October 9, 2024 at 11:55AM Pro-Ukrainian hacktivists, DumpForums, claimed responsibility for a September breach of Russian security company Doctor Web, accessing and stealing approximately ten terabytes of data. Doctor Web confirmed the breach but denied data theft claims and ransom demands, asserting an investigation is ongoing while ensuring user data remains secure. ### Meeting Takeaways … Read more
October 8, 2024 at 07:28AM Russian government agencies and industrial entities are under ongoing cyber attacks by a group named Awaken Likho. Kaspersky reports a new campaign using the MeshCentral platform to gain remote system access since June 2024. The attacks primarily target Russian government agencies, contractors, and industrial enterprises, with spear-phishing tactics distributing malicious … Read more
October 4, 2024 at 04:09AM CyberThreat24, hosted by the UK’s National Cyber Security Centre and SANS Institute, returns to London on December 9-10, offering cybersecurity professionals the chance to share experiences and learn new tools. The event includes keynote presentations, technical sessions, and a Capture The Flag tournament for hands-on experience. Attend in person or … Read more
October 2, 2024 at 06:45AM In August 2024, North Korean state-sponsored threat actor Andariel targeted three U.S. organizations in a likely financially motivated attack. While unable to deploy ransomware, it’s part of their pattern. Andariel, a sub-cluster of Lazarus Group, is known for deploying ransomware, creating custom backdoors, and using N-day security flaws for network … Read more
September 30, 2024 at 10:24AM Global news agency AFP detected a cyberattack impacting its IT systems and client services. The attack, currently being mitigated by AFP’s IT staff and the French cybersecurity agency ANSSI, has not affected global news coverage. The attack’s nature and perpetrators remain undisclosed. AFP has warned partner media companies about potential … Read more
September 26, 2024 at 03:55PM Security researchers found critical flaws in Kia’s dealer portal, allowing hackers to locate and steal millions of Kia cars made after 2013 by using the vehicle’s license plate. Based on the meeting notes, the key takeaway is that security researchers have identified critical vulnerabilities in Kia’s dealer portal that could … Read more
September 10, 2024 at 06:06AM A trio of threat clusters linked to the People’s Republic of China have breached a dozen new targets, including a Southeast Asian government organization. Operation Crimson Palace utilizes a team-based approach for cyber heists, with three independent clusters handling various stages of the attack chain, demonstrating persistency and adaptability in … Read more
September 5, 2024 at 04:15AM Cisco Talos has discovered that threat actors may be using MacroPack, a payload generation framework, to distribute malware. The malicious documents are observed to have bypassed anti-malware detections and follow a three-step attack chain. The attackers are utilizing sophisticated techniques and diverse lure themes, suggesting the involvement of distinct threat … Read more
August 30, 2024 at 07:30AM Cybersecurity researchers have discovered a new network infrastructure set up by Iranian threat actors to support recent targeting of U.S. political campaigns, displaying a meticulously crafted system using dynamic DNS providers for phishing attacks. This comes amid increased Iranian cyber activity against the U.S., including ramped-up malicious cyber activities. After … Read more
August 26, 2024 at 12:16PM Versa Networks resolved a zero-day vulnerability through a security update after detecting its exploitation. The flaw impacted the Versa Director platform and could be leveraged by threat actors to upload corrupted files. The company urged affected customers to enhance system security and update their installations to protect against potential attacks. … Read more