July 26, 2024 at 04:15AM CrowdStrike reported that over 97% of Windows computers affected by a bad update are back online. The incident is anticipated to result in significant direct losses for major companies. The cybersecurity firm has swiftly responded by restoring impacted systems, enhancing recovery efforts, and issuing warnings about cybercriminals taking advantage of … Read more
July 26, 2024 at 02:30AM CrowdStrike has detected an attempt by an unknown threat actor to distribute harmful installers to German customers after the Falcon Sensor update failure. The phishing campaign involves an impersonation website, fraudulent JavaScript, and malicious software disguised as a CrowdStrike Crash Reporter. This situation occurs as CrowdStrike works to recover from … Read more
July 23, 2024 at 08:15AM CrowdStrike’s new technique is speeding up the system restoration process after millions of Windows devices experienced outages due to a faulty update. Despite Microsoft and CrowdStrike’s efforts, some organizations are still struggling. Threat actors are taking advantage of the situation with phishing and malware, including a new stealer called Daolpu. … Read more
July 23, 2024 at 08:15AM ESET has warned of a zero-day exploit affecting Telegram for Android, allowing threat actors to distribute malicious files disguised as videos. The vulnerability, dubbed EvilVideo, auto-downloads payloads containing APK files presented as multimedia previews. Users are advised to update their app to version 10.14.5 to address this issue. Based on … Read more
July 23, 2024 at 07:42AM Researchers have identified a new ICS-focused malware, FrostyGoop, which targets industrial control systems using Modbus TCP to disrupt operational technology networks. It was used in a cyber attack on an energy company in Lviv, Ukraine, causing a 48-hour loss of heating services to over 600 apartment buildings. The incident highlights … Read more
July 23, 2024 at 06:28AM CERT-UA warned of a cyber espionage campaign targeting a Ukrainian research institution with HATVIBE and CHERRYSPY malware. The attack leverages a compromised email account to distribute macro-laced Microsoft Word attachments, leading to the execution of the malware. A Russia-linked group, APT28, and UAC-0063 are attributed to the attack, with similar … Read more
July 22, 2024 at 03:36AM The JavaScript downloader malware SocGholish is distributing a remote access trojan called AsyncRAT and the legitimate open-source project BOINC. BOINC is being abused to connect to malicious servers and evade detection. The cybersecurity firm believes these connections pose a high risk and could potentially be used for malicious commands or … Read more
July 19, 2024 at 06:33AM A pro-Houthi threat group known as OilAlpha targeted humanitarian organizations in Yemen with Android spyware, posing as entities like CARE International and the Norwegian Refugee Council. Recorded Future’s Insikt Group noted that the group seeks to gather sensitive data and carry out espionage, possibly to control aid delivery. This follows … Read more
July 18, 2024 at 05:34PM Cybercriminal group Revolver Rabbit has registered over 500,000 domain names using a secret method called RDGAs to execute infostealer campaigns targeting Windows and macOS systems. Security researchers at Infoblox discovered this large-scale operation, estimating over $1 million in registration fees. The domains use a consistent pattern for easy readability and … Read more
July 18, 2024 at 03:03PM SecurityWeek Network offers cybersecurity news, webcasts, virtual events, and covers a wide range of topics including malware, cyberwarfare, data breaches, ransomware, and more. It also features specific tracks on ICS cybersecurity, industrial cybersecurity, and information on cybersecurity funding and M&A activity. Based on the meeting notes, it seems like the … Read more