Radiant links $50 million crypto heist to North Korean hackers

December 9, 2024 at 03:29PM Radiant Capital attributed a $50 million cryptocurrency heist to North Korean hackers known as Citrine Sleet, following a cyberattack on October 16. The attack involved sophisticated malware evading security measures. Radiant is working with U.S. law enforcement to recover stolen funds and emphasizes the need for improved transaction security. **Meeting … Read more

Attackers Can Use QR Codes to Bypass Browser Isolation

December 9, 2024 at 03:03PM Researchers from Mandiant have demonstrated a method to bypass browser isolation using QR codes, allowing attackers to transmit commands to compromised devices. This technique exploits remote rendering processes to convey data visually, though it faces limitations, including latency and QR code size constraints. Mandiant still endorses browser isolation as a … Read more

Jetpack fixes 8-year-old flaw affecting millions of WordPress sites

October 18, 2024 at 06:34PM A critical security update for the Jetpack WordPress plugin has been released due to a vulnerability that could expose user data. Site administrators are advised to ensure the latest version is installed. Meanwhile, the EU has implemented new reporting rules for cybersecurity incidents, and a free DNS service for UK … Read more

Google: 70% of exploited flaws disclosed in 2023 were zero-days

October 16, 2024 at 06:16PM Mandiant security analysts have reported a concerning trend where threat actors are increasingly adept at identifying and exploiting zero-day vulnerabilities in software, highlighting growing risks in cybersecurity. **Meeting Takeaways:** 1. **New Threat Trend**: Mandiant security analysts have identified a concerning trend among threat actors. 2. **Increased Capability**: There is a … Read more

North Korea Hackers Linked to Breach of German Missile Manufacturer

September 30, 2024 at 01:45PM A professional hacking team affiliated with the North Korean government infiltrated the German company Diehl Defence, known for producing air defense systems and missiles, using phishing tactics to target employees. The group, attributed to the Kimsuky APT, employed booby-trapped files and mock job offers to carry out the attack. Kimsuky … Read more

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

September 20, 2024 at 06:45AM Mandiant is tracking Iranian APT threat actor UNC1860, linked to MOIS, which facilitates remote network access. UNC1860, known for sophisticated tools and prior destructive attacks, is associated with APT34 and implicated in cyber operations targeting U.S. elections. Iran’s increasing cyber activities coincide with heightened regional involvement. CISA warned of Iranian … Read more

North Korean Hackers Lure Critical Infrastructure Employees With Fake Jobs

September 18, 2024 at 11:14AM UNC2970, a North Korean threat actor, has been using job-themed lures to distribute new malware to individuals in critical infrastructure sectors. Mandiant reported that UNC2970 targeted individuals in the US, UK, Netherlands, Cyprus, Germany, Sweden, Singapore, Hong Kong, and Australia. The group has been using fake job descriptions to target … Read more

Halliburton confirms data stolen in recent cyberattack

September 3, 2024 at 09:00AM Oil and gas company Halliburton confirmed to the SEC that data was stolen in a recent attack by RansomHub ransomware gang. The breach prompted disruptions to its systems and caused concern among customers. Halliburton is evaluating the scope of the breach and potential financial and customer impact, including risks of … Read more

Google Disrupts More China-Linked Dragonbridge Influence Operations

June 26, 2024 at 11:03AM Google continues to disrupt China-linked threat actor Dragonbridge’s influence operations on YouTube and Blogger. With over 10,000 instances taken down in Q1 2023, the internet giant has disabled over 175,000 Dragonbridge instances to date. Despite high content volume, the activity remains largely ineffective, with mostly inauthentic engagement. Dragonbridge continues promoting … Read more

Neiman Marcus confirms data breach after Snowflake account hack

June 25, 2024 at 10:55AM Luxury retailer Neiman Marcus confirmed a data breach after hackers attempted to sell the company’s stolen database from recent Snowflake data theft attacks. The breach impacted 64,472 people, exposing personal information such as names, contact details, and gift card numbers. The breach was likely linked to threat actor “Sp1d3r” and … Read more