Iran-Linked Agrius APT Group Targets Israeli Education, Tech Sectors

November 7, 2023 at 12:34PM Throughout this year, Israel’s higher education and technology sectors have been targeted by a series of attacks. The attackers, identified as the advanced persistent threat (APT) Agonizing Serpens, associated with Iran, have exploited Web servers and deployed Web shells to gain access to networks. The attacks involve stealing sensitive information, … Read more

Ex-GCHQ software dev jailed for stabbing NSA staffer

November 3, 2023 at 03:52PM A former software developer for Britain’s GCHQ has been sentenced to a minimum of 13 years in prison for attempting to murder a National Security Agency (NSA) official. The attack, which occurred outside a leisure center in Cheltenham, was motivated by a combination of terrorist ideology, anger, and resentment towards … Read more

Toronto Public Library outages caused by Black Basta ransomware attack

November 1, 2023 at 04:32PM The Toronto Public Library (TPL) is currently experiencing technical outages due to a ransomware attack by the Black Basta ransomware operation. Certain services, including the TPL website and online account access, are unavailable. The library assures that personal information has not been compromised and is working with cybersecurity experts and … Read more

Former British Cyberespionage Agency Employee Gets Life in Prison for Stabbing an American Spy

November 1, 2023 at 07:09AM A former British cyberespionage employee, Joshua Bowles, was sentenced to life in prison for the attempted murder of an American intelligence worker. Bowles carried out a pre-meditated and politically motivated attack, targeting the woman solely because of her role with the National Security Agency. The attack was driven by Bowles’ … Read more

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A and M-Series CPUs

October 26, 2023 at 02:06PM A group of academics has discovered a new side-channel attack called iLeakage that targets Apple’s A- and M-series CPUs on iOS, iPadOS, and macOS devices. By exploiting a weakness in Safari, sensitive information can be extracted. The attack could be used to retrieve Gmail inbox content and autofilled passwords from … Read more

New iLeakage attack steals emails, passwords from Apple Safari

October 26, 2023 at 07:32AM Researchers have developed a new side-channel attack called iLeakage that can extract sensitive information from Safari on Apple devices. It bypasses standard side-channel protections and can retrieve data from Safari, Firefox, Tor, and Edge on iOS with near-perfect accuracy. The attack exploits speculative execution in Apple Silicon CPUs and requires … Read more

1Password confirms attacker tried to pull list of admin users after Okta intrusion

October 24, 2023 at 11:21AM 1Password has confirmed that it was attacked by cyber criminals following a breach of Okta’s customer support portal. The attack was detected on September 29 and the company’s incident response team quickly engaged, finding a suspicious IP address and unauthorized access to the Okta instance. While no user data or … Read more

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks

October 17, 2023 at 04:49PM More than 10,000 Cisco IOS XE devices have been compromised and infected with malicious implants through a zero-day bug. The vulnerability has been exploited in attacks on devices running Cisco IOS XE software with the Web User Interface feature and HTTP/HTTPS Server feature enabled. Security company VulnCheck has released a … Read more

Thousands of Cisco IOS XE devices hacked in widespread attacks

October 17, 2023 at 09:20AM Attackers have exploited a critical zero-day bug to compromise and infect Cisco IOS XE devices with malicious implants. Threat intelligence company VulnCheck found thousands of compromised hosts. Cisco has advised administrators to disable the vulnerable HTTP server feature and look for breach indicators. A patch is not yet available. Key … Read more

Malicious ‘Airstrike Alert’ App Targets Israelis

October 16, 2023 at 05:07PM Cyber attackers are using a modified version of the RedAlert application, which warns Israelis of incoming airstrikes, to collect sensitive data from users. The spoofed version gives cybercriminals access to contacts, call logs, SMS details, and other information. Users who installed the Android version of the app from a specific … Read more