A cyber-espionage campaign targeting diplomatic entities in Kazakhstan and Central Asia has been linked to the Russia-aligned intrusion setUAC-0063. According to recent findings by cybersecurity firm Sekoia, the campaign involved weaponized Microsoft Word documents designed to deliver HatVibe and CherrySpy malware, collecting strategic intelligence on Kazakhstan’s diplomatic and economic relations. Infection Chain and Malware Analysis Sekoia’s
admin
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). “This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment details,” Sucuri
US dental and medical billing firm Medusind is notifying over 360,000 customers that their personal, financial and medical data may have been accessed by a cybercriminal actor. The breach relates to a cyber incident that took place back on December 29, 2023, and was discovered later the same day. After taking affected systems offline, Medusind
Jan 11, 2025Ravie LakshmananFinancial Crime / Cryptocurrency The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the Netherlands’ Financial Intelligence and Investigative Service,
A large-scale cyber-attack originating from outside Slovakia’s borders has hit the information system of the Office of Geodesy, Cartography and Cadastre of the Slovak Republic (UGKK). The UGKK is used by the cadastral departments to record and manage information about land and property. All systems have been shut down as a response to the incident.
Jan 11, 2025Ravie LakshmananAI Security / Cybersecurity Microsoft has revealed that it’s pursuing legal action against a “foreign-based threat–actor group” for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant’s Digital Crimes Unit (DCU) said it has
Cybercriminals are impersonating CrowdStrike recruiters to distribute a cryptominer on victim devices. CrowdStrike said it identified phishing campaign exploiting its recruitment branding on January 7. The campaign starts with a phishing email, which purports to part of the cybersecurity firm’s recruitment process. The email invites the target to schedule an interview for a junior developer
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks. These devices often lack robust
A prolonged cyber-attack campaign targeting Japanese organizations and individuals since 2019 has been attributed to the China-linked threat actor MirrorFace, also known as Earth Kasha, by Japan’s National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC). The attacks aimed to steal sensitive information related to Japan’s national security
Jan 09, 2025Ravie LakshmananVulnerability / Threat Intelligence Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the
The US has launched a Cyber Trust Mark for Internet of Things (IoT) devices, enabling consumers to easily assess the cybersecurity standards of such products when making purchasing decisions. Consumer smart device manufacturers that qualify for the Cyber Trust Mark will soon able to display a trademarked, distinct shield logo on their products. This will
Jan 08, 2025Ravie LakshmananMalware / Vulnerability A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey,
Moxa has identified two critical security vulnerabilities in its cellular routers, secure routers and network security appliances that could pose significant risks if left unaddressed. The first vulnerability, CVE-2024-9138, involves hard-coded credentials that could allow authenticated users to escalate their privileges to root-level access, enabling system compromise, unauthorized modifications, data exposure and service disruptions. The second, CVE-2024-9140,
Jan 07, 2025Ravie LakshmananCyber Attack / Hacking Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute
A supply chain attack targeting key components of the Ethereum development ecosystem has affected the Nomic Foundation and Hardhat platforms. The attackers infiltrated the ecosystem using malicious npm packages, exfiltrating sensitive data such as private keys, mnemonics and configuration files. Attack Details and Methodology This attack, discovered by Socket, involves the distribution of 20 malicious
Jan 04, 2025Ravie LakshmananCyber Espionage / IoT Botnet The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as
The co-founder and former CEO of a cryptocurrency business has been extradited to the US to face fraud charges. South Korean national Do Hyeong Kwon, 33, appeared in a Manhattan court on Thursday after being extradited from Montenegro on Tuesday. Between 2018 and 2022, he is accused of defrauding investors in Terraform cryptocurrencies, resulting in
Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It
The US government has issued sanctions against a China-based cybersecurity company for its involvement in a large-scale botnet targeting American organizations, including critical infrastructure. Beijing-based Integrity Technology Group has been accused of playing a role in multiple computer intrusion incidents that have been attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has
Jan 04, 2025Ravie LakshmananMalware / VPN Security Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google’s Managed Defense team, shares functional overlaps with a known remote administration tool referred to
Atos Group has refuted a recent claim by ransomware group Space Bears that the firm’s database had been compromised by the threat actors. In a statement issued on January 3, the French IT giant said that the allegations made by Space Bears were unfounded. “No infrastructure managed by Atos was breached, no source code accessed,
Jan 03, 2025Ravie LakshmananWindows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday
The US government has published plans to update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, in a bid to address surging healthcare data breaches. The proposed rule would require all health plans, healthcare clearing houses and healthcare providers to implement enhanced security measures for individuals’ protected health information (PHI). The
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a
A series of high-profile compromises targeting popular open source packages have been uncovered, exposing the growing risk of malicious code infiltration in widely used software tools. Threat actors implanted cryptomining malware in packages associated with rspack, a JavaScript bundler, and vant, a Vue UI library for mobile web apps. Together, these tools see hundreds of
Dec 31, 2024Ravie LakshmananData Security / Privacy The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. “This final rule is
A series of critical vulnerabilities affecting the widely used WPLMS and VibeBP plugins for WordPress have been identified by security researchers. These plugins are essential components of the WPLMS premium LMS theme, which counts over 28,000 sales. They are primarily used for creating online courses, managing students and selling educational content. The vulnerabilities, now patched,
Dec 31, 2025Ravie LakshmananVulnerability / Incident Response The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to
More than two-thirds (69%) of UK small and medium enterprises (SMEs) lack a cybersecurity policy, according to figures from specialist insurance firm Markel Direct. The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies. This included 43% admitting that their employees are not trained on best practices and
Dec 29, 2025Ravie LakshmananEndpoint Protection / Browser Security A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used
- 1
- 2
- 3
- …
- 139
- Next Page »