September 3, 2024 at 03:59PM Zyxel released security updates for a critical vulnerability affecting various business routers, allowing unauthenticated attackers to execute OS commands. The flaw, tracked as CVE-2024-7261, has a CVSS v3 score of 9.8. Additionally, multiple high-severity flaws in APT and USG FLEX firewalls were addressed through security updates. Detailed information is available … Read more
September 2, 2024 at 10:48PM A 57-year-old man from Missouri has been arrested for a failed data extortion campaign against his former employer, an industrial company in New Jersey. Daniel Rhyne faces charges including extortion, intentional damage to a protected computer, and wire fraud after attempting to extort 20 bitcoins, valued at $750,000. He could … Read more
September 2, 2024 at 02:20PM Transport for London (TfL) is actively investigating an ongoing cyberattack with no current impact on its services. The agency assured customers that there is no evidence of compromised customer data and promptly reported the attack to government authorities. Measures have been implemented to prevent further system access, as TfL works … Read more
August 30, 2024 at 01:06PM North Korean hackers utilized a patched Google Chrome zero-day to distribute the FudModule rootkit, gaining SYSTEM privileges through a Windows Kernel exploit. Microsoft attributed the attacks to the North Korean threat actor Citrine Sleet, known for targeting the cryptocurrency sector for financial gain. The group is also associated with other … Read more
August 29, 2024 at 02:34PM Former infrastructure engineer, Daniel Rhyne, was arrested and charged after allegedly locking colleagues out of their company’s systems and threatening to shut down servers unless paid a ransom. This led to him being charged with extortion, intentional damage to a protected computer, and wire fraud, facing up to 35 years … Read more
August 29, 2024 at 07:48AM Attackers are increasingly using new phishing toolkits, like adversary-in-the-middle (AitM), which lets them bypass traditional prevention controls. AitM phishing uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application, enabling attackers to steal live sessions. AitM toolkits employ reverse web proxies … Read more
August 27, 2024 at 04:34PM The U.S. Marshals Service denies being breached by the Hunters International ransomware gang, despite being listed as a new victim on the group’s leak site. Based on the meeting notes, it appears that the U.S. Marshals Service has denied any breach of its systems by the Hunters International ransomware gang. … Read more
August 27, 2024 at 10:33AM Volt Typhoon, a China-based cyber espionage group, has been linked with exploiting a high-severity security flaw in Versa Director. The attacks targeted U.S. and non-U.S. victims in ISP, MSP, and IT sectors. The flaw allows malicious file uploads, potentially leading to large-scale supply chain attacks. Recommendations include security mitigations and … Read more
August 27, 2024 at 09:30AM Microsoft is hosting the Windows Endpoint Security Ecosystem Summit to address security and resilience following the disruptive CrowdStrike incident. The summit aims to outline short- and long-term actions for user protection, with a focus on improving security, safe deployment practices, and resiliency. Discussions will include the impact of kernel access … Read more
August 25, 2024 at 02:36AM Cybersecurity researchers have discovered a stealthy Linux malware called sedexp, utilized by financially motivated threat actors since 2022. Noteworthy for using udev rules to maintain persistence, the malware runs upon system reboot, enabling remote access and memory modification to conceal its presence. It has been observed hiding credit card scraping … Read more