Tag: hacker
-
IT pros say hackers could compromise device supply chain, firmware security
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/it-pros-say-hackers-could-compromise-device-supply-chain-firmware-security
-
Chinese hacker compromised 81K devices via zero-day in Sophos software
First seen on scworld.com Jump to article: www.scworld.com/news/chinese-hacker-compromised-81k-devices-via-zero-day-in-sophos-software
-
New Malware Framework Targets Cleo File Systems
by
in SecurityNewsPossible Long-Term Attack by Unknown Hackers Thwarted. Hackers exploiting flaws in Cleo Communications software instances had intimate knowledge of their internals and deployed a previously unknown family of malware, security researchers from Huntress said Thursday. Cleo published a patch Wednesday evening. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-malware-framework-targets-cleo-file-systems-a-27045
-
NY Health Group Fined $550K in Unpatched Vulnerability Hack
by
in SecurityNewsAG Says HealthAlliance Tried But Failed to Fix Zero-Day Flaw That Led to Exploit. New York State has levied a $550,000 fine against a healthcare group that tried – but failed – to patch a critical zero-day vulnerability in a Citrix NetScaler appliance used for telemedicine. Hackers exploited the flaw, stealing 196 gigabytes of data…
-
Europol shutters 27 DDoS sites in major crackdown
by
in SecurityNews
Tags: attack, crime, cybercrime, ddos, defense, finance, hacker, infrastructure, international, iot, network, vulnerabilityEuropol has announced that it has carried out a major crackdown on cybercriminal actors in cooperation with the police authorities in 15 countries as part of an ongoing international crackdown known as PowerOFF.Included in the effort are the Australian Federal Police, the UK’s National Crime Agency, and the US Department of Justice, Federal Bureau of Investigation, Homeland…
-
Hackers Exploiting Cleo Software Zero-Day
by
in SecurityNewsAttackers Target Managed File Transfer Software Vulnerabilities. File transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn’t fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files. First seen on govinfosecurity.com Jump to article:…
-
MOVEit Repackaged and Recycled
The largest repackage and re-post of an old leak In November 2024, a hacker known as “Nam3L3ss” allegedly released previously undisclosed data from the MOVEit breach in May 2023. This leak consisted of millions of records, including sensitive employee and big brand corporate information, significantly escalating the breach’s impact. Digging into this story reveals that……
-
Cultivating a Hacker Mindset in Cybersecurity Defense
by
in SecurityNewsSecurity isn’t just about tools, it’s about understanding how the enemy thinks and why they make certain choices. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cultivating-hacker-mindset-cybersecurity-defense
-
Why did China hack the world’s phone networks?
by
in SecurityNews
Tags: access, breach, china, communications, cyberattack, cybercrime, cybersecurity, government, group, hacker, Internet, microsoft, network, phone, service, technologySalt Typhoon breached dozens of telecoms around the world<ul><li><a href=”https://www.theguardian.com/info/2022/sep/20/sign-up-for-the-techscape-newsletter-our-free-technology-email”>Don’t get TechScape delivered to your inbox? Sign up here</li></ul>Chinese hackers <a href=”https://www.theguardian.com/technology/2024/dec/04/chinese-hackers-american-cell-phones”>have breached dozens of telecommunications companies around the world. The breach, christened Salt Typhoon by Microsoft cybersecurity researchers, has afforded the cybercriminals unprecedented access not only to information on who has been texting or…
-
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug
The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-hacker-pwns-81k-sophos-devices-with-zero-day-bug
-
Triad Nexus, Chinese Hackers Using 200,000 Domains For Widespread Cyber Attack
by
in SecurityNewsResearchers identified FUNNULL, a Chinese CDN, as hosting malicious content, which includes fake trading apps for financial fraud, gambling sites likely used for money laundering, and phishing login pages targeting luxury brands. The gambling sites use algorithmically generated domains and Tether cryptocurrency, possibly to bypass blocking and facilitate cross-border money flows. FUNNULL acquired polyfill.io, a…
-
Researchers find security flaws in Skoda cars that may let hackers remotely track them
by
in SecurityNewsSecurity researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors to remotely trigger certain controls and track the cars’ location in real time. PCAutomotive, a cybersecurity firm specializing in the automotive sector, unveiled 12 new security vulnerabilities impacting the latest model of the Skoda Superb…
-
Smashing Security podcast #397: Snowflake hackers, and under the influence
by
in SecurityNewsA Canadian man is arrested in relation to the Snowflake hacks from earlier this year – after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-397/
-
Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach
by
in SecurityNewsByte Federal, one of the largest Bitcoin ATM operators in the U.S., said the personal data of thousands of customers may have been compromised during a recent breach. In a filing with Maine’s attorney general, Florida-based Byte Federal said hackers tried to access the data of 58,000 customers, including names, addresses, phone numbers, government-issued IDs,…
-
CVE-2020-12271 Exploited: FBI Seeks Chinese Hacker Behind 81,000 Device Breach
by
in SecurityNewsThe US Department of Justice announced the unsealing of an indictment against Guan Tianfeng, a Chinese national associated with Sichuan Silence Information Technology Co. Ltd., for his alleged role in... First seen on securityonline.info Jump to article: securityonline.info/cve-2020-12271-exploited-fbi-seeks-chinese-hacker-behind-81000-device-breach/
-
North Korean hackers behind $50 million crypto heist of Radiant Capital
by
in SecurityNewsResearchers attributed the attack on the cryptocurrency platform to a group housed within North Korea’s Reconnaissance General Bureau (RGB).]]> First seen on therecord.media Jump to article: therecord.media/radiant-capital-heist-north-korea
-
Hunk Companion WordPress plugin exploited to install vulnerable plugins
by
in SecurityNewsHackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/
-
Ransomware Hackers Exploiting Cleo Software Zero-Day
by
in SecurityNews
Tags: attack, communications, exploit, flaw, hacker, ransomware, software, update, vulnerability, zero-dayAttackers Target Managed File Transfer Software Vulnerabilities. File transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn’t fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files. First seen on govinfosecurity.com Jump to article:…
-
Russian cyber spies hide behind other hackers to target Ukraine
by
in SecurityNewsRussian cyber-espionage group Turla, aka “Secret Blizzard,” is utilizing other threat actors’ infrastructure to target Ukrainian military devices connected via Starlink. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-cyber-spies-hide-behind-other-hackers-to-target-ukraine/
-
Cardiac surgery device manufacturer falls prey to ransomware
by
in SecurityNews
Tags: attack, breach, business, cyber, cyberattack, cybercrime, data, group, hacker, healthcare, ransom, ransomware, service, supply-chainThe healthcare industry has been increasingly in the crosshairs of cyberattackers this year, with ransomware near the top of the sector’s biggest cyber threats. Hackers are attacking IT systems and personal data, among other things, with the aim of manipulation or theft. But it’s not just hospitals that are affected by cyberattacks; their suppliers are under attack as well.…
-
Multiple Cleo file transfer products being exploited by hackers
by
in SecurityNewsThe vulnerability, CVE-2024-50623, was recently patched by software developer Cleo and affects the company’s LexiCom, VLTransfer and Harmony products. However, researchers at cybersecurity firm Huntress say the patch “does not mitigate the software flaw.”]]> First seen on therecord.media Jump to article: therecord.media/multiple-cleo-file-transfer-products-exploited-by-hackers
-
Wyden proposes bill to secure US telecoms after Salt Typhoon hacks
by
in SecurityNewsU.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wyden-proposes-bill-to-secure-us-telecoms-after-salt-typhoon-hacks/
-
OpenWrt Update Flaw Exposed Devices to Malicious Firmware
by
in SecurityNewsEmbedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check. A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143. First seen on…
-
US Indicts, Sanctions Alleged Chinese Sophos Firewall Hacker
by
in SecurityNewsTianfeng Guan Allegedly Developed Zero-Day Exploit of Sophos XG Firewall. The U.S. federal government rolled out its heavy guns Tuesday against a Chinese hacker allegedly at the center of a zero-day exploit used to hack firewalls made by Sophos, unsealing an indictment, rolling out sanctions and offering $10 million for information leading to the suspect’s…
-
Romanian energy supplier Electrica hit by ransomware
by
in SecurityNews
Tags: attack, ceo, cyberattack, cybersecurity, election, group, hacker, identity, infrastructure, ransomware, russiaFirst, the Romanian presidential election was annulled after being targeted with cyberattacks from foreign state-sponsored actors and a suspected Russian-controlled massive TikTok influence campaign. Now the Electrica Group, a major electricity provider with 3.8 million customers in Romania, has fallen victim to a ransomware attack.The company told investors on Dec. 9 that it is working with national cybersecurity authorities…
-
Black Hat: Latest news and insights
by
in SecurityNewsThe infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments,…
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets
Researchers found a way to disrupt AMD server hardware using $10 worth of off-the-shelf items. The company has issued a firmware update. There’s no evidence of exploitation in the wild. ]]> First seen on therecord.media Jump to article: therecord.media/amd-security-flaw-badram