August 19, 2024 at 07:36AM The Oregon Zoo has notified 118,000 people of a data breach, exposing names and payment card details stolen from its online ticketing system. Transactions from Dec 20, 2023, to Jun 26, 2024, were affected. The zoo disclosed that a third-party vendor was targeted and has taken steps to secure a … Read more
August 16, 2024 at 09:21AM Two Russia-linked threat actors have been targeting entities critical of Russia through ongoing spear-phishing campaigns since 2023. Phishing emails impersonating Proton email service staff members have been sent to international NGOs, media organizations, Russian opposition figures, and US and European NGOs, posing serious risks to the targets. The attacks involve … Read more
August 15, 2024 at 02:03PM RansomHub ransomware operators have deployed a new malware, EDRKillShifter, to disable EDR security software in BYOVD attacks. Discovered by Sophos researchers, the malware exploits vulnerable drivers to escalate privileges and disable security solutions. Sophos recommends enabling tamper protection and maintaining a separation between user and admin privileges to mitigate such … Read more
August 14, 2024 at 06:03AM The Democratic National Convention (DNC) in Chicago faces a security threat as IntelFetch, a Telegram-based bot service, aggregates compromised credentials from DNC and Democratic Party websites. ZeroFox researchers verified stolen data, posing a risk of unauthorized access to sensitive systems. The DNC, along with attendees, is seen as potential targets … Read more
August 13, 2024 at 06:42AM IOActive disclosed Sinkclose, a new AMD processor vulnerability that has been around for 20 years, targeting SMM. Exploiting the flaw needs deep understanding of the architecture, but not physical access. AMD has published mitigations and firmware updates, prioritizing security despite it affecting seriously breached systems. The malware planted is stealthy … Read more
August 13, 2024 at 05:42AM The FBI disrupted the online infrastructure of nascent ransomware group Dispossessor, targeting small-to-mid-sized businesses internationally. The group employs a dual-extortion model, threatening data exposure and encryption. They leverage system vulnerabilities and weak passwords for attacks and have targeted 43 companies in multiple countries. Law enforcement efforts are increasing, but ransomware … Read more
August 8, 2024 at 11:00AM AppOmni analyzed 230 billion SaaS audit log events, finding that most SaaS security incidents involve simple smash and grab incursions, with attackers using legitimate credentials for entry. The use of MITRE ATT&CK kill chain is minimal. AppOmni recommends implementing a full zero trust policy with effective MFA to prevent attacker … Read more
August 8, 2024 at 02:27AM Progress Software’s WhatsUp Gold is facing active exploitation due to a critical security flaw (CVE-2024-4885, CVSS 9.8) allowing unauthenticated remote code execution. The flaw is being actively exploited, with a PoC exploit released by a security researcher. Exploitation attempts have been observed, emphasizing the urgency of applying the latest security … Read more
August 7, 2024 at 06:57AM An unnamed media organization in South Asia was targeted using a previously undocumented Go-based backdoor called GoGra, which utilizes the Microsoft Graph API for C&C purposes. Other new malware families have employed similar techniques, suggesting that threat actors are increasingly utilizing legitimate cloud services for low-key operations. Based on the … Read more
August 5, 2024 at 03:25PM A critical RCE security vulnerability (CVE-2024-38856) in Apache OFBiz poses a high risk with a CVSS score of 9.8. Threat actors could exploit this bug to access critical endpoints, potentially leading to data theft and lateral network movement. Admins are advised to upgrade to version 18.12.15 or newer to mitigate … Read more