Cybersecurity Center

Cybersecurity News

  • Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel (Monday May 20, 2024)
    An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the moniker Void Manticore, which is also known as Storm-0842 (formerly DEV-0842) by (HackerNews)
  • Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (Monday May 20, 2024)
    Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands," Check Point said in a technical report. "This exploit has been used by multiple (HackerNews)
  • Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks (Monday May 20, 2024)
    All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make (HackerNews)
  • Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail (Monday May 20, 2024)
    A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro. "The presence of multiple malware variants suggests a broad cross-platform targeting (HackerNews)
  • Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns (Monday May 20, 2024)
    Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized JavaScript files that utilize WMI's ability to invoke msiexec.exe and install a remotely-hosted MSI (HackerNews)
  • Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam (Sunday May 19, 2024)
    The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign nationals have been "charged for leading a scheme (HackerNews)
  • Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide (Sunday May 19, 2024)
    The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South (HackerNews)
  • Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking (Friday May 17, 2024)
    The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining (HackerNews)
  • New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs (Friday May 17, 2024)
    A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber (HackerNews)
  • China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT (Friday May 17, 2024)
    Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes (HackerNews)
  • Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks (Friday May 17, 2024)
    The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between (HackerNews)
  • CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now (Friday May 17, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an (HackerNews)
  • New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (Thursday May 16, 2024)
    Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on (HackerNews)
  • North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (Thursday May 16, 2024)
    The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. "The threat actor created a Facebook account with a fake identity disguised as a public official working in the North Korean human rights field," South Korean cybersecurity company Genians (HackerNews)
  • Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines (Thursday May 16, 2024)
    Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. "The impacts enabled by these flaws are manifold: from the implant of ransomware on the ultrasound machine to the access and manipulation of (HackerNews)
  • Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks (Thursday May 16, 2024)
    The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware," the company said in a report published on May 15, 2024. The (HackerNews)
  • Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (Thursday May 16, 2024)
    Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris (HackerNews)
  • FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity (Wednesday May 15, 2024)
    Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the U.S. Federal Bureau of Investigation (FBI).  The operation is the (HackerNews)
  • Google Launches AI-Powered Theft and Data Protection Features for Android Devices (Wednesday May 15, 2024)
    Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft. These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding they are expected to be available via an update to Google Play services for devices running (HackerNews)
  • Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps (Wednesday May 15, 2024)
    Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their applications against malware. "Developers can check if there are other apps running that could be capturing the screen, creating (HackerNews)
  • Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions (Wednesday May 15, 2024)
    An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous (HackerNews)
  • (Cyber) Risk = Probability of Occurrence x Damage (Wednesday May 15, 2024)
    Here’s How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional metrics like safety and automation to address criticism of lacking granularity while (HackerNews)
  • Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years (Wednesday May 15, 2024)
    A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain. "Ebury actors have been pursuing monetization activities [...], (HackerNews)
  • It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure (Wednesday May 15, 2024)
    While cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure (HackerNews)
  • Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering (Wednesday May 15, 2024)
    A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was redacted in the verdict, it's known that Alexey Pertsev, a 31-year-old Russian national, had been awaiting trial in the Netherlands on money laundering charges. (HackerNews)
  • Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (Wednesday May 15, 2024)
    Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to 30 vulnerabilities& (HackerNews)
  • Patch Tuesday, May 2024 Edition (Tuesday May 14, 2024)
    Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw. (KrebsOnSecurity)
  • VMware Patches Severe Security Flaws in Workstation and Fusion Products (Tuesday May 14, 2024)
    Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and (HackerNews)
  • New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (Tuesday May 14, 2024)
    Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. Out-of-bounds write bugs could be typically (HackerNews)
  • Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code (Tuesday May 14, 2024)
    The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. The most severe of the vulnerabilities are listed below - CVE-2024-25641 (CVSS score: 9.1) - An arbitrary file write vulnerability in the "Package Import" feature that (HackerNews)
  • 6 Mistakes Organizations Make When Deploying Advanced Authentication (Tuesday May 14, 2024)
    Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying (HackerNews)
  • Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (Tuesday May 14, 2024)
    Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. "The incident involves a threat actor overwhelming a user's email with junk and calling the user, offering assistance," Rapid7 researchers Tyler McGraw, Thomas Elkins, and (HackerNews)
  • Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices (Tuesday May 14, 2024)
    Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent. "This will help mitigate the misuse of devices designed to help keep track of belongings," the companies said in a joint statement, adding it aims to address " (HackerNews)
  • MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices (Monday May 13, 2024)
    The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them," the non-profit said (HackerNews)
  • The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield (Monday May 13, 2024)
    With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational systems. Security leaders who are planning their security architecture (HackerNews)
  • How Did Authorities Identify the Alleged Lockbit Boss? (Monday May 13, 2024)
    Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how they connected him to Khoroshev. This post examines the activities of Khoroshev's many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. (KrebsOnSecurity)
  • SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike (Monday May 13, 2024)
    In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts (HackerNews)
  • Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries (Monday May 13, 2024)
    Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT (HackerNews)
  • Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia (Monday May 13, 2024)
    The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS (HackerNews)
  • Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo (Monday May 13, 2024)
    Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project's logo.  The package employing this steganographic trickery is requests-darwin-lite, which has been (HackerNews)
  • FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (Saturday May 11, 2024)
    The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. "The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall (HackerNews)
  • North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (Friday May 10, 2024)
    The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files," (HackerNews)
  • CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar) (Friday May 10, 2024)
    Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the future of cybersecurity defenses. During the session, Censys Security Researcher Aidan Holland will (HackerNews)
  • Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (Friday May 10, 2024)
    Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024. Use-after-free bugs, which arise when a program (HackerNews)
  • What's the Right EDR for You? (Friday May 10, 2024)
    A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint (HackerNews)
  • Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (Friday May 10, 2024)
    Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report. The (HackerNews)
  • Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models (Friday May 10, 2024)
    Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. "Once initial access was obtained, they exfiltrated cloud credentials and gained (HackerNews)
  • New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation (Thursday May 09, 2024)
    Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has (HackerNews)
  • Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign (Thursday May 09, 2024)
    Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer emergency response team, CERT Polska, said in a Wednesday bulletin. Clicking on the link (HackerNews)
  • New Guide: How to Scale Your vCISO Services Profitably (Thursday May 09, 2024)
    Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A vCISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business and bottom line. MSPs and MSSPs that expand their offerings and provide vCISO services (HackerNews)
  • Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (Thursday May 09, 2024)
    Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw, (HackerNews)
  • Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover (Thursday May 09, 2024)
    Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next (HackerNews)
  • U.S. Charges Russian Man as Boss of LockBit Ransomware Group (Tuesday May 07, 2024)
    The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang's leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. (KrebsOnSecurity)
  • Why Your VPN May Not Be As Secure As It Claims (Monday May 06, 2024)
    Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target's traffic off of the protection provided by their VPN without triggering any alerts to the user. (KrebsOnSecurity)
  • Man Who Mass-Extorted Psychotherapy Patients Gets Six Years (Tuesday April 30, 2024)
    A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. (KrebsOnSecurity)
  • FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data (Monday April 29, 2024)
    The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers -- including AT&T, Sprint, T-Mobile and Verizon -- for illegally sharing access to customers' location information without consent. (KrebsOnSecurity)
  • Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme (Monday April 22, 2024)
    The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps. (KrebsOnSecurity)
  • Who Stole 3.6M Tax Records from South Carolina? (Tuesday April 16, 2024)
    For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed. (KrebsOnSecurity)
  • Crickets from Chirp Systems in Smart Lock Key Leak (Monday April 15, 2024)
    The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. (KrebsOnSecurity)
  • Why CISA is Warning CISOs About a Breach at Sisense (Thursday April 11, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.