Cybersecurity Center

Cybersecurity News

  • Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks (Friday July 05, 2024)
    Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity. (HackerNews)
  • OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers (Friday July 05, 2024)
    French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020. The 840 Mpps DDoS attack is said to have been a combination of a TCP (HackerNews)
  • Blueprint for Success: Implementing a CTEM Operation (Friday July 05, 2024)
    The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you’ve clicked on this article, there’s a good chance you’re looking for solutions to manage this risk. In 2022, a new framework was coined by Gartner (HackerNews)
  • GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks (Friday July 05, 2024)
    The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason said in an analysis published last week. "While some of the particulars of GootLoader payloads have (HackerNews)
  • Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies (Friday July 05, 2024)
    The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024. This includes references to "https://cdn.polyfill[.]io" or "https://cdn.polyfill[.]com" in their HTTP responses, the attack (HackerNews)
  • New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks (Friday July 05, 2024)
    Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control (C2) servers ("ootheca[.]pw" and "ootheca[.]top"). "Functionally, Zergeca is not just a typical DDoS botnet; besides supporting six (HackerNews)
  • Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus (Thursday July 04, 2024)
    Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. "The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device," security researcher (HackerNews)
  • Brazil Halts Meta's AI Data Processing Amid Privacy Concerns (Thursday July 04, 2024)
    Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to (HackerNews)
  • Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike (Thursday July 04, 2024)
    A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike.  The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690 IP addresses that were flagged to (HackerNews)
  • Twilio's Authy App Breach Exposes Millions of Phone Numbers (Thursday July 04, 2024)
    Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named ShinyHunters (HackerNews)
  • The Not-So-Secret Network Access Broker x999xx (Wednesday July 03, 2024)
    Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is "x999xx," the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups. (KrebsOnSecurity)
  • The Emerging Role of AI in Open-Source Intelligence (Wednesday July 03, 2024)
    Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but are also finding that the exponential growth of digital data in recent years has overwhelmed many traditional OSINT (HackerNews)
  • Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool (Wednesday July 03, 2024)
    Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S. "MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems," Fortinet FortiGuard (HackerNews)
  • FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks (Wednesday July 03, 2024)
    The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. "FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif," the company said in a Tuesday analysis. Drive-by attacks (HackerNews)
  • Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks (Wednesday July 03, 2024)
    Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver. The campaign, believed to be highly targeted in nature, "leverage target-specific infrastructure and custom WordPress websites as a payload delivery mechanism, but affect a variety of entities across unrelated verticals, and rely on (HackerNews)
  • South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware (Wednesday July 03, 2024)
    An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel, a sub-cluster within the (HackerNews)
  • How MFA Failures are Fueling a 500% Surge in Ransomware Losses (Tuesday July 02, 2024)
    The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from (HackerNews)
  • New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data (Tuesday July 02, 2024)
    Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be exploited to leak sensitive information from the processors. The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, leverages shortcomings identified in Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB (HackerNews)
  • Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny (Tuesday July 02, 2024)
    Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the company's "pay or consent" advertising model is in contravention of the Digital Markets Act (DMA). (HackerNews)
  • Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (Tuesday July 02, 2024)
    A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected (HackerNews)
  • Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights (Tuesday July 02, 2024)
    An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them," the Australian Federal Police (AFP) said in a press (HackerNews)
  • Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks (Monday July 01, 2024)
    A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and (HackerNews)
  • CapraRAT Spyware Disguised as Popular Apps Threatens Android Users (Monday July 01, 2024)
    The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion targeting mobile gamers, weapons enthusiasts, and TikTok fans," SentinelOne security researcher Alex (HackerNews)
  • Indian Software Firm's Products Hacked to Spread Data-Stealing Malware (Monday July 01, 2024)
    Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply chain compromise on June 18, 2024. The issue has since been remediated by Conceptworld as of June 24 (HackerNews)
  • End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities (Monday July 01, 2024)
    At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research, 93% of organizations had two or more identity-related breaches in the past year. It is clear that we (HackerNews)
  • New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems (Monday July 01, 2024)
    OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections (HackerNews)
  • Juniper Networks Releases Critical Security Update for Routers (Monday July 01, 2024)
    Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor (HackerNews)
  • Google to Block Entrust Certificates in Chrome Starting November 2024 (Saturday June 29, 2024)
    Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust (HackerNews)
  • Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data (Friday June 28, 2024)
    The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather email addresses, usernames, (HackerNews)
  • GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (Friday June 28, 2024)
    GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the (HackerNews)
  • 8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining (Friday June 28, 2024)
    Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms," Trend Micro researchers Ahmed (HackerNews)
  • Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors (Friday June 28, 2024)
    The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS.  SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem (HackerNews)
  • New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities (Friday June 28, 2024)
    A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker (HackerNews)
  • Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment (Friday June 28, 2024)
    Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior. According to operational technology (OT) security firm Claroty, the (HackerNews)
  • TeamViewer Detects Security Breach in Corporate IT Environment (Friday June 28, 2024)
    TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures," the company said in a statement. It further noted that its corporate IT (HackerNews)
  • Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads (Thursday June 27, 2024)
    The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates (HackerNews)
  • The Secrets of Hidden AI Training on Your Data (Thursday June 27, 2024)
    While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable, providing seamless experiences from collaboration and communication to work management and (HackerNews)
  • Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks (Thursday June 27, 2024)
    Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary (HackerNews)
  • How to Use Python to Build Secure Blockchain Applications (Thursday June 27, 2024)
    Did you know it’s now possible to build blockchain applications, known also as decentralized applications (or “dApps” for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an all-in-one development toolkit for Algorand, enables developers to build blockchain applications in pure (HackerNews)
  • Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion (Thursday June 27, 2024)
    A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian (HackerNews)
  • Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application (Thursday June 27, 2024)
    A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. "An SQL injection vulnerability in (HackerNews)
  • Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP! (Wednesday June 26, 2024)
    A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.6, and& (HackerNews)
  • Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (Wednesday June 26, 2024)
    Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean (HackerNews)
  • Practical Guidance For Securing Your Software Supply Chain (Wednesday June 26, 2024)
    The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude. For example, look no (HackerNews)
  • Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (Wednesday June 26, 2024)
    Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. "When your headphones are seeking a connection request to one of your previously (HackerNews)
  • New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites (Wednesday June 26, 2024)
    Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information.  According to Sucuri, the latest campaign entails making malicious modifications to the (HackerNews)
  • New Medusa Android Trojan Targets Banking Users Across 7 Countries (Wednesday June 26, 2024)
    Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity firm Cleafy said in an analysis (HackerNews)
  • Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (Wednesday June 26, 2024)
    Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites."Protecting our users is our top priority. We detected a security issue recently that may affect websites using certain third-party libraries," the company said in a (HackerNews)
  • New Attack Technique Exploits Microsoft Management Console Files (Tuesday June 25, 2024)
    Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware (HackerNews)
  • How to Cut Costs with a Browser Security Platform (Tuesday June 25, 2024)
    Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do not protect from internal data exfiltration, like employees pasting sensitive data to ChatGPT. As it (HackerNews)
  • New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks (Tuesday June 25, 2024)
    A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries since at least 2022," Group-IB researchers Rustam Mirkasymov and Martijn van den Berk said in a (HackerNews)
  • KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO (Thursday June 20, 2024)
    On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity. (KrebsOnSecurity)
  • Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested (Saturday June 15, 2024)
    A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. (KrebsOnSecurity)
  • Patch Tuesday, June 2024 “Recall” Edition (Tuesday June 11, 2024)
    Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default. (KrebsOnSecurity)
  • ‘Operation Endgame’ Hits Malware Delivery Platforms (Thursday May 30, 2024)
    Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware "droppers" or "loaders" like IcedID, Smokeloader and Trickbot. (KrebsOnSecurity)
  • Is Your Computer Part of ‘The Largest Botnet Ever?’ (Wednesday May 29, 2024)
    The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various "free VPN" products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. (KrebsOnSecurity)
  • Treasury Sanctions Creators of 911 S5 Proxy Botnet (Tuesday May 28, 2024)
    The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later. (KrebsOnSecurity)
  • Stark Industries Solutions: An Iron Hammer in the Cloud (Thursday May 23, 2024)
    Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia. (KrebsOnSecurity)
  • Why Your Wi-Fi Router Doubles as an Apple AirTag (Tuesday May 21, 2024)
    Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally -- including non-Apple devices like Starlink systems -- and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. (KrebsOnSecurity)
  • Patch Tuesday, May 2024 Edition (Tuesday May 14, 2024)
    Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.