0 Comments
Jan 20, 2023Ravie LakshmananCyber War / Cyber Attack The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. “The Gamaredon group’s network infrastructure relies on multi-stage Telegram accounts for victim
0 Comments
WhatsApp has been hit with a €5.5m ($5.9m) fine for GDPR violations by Ireland’s Data Protection Commission (DPC). In addition to the fine, WhatsApp Ireland has been directed to bring its data processing operations into compliance within six months. The case showcased significant disagreements between European data protection authorities about the extent of WhatsApp’s liability.
0 Comments
Jan 20, 2023Ravie LakshmananNetwork Security / Mobile Hacking Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the
0 Comments
Hello, is it me you’re looking for? Fraudsters still want to help you fix a computer problem you never had in the first place. Tech support scammers have been offering bogus technical support services and “resolving” people’s non-existent problems with their devices or software for years. Using a range of tried-and-tested social engineering tricks, they’ve
0 Comments
Jan 20, 2023Ravie LakshmananFirewall / Network Security A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October
0 Comments
Summary In August 2022, Secureworks® Counter Threat Unit™ (CTU) researchers discovered a vulnerability in Azure Active Directory (Azure AD) that allowed a user to retain access to a targeted Security Assertion Markup Language (SAML) application after the user assignment was removed. Using a backdoor application that was given consent to access the SAML application, a
0 Comments
Jan 19, 2023Ravie LakshmananEmail Security / Security Breach Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. “The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained
0 Comments
The threat actor Vice Society has claimed responsibility for the ransomware attack against the University of Duisburg-Essen (UDE) in November 2022 and has reportedly published some stolen data on the dark web. UDE made the announcement over the weekend, saying the data publication resulted from the university not complying with the attackers’ ransom demands. At the
0 Comments
Jan 18, 2023Ravie LakshmananICS/SCADA Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via
0 Comments
by Paul Ducklin Another day, another series of cryptocurrency scams… …these, fortunately, brought to a halt, though sadly not before they’d defrauded “investors” around the globe to the tune of millions of dollars. According to Europol, 216 people were questioned in Bulgaria, Cyprus, Germany and Serbia; 15 have already been arrested; 22 searches were conducted,
0 Comments
Jan 17, 2023Ravie LakshmananSoftware Security / Supply Chain A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12)
0 Comments
Cisco has warned customers of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers. The security flaw (tracked CVE-2023-20025) has been found in the web-based management interface of Cisco Small Business (SMB) RV016, RV042, RV042G and RV082 routers provided by Hou Liuyang of Qihoo 360 Netlab. “[These vulnerabilities] could allow a remote
0 Comments
Jan 14, 2023Ravie LakshmananServer Security / Patch Management A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That’s according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be
0 Comments
Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes. Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have
0 Comments
Jan 14, 2023Ravie LakshmananDevOps / Data Security DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee’s laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company’s systems and data last month. The CI/CD service CircleCI said the “sophisticated attack” took place on December 16, 2022, and that
0 Comments
The pro-Russia hacktivist group known as NoName057(16) has recently started new attacks against organizations and businesses across Poland, Lithuania and other countries. Most recently, the group began targeting the websites of the Czech presidential election candidates. According to SentinelOne, who discovered the new campaigns, the group conducted these campaigns by using public Telegram channels, a distributed