cyberattacks

Threat Actors Target Accounting Software Used by Construction Contractors

by

September 18, 2024 at 11:14AM Huntress warns of cyberattacks targeting Foundation Accounting Software, widely used in construction. Threat actors are brute forcing the application and exploiting default credentials, compromising organizations in various sub-industries. The attackers target MSSQL accounts, execute OS commands, and automate attacks. Only 33 publicly exposed hosts running the software with unchanged default … Read more

CISA warns of Windows flaw used in infostealer malware attacks

by

September 16, 2024 at 03:56PM CISA orders U.S. federal agencies to secure systems against a Windows MSHTML spoofing bug exploited by the Void Banshee APT group. The vulnerability (CVE-2024-43461) was exploited before being fixed, allowing attackers to execute code on unpatched Windows systems. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog, and … Read more

FBI tells public to ignore false claims of hacked voter data

by

September 15, 2024 at 02:18PM The FBI and CISA warn of false claims about U.S. voter registration data being compromised by cyberattacks. They highlight that this disinformation aims to manipulate public opinion and undermine confidence in democratic institutions. No evidence of a cyberattack impacting the election process or compromising the integrity of the results has … Read more

Cyber crooks shut down UK, US schools, thousands of kids affected

by

September 11, 2024 at 06:53PM Cybercriminals caused school closures in America and Britain by launching ransomware attacks, disrupting internet-based systems for students. Highline Public Schools in Washington state and Charles Darwin School in England faced closures and system shutdowns. These incidents highlight the vulnerability of educational institutions to cyber threats, emphasizing the need for robust … Read more

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

by

September 11, 2024 at 06:27AM Cybersecurity researchers have discovered new malicious Python packages targeting software developers, using fake job interviews as lures. Linked to North Korea-backed Lazarus Group, the ongoing campaign dubbed VMConnect employs modified legit PyPI libraries to embed malicious code. Attackers impersonate legitimate companies and use LinkedIn to contact and infect unsuspecting developers. … Read more

Critical SonicWall SSLVPN bug exploited in ransomware attacks

by

September 9, 2024 at 05:52PM Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims’ networks, impacting Gen 5, Gen 6, and Gen 7 firewalls. The vulnerability initially affected the firewalls’ management access interface, but was later found to also impact the SSLVPN feature and exploited in attacks. Mitigation measures … Read more

Russia’s top-secret military unit reportedly plots undersea cable ‘sabotage’

by

September 9, 2024 at 04:22PM US officials are reportedly concerned about heightened Russian naval activity near undersea cables, potentially driven by a secretive military unit called GUGI. The cables carry over 95% of international data and also electricity between European countries, making them vulnerable to cyber and physical attacks. The US is closely monitoring the … Read more

Cisco merch shoppers stung in Magecart attack

by

September 6, 2024 at 04:06PM Russia-based attackers injected data-stealing JavaScript into Cisco’s online store, exploiting an Adobe Magento flaw. Cisco has fixed the issue and addressed the security concern, assuring that only a limited number of users were affected and no credentials were compromised. The attackers exploited a critical vulnerability, and the malicious JS code … Read more

Russian military hackers linked to critical infrastructure attacks

by

September 5, 2024 at 02:03PM The United States and its allies have linked Russian military intelligence hackers to Unit 29155 of Russia’s Main Directorate of the General Staff of the Armed Forces. The hackers have been carrying out sabotage and cyberattacks in Europe and North America since 2020. The U.S. State Department announced a reward … Read more

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

by

September 3, 2024 at 09:54AM Head Mare, a hacktivist group active since 2023, targets organizations in Russia and Belarus using advanced methods. Exploiting a recent WinRAR vulnerability, the group conceals and delivers malicious payloads effectively. It employs ransomware like LockBit and Babuk, with tools such as PhantomDL and PhantomCore, and is linked to the Russo-Ukrainian … Read more