Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine

FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks

The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud. “The rules will help protect consumers from scammers who target data and personal information by covertly swapping SIM cards to a new device or porting phone numbers to

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem

U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "Observed as a ransomware-as-a-service (RaaS)

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv_latest' and containing Python malware compiled as an ELF executable

New Campaign Targets Middle East Governments with IronWind Malware

Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers said in a report last week. "The observed activity aligns with geopolitical goals of

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform

Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers

A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "shift in the persistent actor's tactics." Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a

Offensive and Defensive AI: Let’s Chat(GPT) About It

ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. ChatGPT is the most swiftly growing consumer application to date. The extremely popular generative AI chatbot has the ability to generate human-like, coherent and contextually relevant responses.

StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices

An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That's according to findings from Kaspersky, which has codenamed the threat StripedFly, describing it as an "intricate modular framework that supports both Linux and Windows." The Russian cybersecurity

Google Play Store Highlights 'Independent Security Review' Badge for VPN Apps

Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety section for Android VPN apps that have undergone a Mobile Application Security Assessment (MASA) audit. "We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Nataliya Stanetsky of the Android Security

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said. All the counterfeit packages have been published by

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities. "As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and

N. Korean Lazarus Group Targets Software Vendor Using Known Flaws

The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for

How to Keep Your Business Running in a Contested Environment

When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal

34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams

Spanish law enforcement officials have announced the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million ($3.2 million) in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia, seizing two simulated firearms, a katana sword, a baseball bat, €80,000 in cash, four high-end

Who's Experimenting with AI Tools in Your Organization?

With the record-setting growth of consumer-focused AI productivity tools like ChatGPT, artificial intelligence—formerly the realm of data science and engineering teams—has become a resource available to every employee.  From a productivity perspective, that’s fantastic. Unfortunately for IT and security teams, it also means you may have hundreds of people in your organization using a new tool in

Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign

A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments. Dubbed Qubitstrike by Cado, the intrusion set utilizes Telegram API to exfiltrate cloud service provider credentials following a successful compromise. "The payloads for the Qubitstrike campaign are

The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)

SaaS Security’s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. “SaaS Security on Tap” is a new video series that takes place in Eliana V's bar making sure that the only thing that leaks is beer (

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware. "It's

HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,

Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and

North Korea's Lazarus Group Launders $900 Million in Cryptocurrency

As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be subject to seizures and sanctions scrutiny, the crypto crime displacement to chain- or asset-hopping

Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike

Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ, leverages a backdoor called HyperBro, which is then used as a conduit to deploy the commercial attack simulation software and post-exploitation toolkit.

New OS Tool Tells You Who Has Access to What Data

Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization’s assets, maintain customer trust, and meet regulatory requirements.  A

GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries

A new Android banking trojan named GoldDigger has been found targeting several financial applications with an aim to siphon victims' funds and backdoor infected devices. "The malware targets more than 50 Vietnamese banking, e-wallet and crypto wallet applications," Group-IB said. "There are indications that this threat might be poised to extend its reach across the wider APAC region and to

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. "These vulnerabilities [...] can lead to a full chain Remote

New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims' machines, each cluster is characterized by distinct tools, modus operandi, and infrastructure," Palo Alto

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the

Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge

The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. "This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware's developers are operating at an extremely high development cadence," Cado Security researcher Matt Muir

Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace

Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. "The site operated as a hidden service in the encrypted TOR network," the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. "The site has been used in anonymous criminal activities such as narcotics trade." The agency

Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with

Signal Messenger Introduces PQXDH Quantum-Resistant Encryption

Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS

Think Your MFA and PAM Solutions Protect You? Think Again

When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist

The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023. The crypto heist aimed at

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.

The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union's General Data Protection Regulation (GDPR) in relation to its handling of children's data. The investigation, initiated in September 2021, examined how the popular short-form video platform processed personal data relating to child users (those between the

How to Prevent API Breaches: A Guide to Robust Security

With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren’t familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software development. However, the rise of API use has also led to an increase in the number of API breaches.

Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play

Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. The

Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses

Everything You Wanted to Know About AI Security but Were Afraid to Ask

There’s been a great deal of AI hype recently, but that doesn’t mean the robots are here to replace us. This article sets the record straight and explains how businesses should approach AI. From musing about self-driving cars to fearing AI bots that could destroy the world, there has been a great deal of AI hype in the past few years. AI has captured our imaginations, dreams, and occasionally,

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro. First disclosed at the

Malicious npm Packages Aim to Target Developers for Source Code Theft

An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories. "The threat actor behind this campaign has been linked to malicious activity dating back to 2021," software supply chain security firm Checkmarx said in a report shared

Tornado Cash Founders Charged in Billion-Dollar Crypto Laundering Scandal

The U.S. Justice Department (DoJ) on Wednesday unsealed an indictment against two founders of the now-sanctioned Tornado Cash cryptocurrency mixer service, charging them with laundering more than $1 billion in criminal proceeds. Both the individuals, Roman Storm and Roman Semenov, have been charged with conspiracy to commit money laundering, conspiracy to commit sanctions violations, and

North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns

The U.S. Federal Bureau of Investigation (FBI) on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as TraderTraitor, which is also known by the name Jade Sleet. An investigation undertaken by the FBI found

Meta Set to Enable Default End-to-End Encryption on Messenger by Year End

Meta has once again reaffirmed its plans to roll out support for end-to-end encryption (E2EE) by default for one-to-one friends and family chats on Messenger by the end of the year. As part of that effort, the social media giant said it's upgrading "millions more people's chats" effective August 22, 2023, exactly seven months after it started gradually expanding the feature to more users in

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential harvesting malware while continuing to develop infrastructure for an upcoming (spoiler: now launched) campaign

Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems. There is no evidence that the apps were available on the

What's the State of Credential theft in 2023?

At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it. The 2023 Verizon Data Breach Investigations Report (DBIR) revealed that 83% of breaches involved external actors, with almost all attacks being financially motivated

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution. "The attacker seems to be

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week. "It can steal

New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks

Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. The search giant said it's introducing a second user setting to turn off support, at the model level, for null-ciphered cellular connections. "The Android Security Model assumes that all networks are hostile to keep users safe from

Understanding Active Directory Attack Paths to Improve Security

Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks. As things tend to do, times, they are a'changin' – and a few years back, Microsoft introduced Azure Active Directory, the

FBI Alert: Crypto Scammers are Masquerading as NFT Developers

The U.S. Federal Bureau of Investigation (FBI) is warning about cyber crooks masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "exclusive" new NFT releases, often

NYC Couple Pleads Guilty to Money Laundering in $3.6 Billion Bitfinex Hack

A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack of cryptocurrency stock exchange Bitfinex, resulting in the theft of about 120,000 bitcoin. The development comes more than a year after Ilya Lichtenstein, 35, and his wife, Heather Morgan, 33, were arrested in February 2022, following the seizure of roughly 95,000 of the stolen

Malicious npm Packages Found Exfiltrating Sensitive Data from Developers

Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the "test" packages on July 31, 2023, said they "demonstrated increasing functionality and refinement," hours after which they were removed and re-uploaded under different