July 5, 2024 at 06:06AM Alabama’s education superintendent, Eric Mackey, revealed a hacking attempt at the Alabama State Department of Education, with some data potentially breached. Mackey urged parents and education employees to monitor their credit and indicated that a federal investigation is ongoing as the attackers are believed to be foreign. A website and … Read more
July 5, 2024 at 05:56AM Cybereason reported that the GootLoader malware, linked to threat actor Hive0127, continues to evolve, with the latest version being GootLoader 3. It is distributed via SEO poisoning and serves as a conduit for delivering various payloads. The attackers have also unleashed their own command-and-control tool, expanding their market for financial … Read more
July 5, 2024 at 05:04AM Summary: The blog entry discusses how attackers can use the Jenkins Script Console for cryptomining by executing malicious Groovy scripts if the console is not properly configured. Misconfigurations and vulnerable Jenkins servers can enable remote code execution and the deployment of cryptocurrency miners. The entry also provides mitigations and indicators … Read more
July 5, 2024 at 12:26AM Cybersecurity researchers discovered a new botnet, Zergeca, capable of DDoS attacks. It supports six attack methods, proxying, scanning, self-upgrading, reverse shell, and more. Notably, it uses DNS-over-HTTPS for C2 communications and continuous development. Linked to previous botnet activity, it targeted Canada, Germany, and the U.S. with ACK flood DDoS attacks. … Read more
July 4, 2024 at 12:18PM A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a malicious site offering investment returns. Ethereum disclosed the incident, stating it had no material impact. The internal security team launched an investigation, blocked the attacker, and warned the community. … Read more
July 4, 2024 at 04:36AM Europol led Operation Morpheus to tackle nearly 600 illegal IP addresses associated with Cobalt Strike. The disruptive action targeted criminal activity, involving partners in 27 countries. Notable support was provided by private sector partners and Europol’s Malware Information Sharing Platform. The operation sent a strong message to cybercriminals globally. However, … Read more
July 4, 2024 at 02:01AM Brain Cipher, the group behind the hacking of Indonesia’s Temporary National Data Center, has apologized and released an encryption key to the government. The key was a 54 kb ESXi file, with its effectiveness yet to be confirmed. The group shared its motive, claiming to act as penetration testers and … Read more
July 4, 2024 at 12:34AM Law enforcement operation MORPHEUS seized nearly 600 servers used by cybercriminal groups and part of the Cobalt Strike attack infrastructure. The crackdown targeted unlicensed versions of Cobalt Strike, involving multiple countries. Exploitation of cracked software contributed to cybercrime, with related arrests and dismantling of other criminal schemes worldwide. Based on … Read more
July 3, 2024 at 11:51PM Twilio, a cloud communications provider, disclosed a mobile security breach in the Authy 2FA app. Threat actors exploited an unauthenticated endpoint to access user data, prompting the company to secure the endpoint. Although no direct system breach was proven, Twilio urged users to upgrade their apps due to possible phishing … Read more
July 3, 2024 at 04:24PM Nick Cerne from Bishop Fox discovered vulnerabilities in Traeger grills with the D2 Wi-Fi Controller, enabling remote attackers to issue commands, such as altering the temperature. Despite the potential risks, Traeger automatically updates affected grills. The need for secure IoT devices is underscored, while recommendations include physical control of devices … Read more