September 26, 2024 at 07:55AM Threat actors are targeting transportation and shipping organizations in North America, compromising email accounts to deliver various malware families like Arechclient2, DanaBot, Lumma Stealer, NetSupport, and StealC. The attacks involve injecting malicious content into compromised inboxes and using Google Drive links or URL files to deliver malware. Proofpoint advises caution … Read more
June 28, 2024 at 05:48AM TeamViewer detected a network compromise by a Russian APT group. The company’s internal IT environment was affected, but there’s no evidence of impact on the product environment or customer data. NCC Group and Health-ISAC reported the APT group’s involvement, recommending a review of remote desktop traffic. TeamViewer promises transparency during … Read more
June 13, 2024 at 06:48AM Cybersecurity firm Intezer identified a new malware, SSLoad, distributed through a previously undocumented loader called PhantomLoader. SSLoad infiltrates systems through phishing emails and delivers additional malware. It has been observed deploying the legitimate adversary simulation software Cobalt Strike. The malware demonstrates sophisticated capabilities, including reconnaissance and dynamic string decryption. Phishing … Read more
June 3, 2024 at 12:00AM Fake web browser updates are distributing remote access trojans (RATs) and info stealer malware like BitRAT and Lumma Stealer. Cybersecurity firm eSentire reported that attackers use bogus browser update lures to deliver malware. Attack chain involves booby-trapped sites, Discord-hosted ZIP archives, and PowerShell scripts. Threat actors also employ webhards and … Read more
June 2, 2024 at 04:57PM Hugging Face’s Spaces platform was breached, exposing authentication secrets for its members. The company detected unauthorized access and suspects a subset of Spaces’ secrets were compromised. They have revoked authentication tokens and recommend users refresh tokens and switch to fine-grained access tokens for tighter security. The company is working with … Read more
May 28, 2024 at 02:45AM A critical security flaw, CVE-2024-5035, with a 10.0 CVSS score, was discovered in TP-Link Archer C5400X router, allowing remote code execution. The flaw, patched in version 1_1.1.7, arises from a binary related to radio frequency testing, exposing a network listener. TP-Link’s fix blocks commands with special characters. Other undisclosed vulnerabilities … Read more
April 27, 2024 at 02:00AM A social engineering campaign named DEV#POPPER is targeting software developers with fraudulent job interviews, leading them to download and execute malicious npm packages, including a Python backdoor. The campaign is linked to North Korean threat actors. They disguise themselves as employers to distribute malware, indicating ongoing efforts to enhance their … Read more
April 1, 2024 at 09:19AM The US Congress is considering legislation that would require ByteDance, TikTok’s Chinese parent company, to sever ties with the app. Former White House chief information officer Theresa Payton warned of potential implications, including a 180-day window for ByteDance to offload TikTok and possible consequences for tech companies and internet connectivity … Read more
February 27, 2024 at 05:10PM U-Haul, an Arizona-based rental company, is notifying 67,000 customers of a data breach that compromised personal information. The breach, using legitimate credentials, accessed a system for tracking customer reservations. Although no payment data was breached, certain customer records were compromised. U-Haul is providing identity protection and advises affected customers to … Read more
February 5, 2024 at 06:06PM A recent report from TXOne Networks, a Taiwan-based cybersecurity firm, examines OT security incidents, sources, and organizational preparedness. Based on data from a survey of over 400 CIOs by Frost & Sullivan, and TXOne’s own collected data, it reveals ransomware as a prevalent threat, impacting OT environments and posing challenges … Read more