October 18, 2024 at 06:34PM A critical security update for the Jetpack WordPress plugin has been released due to a vulnerability that could expose user data. Site administrators are advised to ensure the latest version is installed. Meanwhile, the EU has implemented new reporting rules for cybersecurity incidents, and a free DNS service for UK … Read more
October 16, 2024 at 06:16PM Mandiant security analysts have reported a concerning trend where threat actors are increasingly adept at identifying and exploiting zero-day vulnerabilities in software, highlighting growing risks in cybersecurity. **Meeting Takeaways:** 1. **New Threat Trend**: Mandiant security analysts have identified a concerning trend among threat actors. 2. **Increased Capability**: There is a … Read more
September 30, 2024 at 01:45PM A professional hacking team affiliated with the North Korean government infiltrated the German company Diehl Defence, known for producing air defense systems and missiles, using phishing tactics to target employees. The group, attributed to the Kimsuky APT, employed booby-trapped files and mock job offers to carry out the attack. Kimsuky … Read more
September 20, 2024 at 06:45AM Mandiant is tracking Iranian APT threat actor UNC1860, linked to MOIS, which facilitates remote network access. UNC1860, known for sophisticated tools and prior destructive attacks, is associated with APT34 and implicated in cyber operations targeting U.S. elections. Iran’s increasing cyber activities coincide with heightened regional involvement. CISA warned of Iranian … Read more
September 18, 2024 at 11:14AM UNC2970, a North Korean threat actor, has been using job-themed lures to distribute new malware to individuals in critical infrastructure sectors. Mandiant reported that UNC2970 targeted individuals in the US, UK, Netherlands, Cyprus, Germany, Sweden, Singapore, Hong Kong, and Australia. The group has been using fake job descriptions to target … Read more
September 3, 2024 at 09:00AM Oil and gas company Halliburton confirmed to the SEC that data was stolen in a recent attack by RansomHub ransomware gang. The breach prompted disruptions to its systems and caused concern among customers. Halliburton is evaluating the scope of the breach and potential financial and customer impact, including risks of … Read more
June 26, 2024 at 11:03AM Google continues to disrupt China-linked threat actor Dragonbridge’s influence operations on YouTube and Blogger. With over 10,000 instances taken down in Q1 2023, the internet giant has disabled over 175,000 Dragonbridge instances to date. Despite high content volume, the activity remains largely ineffective, with mostly inauthentic engagement. Dragonbridge continues promoting … Read more
June 25, 2024 at 10:55AM Luxury retailer Neiman Marcus confirmed a data breach after hackers attempted to sell the company’s stolen database from recent Snowflake data theft attacks. The breach impacted 64,472 people, exposing personal information such as names, contact details, and gift card numbers. The breach was likely linked to threat actor “Sp1d3r” and … Read more
June 23, 2024 at 10:21PM Snowflake breach continues to expand with victims, including Ticketek and Advance Auto Parts. Hacker claims to have accessed Snowflake by compromising third parties. CDK faces ransomware attack and potential payment. Critical vulnerabilities found in Juniper Secure Analytics, CAREL Boss-Mini, Westermo L210-F2G, and RAD Data Communications SecFlow-2. Alleged Apple tools leaked. … Read more
June 20, 2024 at 01:49PM Threat actor UNC3886, suspected to be Chinese, uses open-source rootkits like ‘Reptile’ and ‘Medusa’ on VMware ESXi virtual machines to conduct credential theft, command execution, and lateral movement. Mandiant tracked UNC3886’s attacks on government organizations and revealed their recent use of rootkits, custom malware tools, and attacks targeting various industries … Read more