April 3, 2024 at 05:06PM A security vendor reports that a China-linked threat actor gained access to a router configuration database, posing a significant risk of completely disrupting coverage. Based on the meeting notes, it is apparent that a China-linked threat actor had access to a router configuration database that posed a significant risk of … Read more
March 19, 2024 at 10:36AM A new destructive malware named AcidPour was identified, targeting Linux x86 IoT and networking devices. It shares characteristics with AcidRain, a data-wiping malware, potentially pointing to an evolution or different origin. The malware’s expanded reach raises concerns, and public collaboration in analyzing and verifying its impact is encouraged by security … Read more
March 18, 2024 at 12:51PM Over 70 million records stolen from AT&T in 2021 were recently dumped on a cybercrime forum. The files contain personal information such as names, Social Security Numbers, and addresses. Despite initial denials, an underground source confirmed the legitimacy of the data. This breach follows a previous admission of a hack … Read more
March 4, 2024 at 04:08PM ALPHV/BlackCat, responsible for the Change Healthcare cyberattack, received over $22 million in Bitcoin, potentially a ransomware payment. UnitedHealth Group declined to confirm if ransom was paid. Change Healthcare’s systems were affected, disrupting services for 70,000+ American pharmacies and hospitals. The gang may have stolen the $22 million from their affiliates. … Read more
March 1, 2024 at 06:15AM Cybersecurity researchers have found a new Linux variant of the BIFROSE remote access trojan, using a deceptive domain mimicking VMware. The malware, active since 2004, has been linked to a state-backed group from China. The latest variant disguises as VMware and has shown increased activity since October 2023, signifying evolving … Read more
February 28, 2024 at 09:39AM Savvy Seahorse uses CNAME DNS records to create a traffic distribution system for financial scam campaigns. Infoblox researchers uncovered this operation in August 2021, noting the use of chatbots to automate scamming and the abuse of DNS CNAME records to manage redirects and evade detection. The actor targets victims through … Read more
February 20, 2024 at 09:03AM The Cactus ransomware gang claimed responsibility for the cyberattack on Schneider Electric. The attack only impacted the Sustainability Business division, and certain data was exfiltrated. The gang has threatened to disclose stolen data unless a ransom is paid. Schneider Electric’s clients’ impact is unclear. Cactus has been actively exploiting vulnerabilities … Read more
February 15, 2024 at 04:34PM Microsoft identified a critical vulnerability in Exchange Server disclosed in February as a zero-day threat already being exploited. The flaw (CVE-2024-21410) permits attackers to disclose and relay Windows NT Lan Manager hashes, impersonating legitimate users. Microsoft revised its advisory, flagging the exploit as a zero-day. A cumulative update (CU14) protects … Read more
February 13, 2024 at 10:38AM LockBit ransomware’s attack on a technology partner resulted in the exposure of sensitive information, such as Social Security numbers, belonging to over 57,000 banking customers. Based on the meeting notes, the key takeaway is that a technology partner was attacked by LockBit ransomware, resulting in the exposure of sensitive information, … Read more
February 12, 2024 at 11:21AM A cloud account takeover campaign has affected numerous Azure environments and compromised many user accounts. The campaign specifically targets senior personnel. This ongoing threat is a significant security concern within the Azure cloud environment, as reported by SecurityWeek. Based on the meeting notes, it appears that there has been a … Read more