Recent Security News
-
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
November 9, 2023 at 03:50AM A phishing campaign has been discovered where threat actors send emails with a link to a file-sharing solution called DRACOON.team. When victims click on the link, they are directed to a PDF document containing a secondary link that leads to a fake Microsoft 365 login page. The attackers use reverse…
-
OpenAI confirms DDoS attacks behind ongoing ChatGPT outages
November 9, 2023 at 03:25AM OpenAI is currently addressing periodic outages caused by DDoS attacks on its API and ChatGPT services. While the company has not provided specific details on the root cause, they confirmed that the incidents are related to ongoing DDoS attacks. Users experiencing issues receive error messages and OpenAI is working to…
-
Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes
November 9, 2023 at 03:08AM The Sandworm APT group, linked to Russia’s Main Center for Special Technologies, used living-off-the-land techniques to cause a power outage in a Ukrainian city in October 2022. The attack coincided with missile strikes. Unlike previous attacks, Sandworm exploited LotL binaries instead of advanced cyber weaponry. This incident highlights the challenge…
-
Russia’s Sandworm – not just missile strikes – to blame for Ukrainian power blackouts
November 9, 2023 at 03:07AM Russian cyberattack group Sandworm was responsible for the coordinated cyberattack and power outage in Ukraine last year, according to Mandiant’s threat intel team. The attack targeted a power plant, compromising its operational technology (OT) environment through a hypervisor hosting a supervisory control and data acquisition (SCADA) management instance. Sandworm executed…
-
What to do with a cloud intrusion toolkit in 2023? Slap a chat assistant on it, duh
November 9, 2023 at 02:08AM A cybersecurity tool called Predator AI has been discovered by infosec researchers. It can be used to compromise poorly secured cloud services and web apps, and also includes a partially functional chat-bot assistant. While it is supposedly intended for educational purposes, it has the potential to be used maliciously. The…