FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

β€˜Malicious Activity’ Hits the University of Cambridge’s Medical School

By Matt Burgess
Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the β€œmalicious activity.”

Chinese Hackers Charged in Decade-Long Global Spying Rampage

By Matt Burgess
US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You

By Bradley Anstis

For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their… Read more on Cisco Blogs

Apple Chip Flaw Leaks Secret Encryption Keys

By Andrew Couts
Plus: The Biden administration warns of nationwide attacks on US water systems, a new Russian wiper malware emerges, and China-linked hackers wage a global attack spree.

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

By Andy Greenberg
The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

Automakers Are Telling Your Insurance Company How You Really Drive

By Dell Cameron, Andrew Couts
Plus: The operator of a dark-web cryptocurrency β€œmixing” service is found guilty, and a US senator reveals that popular safes contain secret backdoors.

Russian Hackers Stole Microsoft Source Codeβ€”and the Attack Isn’t Over

By Dhruv Mehrotra, Andrew Couts
Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

By Dell Cameron
A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hackedβ€”and they want the company to take β€œimmediate action.”

Mitigating Lateral Movement with Zero Trust Access

By Andrew Akers

Security service edge (SSE) technology was created to protect remote and branch users with a unified, cloud-delivered security stack. To understand how SSE solutions protect organizations and their… Read more on Cisco Blogs

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

By Andy Greenberg
The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

The Privacy Danger Lurking in Push Notifications

By Andy Greenberg, Andrew Couts, Matt Burgess
Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure.

Here Come the AI Worms

By Matt Burgess
Security researchers created an AI worm in a test environment that can automatically spread between generative AI agentsβ€”potentially stealing data and sending spam emails along the way.

The Mysterious Case of the Missing Trump Trial Ransomware Leak

By Andy Greenberg
The notorious LockBit gang promised a Georgia court leak "that could affect the upcoming US election.” It didn't materializeβ€”but the story may not be over yet.

Here Are the Google and Microsoft Security Updates You Need Right Now

By Kate O'Flaherty
Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from February.

Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust

By Andy Greenberg
Two months ago, the FBI β€œdisrupted” the BlackCat ransomware group. They're already backβ€”and their latest attack is causing delays at pharmacies across the US.

How a Right-Wing Controversy Could Sabotage US Election Security

By Eric Geller
Republicans who run elections are split over whether to keep working with the Cybersecurity and Infrastructure Security Agency to fight hackers, online falsehoods, and polling-place threats.

A Mysterious Leak Exposed Chinese Hacking Secrets

By Matt Burgess
Plus: Scammers try to dupe Apple with 5,000 fake iPhones, Avast gets fined for selling browsing data, and researchers figure out how to clone fingerprints from your phone screen.

Apple iOS 17.4: iMessage Gets Post-Quantum Encryption in New Update

By Matt Burgess
Useful quantum computers aren’t a realityβ€”yet. But in one of the biggest deployments of post-quantum encryption so far, Apple is bringing the technology to iMessage.

Anne Neuberger, a Top White House Cyber Official, Sees the 'Promise and Peril' in AI

By Garrett M. Graff
Anne Neuberger, the Biden administration’s deputy national security adviser for cyber, tells WIRED about emerging cybersecurity threatsβ€”and what the US plans to do about them.

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

By Newsroom
North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint advisory published by Germany's Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service (NIS), the agencies said the goal of the attacks is to plunder advanced defense technologies in a "

Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

By The Hacker News
In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory.  When organizations have no response plan in place for such an

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

By Newsroom
Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel. Iran

Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor

By Newsroom
The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a

How to Not Get Scammed Out of $50,000

By Andrew Couts
Plus: State-backed hackers test out generative AI, the US takes down a major Russian military botnet, and 100 hospitals in Romania go offline amid a major ransomware attack.

RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers

By Newsroom
Multiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering information about the infected machines. It's

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

By The Hacker News
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023. Their study

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

By Newsroom
A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS. "The GoldPickaxe family is available for both iOS and Android platforms,"

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

By Newsroom
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server. "An attacker

Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

By Newsroom
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts made by five state-affiliated actors that used its

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

By Newsroom
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

By Newsroom
The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

By Newsroom
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to

PikaBot Resurfaces with Streamlined Code and Deceptive Tactics

By Newsroom
The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution." "Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos

The Hidden Injustice of Cyberattacks

By Nicole Tisdale
Cyberattacks and criminal scams can impact anyone. But communities of color and other marginalized groups are often disproportionately impacted and lack the support to better protect themselves.

Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

By The Hacker News
Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators

By Newsroom
The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and three others – were "used to sell computer malware used by cybercriminals to secretly access and steal data from victims' computers," the DoJ said. Alongside the takedown, the

How 3 Million β€˜Hacked’ Toothbrushes Became a Cyber Urban Legend

By Andy Greenberg, Dhruv Mehrotra
Plus: China’s Volt Typhoon hackers lurked in US systems for years, the Biden administration’s crackdown on spyware vendors ramps up, and a new pro-Beijing disinformation campaign gets exposed.

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

By The Hacker News
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work

I Stopped Using Passwords. It's Greatβ€”and a Total Mess

By Matt Burgess
Passkeys are here to replace passwords. When they work, it’s a seamless vision of the future. But don’t ditch your old logins just yet.

HijackLoader Evolves: Researchers Decode the Latest Evasion Methods

By Newsroom
The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver additional payloads and tooling. "The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe,"

After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back

By Newsroom
The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert data transfer system for other Chinese

Ransomware Payments Hit a Record $1.1 Billion in 2023

By Andy Greenberg
After a slowdown in payments to ransomware gangs in 2022, last year saw total ransom payouts jump to their highest level yet, according to a new report from crypto-tracing firm Chainalysis.

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

By Newsroom
The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been&

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

By Newsroom
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

By Newsroom
The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

By Newsroom
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week. Propagated via phishing mails, Mispadu is a Delphi-based information stealer

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

By Newsroom
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

By Newsroom
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. "We have revoked all security-related certificates and systems have been remediated or replaced

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

By Newsroom
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking

By Newsroom
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs

By Newsroom
An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime." Involving 60 law

The Mystery of the $400 Million FTX Heist May Have Been Solved

By Andy Greenberg
An indictment against three Americans suggests that at least some of the culprits behind the theft of an FTX crypto fortune may be in custody.

A Startup Allegedly β€˜Hacked the World.’ Then Came the Censorshipβ€”and Now the Backlash

By Andy Greenberg
A loose coalition of anti-censorship voices is working to highlight reports of one Indian company’s hacker-for-hire pastβ€”and the legal threats aimed at making them disappear.

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

By Newsroom
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security

Why the Right Metrics Matter When it Comes to Vulnerability Management

By The Hacker News
How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how do you know it’s working? And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to

U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers

By Newsroom
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at

Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware

By Newsroom
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and

Apple and Google Just Patched Their First Zero-Day Flaws of the Year

By Kate O'Flaherty
Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

By Newsroom
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused

Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives

By Newsroom
A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and seizure warrants in the states of SΓ£o Paulo, Santa Catarina, ParΓ‘, GoiΓ‘s, and Mato Grosso. Slovak cybersecurity firm ESET, which provided additional
❌