December 10, 2024 at 06:03AM Chinese hackers nearly infiltrated critical European supply chain companies by disguising attacks within Microsoft tools during a three-week span. This operation, called “Operation Digital Eye,” involved SQL injections and the use of Visual Studio Code for persistent access, complicating attribution and demonstrating a sophisticated approach to cyber-espionage. ### Meeting Takeaways … Read more
December 5, 2024 at 05:20PM A major U.S. organization with a strong presence in China experienced a data breach by China-based threat actors, who infiltrated its networks and maintained access from April to August 2024. **Meeting Notes Takeaways:** 1. **Incident Overview**: A large U.S. organization with a strong presence in China has experienced a security … Read more
December 3, 2024 at 03:41PM Cisco warns customers of a decade-old security flaw in its Adaptive Security Appliance (ASA) WebVPN, tracked as CVE-2014-2120, which is being actively exploited. This vulnerability allows unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. Customers are urged to upgrade software, as no workarounds exist. ### Meeting Takeaways 1. **Security … Read more
November 25, 2024 at 12:56PM Zyxel warns that threat actors are exploiting a patched command injection vulnerability (CVE-2024-42057) in its firewalls, allowing remote code execution. A ransomware group, Helldown, has targeted affected devices. Users must upgrade to firmware 5.39 as earlier versions are susceptible to attacks. Immediate action is advised for optimal protection. ### Meeting … Read more
November 25, 2024 at 08:01AM Microsoft reports that North Korean fake IT workers have infiltrated global markets, particularly in the US, UK, and Australia, generating revenue for the regime while potentially stealing data. Numerous fake profiles exist online, and various North Korean threat actors engage in phishing and cryptocurrency theft, targeting sensitive sectors like aerospace … Read more
November 21, 2024 at 07:15AM Threat actors linked to North Korea are impersonating U.S. tech companies to evade sanctions and fund weapons programs. Using forged identities, they secure jobs and funnel earnings back to the DPRK. The U.S. seized numerous fraudulent websites as part of efforts to counter these illicit operations. ### Meeting Takeaways: Malware … Read more
November 21, 2024 at 03:48AM Ford is investigating allegations of a data breach involving 44,000 customer records leaked on a hacking forum. Initially, claims of the breach raised concerns over potentially sensitive information. However, Ford later clarified that no breach occurred within its systems; the issue related to a third-party supplier and involved public dealer … Read more
November 20, 2024 at 02:29PM The U.S. Justice Department has charged five members of the Scattered Spider cybercrime gang with wire fraud and identity theft, accused of stealing over $11 million from cryptocurrency wallets through SMS phishing. This loosely organized group employs varied tactics and has connections to other hacking collectives and ransomware gangs. ### … Read more
November 19, 2024 at 03:15PM Ford is investigating a potential data breach involving 44,000 customer records allegedly leaked by a hacker on a forum. The records, which include identifiable information, could facilitate phishing attacks. The company is currently assessing the situation, acknowledging the seriousness of the claims, and advising caution regarding unsolicited communications. ### Meeting … Read more
November 16, 2024 at 12:53PM T-Mobile confirmed it was hacked amid a series of telecom breaches by Chinese state-sponsored group Salt Typhoon, targeting private communications and call records. Although T-Mobile stated that its systems were not significantly impacted, the U.S. government noted that customer data was stolen across multiple telecommunications companies. This marks T-Mobile’s ninth … Read more