Cybersecurity News
May 3rd, 2024 - Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of Data Members of an Iranian state hacking group have been observed posing as journalists and event organizers from The Washington Post, The Economist and other major news outlets as part of an effort to harvest credentials and hack into global cloud networks. Mandiant on Wednesday published a report on APT42, an Iranian threat actor that uses "enhanced social engineering schemes to gain access to victim networks, ... [Read More]
Source: govinfosecurity.com
May 3rd, 2024 - A new threat at a vast scale has just been revealed, and it impacts multiple Android apps with hundreds of millions of installs—here's what you need to know... Microsoft has discovered a serious new security vulnerability that impacts popular Android apps and puts billions of devices at risk. "The implications of this vulnerability pattern" its report warns, "include arbitrary code execution and token theft, depending on an application's implementation." The vulnerability relates to ... [Read More]
Source: forbes.com
May 2nd, 2024 - Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket, Alibaba Cloud and other cloud-based services. "With the stolen key material, the actor not only retrieves cloud resources associated with the targeted entity but gains a foothold into that cloud ecosystem, " Black Lotus Labs researchers noted. "To exfiltrate data, the threat actor first creates ... [Read More]
Source: helpnetsecurity.com
May 2nd, 2024 - Deserialization Vulnerability Allows for Remote Code Execution A high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who said they uncovered a deserialization flaw. CVE-2024-27322 . Kasimir Schulz, principal security researcher at HiddenLayer - which published Monday research detailing the vulnerability, told Information Security Media Group that no attacks have been reported and researchers were able to "catch up before anyone can ... [Read More]
Source: bankinfosecurity.com
May 1st, 2024 - US CISA Orders Federal Agencies to Apply January Patch The U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that the open-core company patched in January. The Cybersecurity and Infrastructure Security Agency on Wednesday added the vulnerability, tracked as , to its running list of hacker exploits. CISA gave federal agencies three weeks to ensure they've applied a patch and advised all GitLab customers to ensure they're ... [Read More]
Source: healthcareinfosecurity.com
Apr 30th, 2024 - The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG). UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. ... [Read More]
Source: techcrunch.com
Apr 29th, 2024 - North Korean Prediliction for Elaborate Social Engineering Attacks Strikes Again Likely North Korean threat actors are using fake job interviews to trick software developers into downloading disguised Python backdoors as part of an ongoing espionage campaign. The attackers construct fake job interview scenarios designed to appear legitimate and enticing to developers seeking employment opportunities. Once a victim has been lured in, the attackers instruct them to download seemingly harmless ... [Read More]
Source: cuinfosecurity.com
Apr 29th, 2024 - Credential-stuffing attack uses proxies to hide bad behavior. Authentication service Okta is warning about the "unprecedented scale" of an ongoing campaign that routes fraudulent login requests through the mobile devices and browsers of everyday users in an attempt to conceal the malicious behavior. The attack, Okta said, uses other means to camouflage the login attempts as well, including the TOR network and so-called proxy services from providers such as NSOCKS, Luminati, and DataImpulse, ... [Read More]
Source: arstechnica.com
Apr 29th, 2024 - As per recent media reports , certain government networks in Ukraine have been infected with the Offlrouter malware since 2015. The Offlrouter malware Ukraine has managed to escape detection for nearly a decade now. However, VBA macro malware has recently come under the radar of Cisco Talos. In the article, we will dive into the details of the Offlrouter malware Ukraine and what the threat implies for cybersecurity practices. Offlrouter Malware Ukraine: Initial Discovery Based on ... [Read More]
Source: securityboulevard.com
Apr 29th, 2024 - Identity and access management service provider Okta warned of what it described as an "unprecedented" surge in credential-stuffing attacks against online services. In an April 27 advisory , Okta said the increase in credential-stuffing attacks its threat researchers observed over the past month was facilitated by the broad availability of residential proxy services, "combo lists" of previously stolen credentials, and scripting tools. In a "small percentage" of cases, the attacks it observed ... [Read More]
Source: scmagazine.com
May 3rd, 2024 - Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of Data Members of an Iranian state hacking group have been observed posing as journalists and event organizers from The Washington Post, The Economist and other major news outlets as part of an effort to harvest credentials and hack into global cloud networks. Mandiant on Wednesday published a report on APT42, an Iranian threat actor that uses "enhanced social engineering schemes to gain access to victim networks, ... [Read More]
Source: govinfosecurity.com
May 3rd, 2024 - A new threat at a vast scale has just been revealed, and it impacts multiple Android apps with hundreds of millions of installs—here's what you need to know... Microsoft has discovered a serious new security vulnerability that impacts popular Android apps and puts billions of devices at risk. "The implications of this vulnerability pattern" its report warns, "include arbitrary code execution and token theft, depending on an application's implementation." The vulnerability relates to ... [Read More]
Source: forbes.com
May 2nd, 2024 - Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket, Alibaba Cloud and other cloud-based services. "With the stolen key material, the actor not only retrieves cloud resources associated with the targeted entity but gains a foothold into that cloud ecosystem, " Black Lotus Labs researchers noted. "To exfiltrate data, the threat actor first creates ... [Read More]
Source: helpnetsecurity.com
May 2nd, 2024 - Deserialization Vulnerability Allows for Remote Code Execution A high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who said they uncovered a deserialization flaw. CVE-2024-27322 . Kasimir Schulz, principal security researcher at HiddenLayer - which published Monday research detailing the vulnerability, told Information Security Media Group that no attacks have been reported and researchers were able to "catch up before anyone can ... [Read More]
Source: bankinfosecurity.com
May 1st, 2024 - US CISA Orders Federal Agencies to Apply January Patch The U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that the open-core company patched in January. The Cybersecurity and Infrastructure Security Agency on Wednesday added the vulnerability, tracked as , to its running list of hacker exploits. CISA gave federal agencies three weeks to ensure they've applied a patch and advised all GitLab customers to ensure they're ... [Read More]
Source: healthcareinfosecurity.com
Apr 30th, 2024 - The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG). UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. ... [Read More]
Source: techcrunch.com
Apr 29th, 2024 - North Korean Prediliction for Elaborate Social Engineering Attacks Strikes Again Likely North Korean threat actors are using fake job interviews to trick software developers into downloading disguised Python backdoors as part of an ongoing espionage campaign. The attackers construct fake job interview scenarios designed to appear legitimate and enticing to developers seeking employment opportunities. Once a victim has been lured in, the attackers instruct them to download seemingly harmless ... [Read More]
Source: cuinfosecurity.com
Apr 29th, 2024 - Credential-stuffing attack uses proxies to hide bad behavior. Authentication service Okta is warning about the "unprecedented scale" of an ongoing campaign that routes fraudulent login requests through the mobile devices and browsers of everyday users in an attempt to conceal the malicious behavior. The attack, Okta said, uses other means to camouflage the login attempts as well, including the TOR network and so-called proxy services from providers such as NSOCKS, Luminati, and DataImpulse, ... [Read More]
Source: arstechnica.com
Apr 29th, 2024 - As per recent media reports , certain government networks in Ukraine have been infected with the Offlrouter malware since 2015. The Offlrouter malware Ukraine has managed to escape detection for nearly a decade now. However, VBA macro malware has recently come under the radar of Cisco Talos. In the article, we will dive into the details of the Offlrouter malware Ukraine and what the threat implies for cybersecurity practices. Offlrouter Malware Ukraine: Initial Discovery Based on ... [Read More]
Source: securityboulevard.com
Apr 29th, 2024 - Identity and access management service provider Okta warned of what it described as an "unprecedented" surge in credential-stuffing attacks against online services. In an April 27 advisory , Okta said the increase in credential-stuffing attacks its threat researchers observed over the past month was facilitated by the broad availability of residential proxy services, "combo lists" of previously stolen credentials, and scripting tools. In a "small percentage" of cases, the attacks it observed ... [Read More]
Source: scmagazine.com
You May Also Like…
Understanding the SIG Questionnaire and The Importance of Vendor Risk Management
In today's interconnected business ecosystem, organizations increasingly rely on third-party vendors for essential services, from cloud computing and data processing to customer service and supply...
2023 Data Breach Prediction Results
Introduction In January of 2023, we published 50 Companies that will be Hacked in 2023 highlighting a redacted list of 50 organizations that we identified as likely to suffer a breach in 2023. With...
The Orrick Data Breach and the Importance of Vendor Risk Management
In March 2023, the international law firm Orrick, Herrington & Sutcliffe (“Orrick”) suffered a cyberattack, exposing the sensitive information of over 637,000 individuals. The impact of the...