Recent Security News
-
Mysterious ‘MMS Fingerprint’ Hack Used by Spyware Firm NSO Group Revealed
February 16, 2024 at 10:03AM A contract between NSO Group and Ghana’s telecom regulator suggests a new infection technique, “MMS Fingerprint,” allowing device identification without user interaction. Enea tested and confirmed this method, raising concerns about potential malicious use. While not seen in the wild, it poses potential security risks. Operators and subscribers can take…
-
RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers
February 16, 2024 at 09:45AM Cryptocurrency companies are targeted by a new Apple macOS backdoor called RustDoor, distributed as a Visual Studio update and used in targeted attacks. Its components include first-stage downloaders masquerading as job offering PDFs, Golang-based binaries, and leaky endpoint revealing infected victims’ details. Meanwhile, a South Korean IT organization affiliated with…
-
North Korean hackers now launder stolen crypto via YoMix tumbler
February 16, 2024 at 09:38AM Lazarus, the North Korean hacker collective known for large-scale cryptocurrency heists, has shifted to using YoMix bitcoin mixer for laundering stolen funds. Chainalysis reports a surge in YoMix activity tied to Lazarus, evidencing their adaptability to avoid sanctions on other mixing services. The report also details trends in cryptocurrency laundering…
-
Iran Warship Aiding Houthi Pirates Hacked by US
February 16, 2024 at 08:56AM US officials claimed a recent cyberattack on an Iranian military spy ship disrupted intelligence-gathering on Red Sea traffic used to aid Houthi rebels in piracy against cargo ships. The attack on the ship MV Behshad aimed to disrupt the sharing of reconnaissance technology with Houthi Rebels in Yemen, who target…
-
Eight Vulnerabilities Disclosed in the AI Development Supply Chain
February 16, 2024 at 08:09AM Cybersecurity startup Protect AI disclosed eight vulnerabilities in the open source supply chain used for in-house AI/ML models, including critical and high-severity ones with CVE numbers. Protect AI emphasized the need for an AI/ML BOM to address unique AI risks. Their vulnerability detection methods include a bug bounty program and…