June 27, 2024 at 11:56PM After its website shutdown, Polyfill.io’s owner battles accusations of distributing suspicious code on various websites. Anger-fueled social media posts target CDN titan Cloudflare and media for “malicious defamation.” Experts and a domain registrar warn of supply chain risks. The site has relocated to polyfill[.]com. Cloudflare also launches a JavaScript URL … Read more
June 27, 2024 at 10:39AM P2PInfect, a peer-to-peer botnet, has shifted from being dormant to a financially motivated operation, targeting misconfigured Redis servers with ransomware and cryptocurrency miners. It spreads by transforming victim systems into follower nodes and has been updated to target MIPS and ARM architectures. The malware uses a mesh network to push … Read more
June 15, 2024 at 01:15PM The newly discovered Linux malware named ‘DISGOMOJI’ uses emojis for executing commands on infected devices in attacks on Indian government agencies, related to a Pakistan-based threat actor known as ‘UTA0137.’ This novel approach allows the malware to potentially bypass security software. DISGOMOJI maintains persistence on devices and aims to exfiltrate … Read more
June 5, 2024 at 04:21PM Club Penguin fans hacked a Disney server and initially stole 2.5 GB of internal corporate data, including old Club Penguin information. The breach also revealed more recent and critical data about Disney’s corporate strategies and projects. The hackers accessed Confluence using exposed credentials and obtained documents about developer tools and … Read more
May 31, 2024 at 11:51AM ShinyHunters, a notorious threat actor, is allegedly selling a massive trove of Santander Bank’s data, impacting 30 million customers and employees. This follows a recent data breach affecting the bank. ShinyHunters is known for similar activities and has a history of selling stolen data from various companies. The legitimacy of … Read more
May 9, 2024 at 05:52PM The “Careto” APT group, inactive for over a decade, has reemerged in cyber-espionage targeting entities in Latin America and Central Africa. Kaspersky researchers have identified previous victims and new targets, emphasizing the need to remain vigilant against long-dormant APTs. The group’s sophisticated attacks involve custom techniques and versatile implants, showcasing … Read more
May 3, 2024 at 11:49AM NATO, EU, and partners condemn Russian threat group APT28’s cyber espionage campaign targeting European countries, including Germany and Czechia. The attacks compromised email accounts and targeted various government authorities, companies, and critical infrastructure. NATO warns about recent Russian hybrid activities impacting multiple Allied countries. APT28 has been linked to high-profile … Read more
April 26, 2024 at 10:18AM Sekoia reports that over 90,000 unique IP addresses are still infected with a self-spreading PlugX worm variant, attributed to a China-linked threat actor. The malware spreads through infected USB drives, creating potential risks for data exfiltration and surveillance, especially in regions strategically important to China’s Belt and Road Initiative. Sekoia … Read more
April 12, 2024 at 10:41AM CISA warns of Russian spies’ theft of sensitive data from Microsoft’s email system, prompting an Emergency Directive for affected agencies to analyze exfiltrated emails, reset compromised credentials, and enhance security. Microsoft and CISA collaborate to provide metadata on the exfiltrated emails. Security experts criticize Microsoft’s security practices and disclosure approach. … Read more
April 4, 2024 at 11:30AM Newly discovered HTTP/2 protocol vulnerabilities, “CONTINUATION Flood,” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. Discovered by researcher Barket Nowotarski, these vulnerabilities relate to the use of HTTP/2 CONTINUATION frames, not properly limited or checked, potentially causing memory outages, … Read more