Recent Security News
-
Iranian Hackers Targeting US Defense Industrial Base Entities With New Backdoor
December 22, 2023 at 07:45AM Microsoft has raised an alert on Iranian state-sponsored attacks targeting US defense industrial base (DIB) organizations. The attacks, attributed to Peach Sandstorm, a group also known as APT33, are believed to have been active since at least 2013. A newly developed backdoor named FalseFont has been observed, allowing remote access…
-
Inmate, Staff Information Stolen in Rhode Island Prison Data Breach
December 22, 2023 at 06:45AM The Donald W. Wyatt Detention Facility in Rhode Island experienced a data breach affecting around 2,000 inmates, staff, and vendors. The breach, which occurred in November, involved malware and data theft, compromising personal details like financial info, medical records, and Social Security numbers. The facility is providing affected individuals with…
-
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild
December 22, 2023 at 06:45AM CISA released advisories for ICS vulnerabilities affecting FXC routers and QNAP NVR devices, exploited in the wild. The FXC flaw allows remote code execution via NTP server settings, affecting outlet wall routers in Japan. QNAP’s vulnerability, patched years ago, is being exploited by a Mirai-based malware campaign targeting legacy models.…
-
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher
December 22, 2023 at 05:39AM Researchers discovered a vulnerability in ChatGPT, which could be exploited to steal sensitive information by injecting malicious content through image markdown rendering. OpenAI addressed the issue partially for the web application but not for mobile apps. Additionally, a custom GPT named ‘The Thief’ was created to phish for user credentials…
-
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware
December 22, 2023 at 03:42AM UAC-0099, a threat actor, is targeting Ukrainian employees at foreign companies with malware attacks, leveraging a WinRAR vulnerability to deliver the LONEPAGE strain. The attacks use various file attachments and exploit methods, including phishing messages, to deploy the malware. Deep Instinct’s analysis reveals the tactics employed and warns of a…