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heart Imogen Byers 05 Feb 2024 • , 7 min. read Online dating has revolutionized how people connect and find love. Now, any of us can flick through an online catalog of potential love
Feb 05, 2024NewsroomCryptocurrency / Financial Fraud A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was extradited to the U.S. If convicted, he faces
Cloudflare has revealed its systems were compromised on Thanksgiving last year, leading to source code being accessed by threat actors. The IT service provider believes the attack, which took place on November 23, 2023, was perpetrated by a nation-state actor, who used credentials stolen during a breach of identity and access management (IAM) specialist Okta.
Feb 03, 2024NewsroomVulnerability / Social Media The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. “Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account,” the maintainers said in a terse advisory. The vulnerability, tracked