The FBI has warned that North Korean IT worker schemes are stealing data to extort their victims as part of efforts to generate revenue for the Democratic People’s Republic of Korea (DPRK). The US intelligence agency confirmed it has observed North Korean IT workers engaging in this tactic over recent months. This involves exfiltrating stolen
A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the
A new report by Recorded Future has revealed new elements about the sophisticated techniques by which a well-known Russian crypto scamming group operates. The group, Crazy Evil, is a collective of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages – commonly called a ‘traffer team.’ Since 2021, the group has been
Jan 24, 2025Ravie LakshmananTelecom Security / Vulnerability A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span
Amazon’s cloud branch, Amazon Web Services (AWS), is launching a £5m ($6.2m) grant to help strengthen the cybersecurity capabilities of educational institutions across the UK. According to a January 24 announcement, the AWS UK Cyber Education Grant Program aims to enhance security capabilities in UK educational institutions, advance ransomware protection, upskill the IT workforce in
The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this dependence on SaaS solutions
Threat actors have been actively exploiting chained vulnerabilities in Ivanti Cloud Service Appliances (CSA), significantly amplifying the impact of their cyber-attacks. The vulnerabilities—CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380—were leveraged in September 2024 to breach systems, execute remote code (RCE), steal credentials and deploy webshells on victim networks. Exploiting Chained Vulnerabilities According to a joint advisory from
Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of controls to reduce risk while
A cyber espionage operation targeting South Korean VPN software was conducted in 2023 by a previously undocumented advanced persistent threat (APT) group, PlushDaemon. According to new research by ESET, the attack involved the compromise of legitimate VPN installer files, embedding a malicious backdoor called SlowStepper alongside the original software. ESET reported that the malware-infected installer
Jan 22, 2025The Hacker NewsRisk Assessment / Browser Security As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not
A significant botnet campaign leveraging a new variant of the infamous Mirai malware, dubbed Murdoc_Botnet, has been observed targeting AVTECH cameras and Huawei HG532 routers, exploiting known vulnerabilities to infect devices and establish a vast network for malicious activities. Identified by researchers at Qualys, the Murdoc_Botnet campaign uses exploits such as CVE-2024-7029 and CVE-2017-17215 to
A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and
Hewlett Packard Enterprise (HPE) has launched an investigation into claims by prominent hacker, IntelBroker, who alleges to have stolen sensitive data from the tech giant. The hacker announced on January 16 on BreachForums that they are selling files purportedly taken from HPE systems. The data allegedly includes source code for products like Zerto and iLO, private
Jan 20, 2025Ravie Lakshmanan As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing
Russian nation-state group Star Blizzard has been targeting WhatsApp accounts, with the group shifting its focus following a law enforcement takedown of its infrastructure. Microsoft Threat Intelligence observed Star Blizzard undertake a social engineering campaign in mid-November 2024. This new campaign aimed to compromise the WhatsApp accounts of individuals working in government and other policy-related
Jan 19, 2025Ravie LakshmananSocial Media / Data Privacy Popular video-sharing social network TikTok has officially gone dark in the United States, 2025, as a federal ban on the app comes into effect on January 19, 2025. “We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make
Notorious North Korea state-sponsored Lazarus group is targeting software developers in an ongoing campaign, researchers from SecurityScorecard have revealed. The campaign, dubbed ‘Operation 99’, was identified on January 9. It is designed to steal sensitive data from developer environments, including source code, secrets and configuration files and cryptocurrency wallet keys. The researchers said the campaign
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. “People’s Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including
Latest action by the US Supreme Court has inched social media giant TikTok towards an outright ban in the US unless the platform is sold to a US firm. On January 17, the US Supreme Court rejected a free speech challenge filed by ByteDance, the Chinese owner of TikTok, over a bill requiring ByteDance
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access, protecting data, maintaining compliance across
Real estate scams have been rising across the Middle East as scammers exploit the trust associated with online listings and the urgency often felt when securing a property. With the increasing use of digital platforms for property searches, many users skip essential verification steps, leaving them vulnerable to fraudsters. Group-IB’s latest analysis, published today, highlights
Jan 16, 2025Ravie LakshmananEndpoint Security / Ransomware Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated
A new initiative aimed at improving collaboration on artificial intelligence (AI) cybersecurity across critical infrastructure has been introduced by the Cybersecurity and Infrastructure Security Agency (CISA) in the US. The JCDC AI Cybersecurity Collaboration Playbook provides detailed guidance for AI developers, providers and adopters on voluntarily sharing cybersecurity information with CISA and its Joint Cyber
Jan 15, 2025Ravie LakshmananMalware / Threat Intelligence The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a “multi-month law enforcement operation.” PlugX, also known as Korplug, is a remote access trojan (RAT)
The Biden-Harris Administration has introduced a new Interim Final Rule on Artificial Intelligence Diffusion aimed at enhancing US national security and preventing the misuse of advanced US technology by countries of concern. The rule strengthens protections against misuse of advanced AI technologies by countries of concern. Measures defined in the new rule include: Continuing restrictions on
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect
A cyber-espionage campaign targeting diplomatic entities in Kazakhstan and Central Asia has been linked to the Russia-aligned intrusion setUAC-0063. According to recent findings by cybersecurity firm Sekoia, the campaign involved weaponized Microsoft Word documents designed to deliver HatVibe and CherrySpy malware, collecting strategic intelligence on Kazakhstan’s diplomatic and economic relations. Infection Chain and Malware Analysis Sekoia’s
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). “This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment details,” Sucuri
US dental and medical billing firm Medusind is notifying over 360,000 customers that their personal, financial and medical data may have been accessed by a cybercriminal actor. The breach relates to a cyber incident that took place back on December 29, 2023, and was discovered later the same day. After taking affected systems offline, Medusind
Jan 11, 2025Ravie LakshmananFinancial Crime / Cryptocurrency The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the Netherlands’ Financial Intelligence and Investigative Service,