June 6, 2024 at 06:18AM Threat actors are employing legitimate packer software like BoxedApp to distribute malware, targeting financial and government sectors. Malware families like Agent Tesla and Remcos are being propagated using NSIXloader. Another packer codenamed Kiteshield has been used by threat actors to target Linux systems. These techniques aim to evade endpoint security … Read more
June 5, 2024 at 04:21PM Club Penguin fans hacked a Disney server and initially stole 2.5 GB of internal corporate data, including old Club Penguin information. The breach also revealed more recent and critical data about Disney’s corporate strategies and projects. The hackers accessed Confluence using exposed credentials and obtained documents about developer tools and … Read more
June 4, 2024 at 08:13AM A sophisticated cyber attack targeting endpoints in Ukraine aims to deploy Cobalt Strike and establish control over compromised hosts. The attack involves a multi-stage malware strategy using a Microsoft Excel file with an embedded VBA macro. The attack employs evasion techniques, location-based checks, and manipulation of DLL files for persistence … Read more
June 2, 2024 at 04:57PM Hugging Face’s Spaces platform was breached, exposing authentication secrets for its members. The company detected unauthorized access and suspects a subset of Spaces’ secrets were compromised. They have revoked authentication tokens and recommend users refresh tokens and switch to fine-grained access tokens for tighter security. The company is working with … Read more
May 31, 2024 at 03:49PM The BBC confirmed a breach compromising personal information of its pension scheme members. Threat actors copied files from a cloud-based storage containing names, national insurance numbers, and addresses. The BBC assured that the incident source was secured, and specialists found no misuse of the affected files. Investigation is ongoing, with … Read more
May 30, 2024 at 05:48AM Check Point VPNs were targeted by threat actors exploiting a zero-day vulnerability, allowing access to enterprise networks through old VPN local accounts. The vulnerability, tracked as CVE-2024-24919, affects certain Check Point Security Gateways and allows hackers to extract password hashes. Mnemonic reported attacks using CVE-2024-24919 in customer environments since April … Read more
May 29, 2024 at 03:45PM Threat actors are exploiting a high-severity zero-day vulnerability in Check Point Remote Access VPN, stealing Active Directory data to move through victims’ networks. Check Point warns customers of attackers targeting their security gateways using old VPN local accounts with insecure password-only authentication. The company has released hotfixes to block exploitation … Read more
May 29, 2024 at 01:51PM Cybersecurity researchers have discovered a malicious Python package, “pytoileur,” in the Python Package Index repository, aiming to enable cryptocurrency theft. The package’s code executes a Base64-encoded payload to retrieve a Windows binary from an external server, establishing persistence and dropping spyware and data-stealing malware. This method signifies an unprecedented abuse … Read more
May 28, 2024 at 02:01PM Microsoft has linked the North Korean hacking group Moonstone Sleet to FakePenny ransomware attacks, causing millions of dollars in ransom demands. Moonstone Sleet has adopted novel attack methods and infrastructure, targeting various industries and employing trojanized software, malicious games, and fake companies. This expansion into ransomware may indicate a shift … Read more
May 28, 2024 at 05:33AM Check Point advises customers to review VPN configurations to prevent abuse by threat actors, citing attempts to gain access through old VPN local accounts with password-only authentication. The company recommends using additional authentication measures, deploying products on security gateways, and disabling unnecessary local accounts. It also provides a script and … Read more