A recently detected vulnerability affecting Flux, a popular continuous delivery (CD) tool for Kubernetes, would reportedly allow tenants to sabotage the activities of “neighbors” who use the same infrastructure outside of their own facilities. Flux is an open and extensible CD solution to keep Kubernetes clusters in sync with configuration sources, and is used by […]
Specialists from the security firm NCC Group developed a tool capable of deploying relay attacks against Bluetooth Low Energy (BLE), which would allow bypassing any existing protection in the target system, authenticating without any problem. This technology is used in all kinds of products, including smartphones, laptops, access control systems, and even in Tesla Model […]
Researchers from SEC Consult Vulnerability Lab reported the detection of a sandbox breakout vulnerability present in some Konica Minolta bizhub multifunctional models. Detected in late 2019, successful exploitation of this flaw would have given attackers full read/write access to the device’s operating system, in addition to root access to stored data. Threat actors could have […]
The U.S. Department of Justice (DOJ) has accused a British citizen of stealing money from investor accounts after hacking into email servers and computers in banks and brokerage houses, committing bank fraud for more than $5 million USD. In the complaint, a total of 10 charges were filed against Idris Dayo Mustapha, accusing him of […]
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that’s offered on sale for “dirt cheap” prices, making it accessible to professional cybercriminal groups and novice actors alike. “Unlike the well-funded, massive Russian threat groups crafting custom malware […], this remote access Trojan (RAT) appears to be […]
Technology firm QNAP has asked its users to disable the AFP file service protocol in its network-attached storage (NAS) deployments on a temporary basis while fixing some critical vulnerabilities in Netatalk, which allows *NIX/*BSD systems to act as an AppleShare file server for macOS system users. Researchers from NCC Group managed to exploit one of […]
A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog, and JollyFrog, Slovak cybersecurity firm ESET […]
In an attempt to identify and track down six Russian GRU hackers who are members of the notorious Sandworm hacking group, the U.S. government is offering a reward of up to $10 million. The U.S. government stated:- “We are offering this bounty as part of the Department of State’s Rewards for Justice program as part […]
Camfecting doesn’t ‘just’ invade your privacy – it could seriously impact your mental health and wellbeing. Here’s how to keep an eye on your laptop camera.
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency said the infection sequence begins with an email containing a […]
An operation coordinated by Europol led to the seizure of RaidForums, one of the largest hacking forums in the world, in addition to the arrest of its main administrator. Operation TOURNIQUET, involving agents from law enforcement in the U.S. and Europe, cut short this cybercriminal infrastructure, dedicated to the purchase and sale of hacking tools, […]
Engineering firm Aethon announced the correction of various vulnerabilities in its Tug hospital robots whose exploitation would allow threat actors to take remote control of compromised devices. These flaws, identified as JekyllBot:5, can be exploited without administrator interaction and the successful attack could even disrupt the proper functioning of critical medical devices. Aethon has been […]
The FIN7 hacking group was deemed to be responsible for the sentence of a Ukrainian national. Denys Iarmak, 32, was sentenced to five years in prison for working as a penetration tester for the FIN7 company as was recently announced by the US Department of Justice (DoJ). The FIN7 aka Carbanak is active since 2013, […]
A previously undocumented “sophisticated” information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. “BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients,” Zscaler ThreatLabz researchers Mitesh Wani and Kaivalya Khursale […]
Malware-as-a-service is becoming one of the greatest contributors to cyberattacks since it makes entry for cybercriminals extremely easier. This is because most of the hacking forums are selling malware, trojans, and viruses which are being leveraged by many hackers. In recent reports by Zscaler researchers, a new type of sophisticated credential stealer malware was found […]
Information security reports indicate that Ronin, the blockchain behind the popular NFT game ‘Axie Infinity’, was the target of a cyberattack that led to the theft of some $625 million USD in cryptocurrency. According to developer Sky Mavis, the incident occurred on March 23, but was discovered until today when a user tried unsuccessfully to […]
Cisco Talos researchers reported detecting a new hacking campaign by the group identified as Transparent Tribe and targeting government organizations in India. Active at least since mid-2021, this campaign is based on the use of fraudulent web domains that pose as official Indian government platforms for the delivery of malicious payloads, a tactic associated with […]
The New York Department of Education has confirmed that the personal information of up to 820,000 former and current students in the city’s public schools was exposed due to the cyberattack against an academic assistance firm contracted by some local governments in the U.S. According to the authorities, Illuminate Education, the affected firm, works deceptively […]
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. “The malicious activity represents one of the first public examples […]
In an unusual incident, British authorities have accused a 16-year-old boy of being one of the leaders of the dangerous hacking group Lapsus$. The young man was also identified by hackers and investigators, who mention that he would have managed to obtain up to $ 14 million USD as part of his cybercriminal operations. London […]
The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. “The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed […]