Apr 17 2024 Hugely expanded Section 702 surveillance powers set for US Senate vote

Apr 17 2024 Kremlin-backed actors spread disinformation ahead of US elections

Source

Enlarge (credit: da-kuk/Getty ) Kremlin-backed actors have stepped up efforts to interfere with the US presidential election by planting disinformation and false narratives on social media and fake news sites, analysts with Microsoft reported Wednesday. The analysts have identified several unique influence-peddling groups affiliated with the Russian government seeking …

Apr 17 2024 SoumniBot malware exploits Android bugs to evade detection

Source

A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. [...]

Apr 17 2024 Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks

Source

In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities. [...]

Apr 17 2024 FIN7 targets American automaker’s IT staff in phishing attacks

Source

The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. [...]

Apr 17 2024 Kremlin's Sandworm blamed for cyberattacks on US, European water utilities

Source

Water tank overflowed during one system malfunction, says Mandiant The Russian military's notorious Sandworm crew was likely behind cyberattacks on US and European water plants that, in at least one case, caused a tank to overflow.... [...]

Apr 17 2024 Moldovan charged for operating botnet used to push ransomware

Source

The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States. [...]

Apr 17 2024 How the unique culture of security at AWS makes a difference

Source

Our customers depend on Amazon Web Services (AWS) for their mission-critical applications and most sensitive data. Every day, the world’s fastest-growing startups, largest enterprises, and most trusted governmental organizations are choosing AWS as the place to run their technology infrastructure. They choose us because security has been our …

Apr 17 2024 Cisco discloses root escalation flaw with public exploit code

Source

Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root. [...]

Apr 17 2024 Russian Sandworm hackers pose as hacktivists in water utility breaches

Source

The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. [...]

Apr 17 2024 Exploit code for Palo Alto Networks zero-day now public

Source

Race on to patch as researchers warn of mass exploitation of directory traversal bug Various infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways.... [...]

Apr 17 2024 Multiple botnets exploiting one-year-old TP-Link flaw to hack routers

Source

At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. [...]

Apr 17 2024 Using AI-Generated Legislative Amendments as a Delaying Technique

Source

Canadian legislators proposed 19,600 amendments —almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hacker’s Mind, but this is a new one. [...]

Apr 17 2024 OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories

Source

While some other LLMs appear to flat-out suck AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.... [...]

Apr 17 2024 UK e-visa rollout starts today for millions: no more physical immigration cards

Source

Starting today, millions living in the UK will receive email invitations to sign up for an e-visa account that will replace their physical immigration documents like Biometric Residence Permits (BRPs). The move is, according to the Home Office, "a key step in creating a modernised and digital border." [...]

Apr 17 2024 Japanese government rejects Yahoo! infosec improvement plan

Source

Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app Japan's government has considered the proposed security improvements developed by Yahoo !, found them wanting, and ordered the onetime web giant to take new measures.... [...]

Apr 17 2024 Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack

Source

Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more Cisco is fighting fires on a couple cybersecurity fronts this week involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services.... [...]

Apr 16 2024 T-Mobile, Verizon workers get texts offering $300 for SIM swaps

Source

Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps. [...]

Apr 16 2024 Cerebral to pay $7 million settlement in Facebook pixel data leak case

Source

The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. [...]

Apr 16 2024 Attackers are pummeling networks around the world with millions of login attempts

Source

Enlarge (credit: Matejmo | Getty Images) Cisco’s Talos security team is warning of a large-scale credential compromise campaign that’s indiscriminately assailing networks with login attempts aimed at gaining unauthorized access to VPN, SSH, and web application accounts. The login attempts use both generic usernames and valid usernames targeted …

Apr 16 2024 MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time

Source

What a twist! MGM Resorts wants the FTC to halt a probe into last year's ransomware infection at the mega casino chain – because the watchdog's boss Lina Khan was a guest at one of its hotels during the cyberattack, apparently.... [...]

Apr 16 2024 Ivanti warns of critical flaws in its Avalanche MDM solution

Source

Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. [...]

Apr 16 2024 Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

Source

Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. [...]

Apr 16 2024 Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto

Source

No prizes for guessing the victims A Nebraska man will appear in court today to face charges related to allegations that he defrauded cloud service providers of more than $3.5 million in a long-running cryptojacking scheme.... [...]

Apr 16 2024 Cisco warns of large-scale brute-force attacks against VPN services

Source

Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. [...]

Apr 16 2024 SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work

Source

No breach responsible for employee contact info getting out, says T-Mo T-Mobile US employees say they are being sent text messages that offer them cash to perform illegal SIM swaps for supposed criminals.... [...]

Apr 16 2024 PuTTY SSH client flaw allows recovery of cryptographic private keys

Source

A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. [...]

Apr 16 2024 UnitedHealth: Change Healthcare cyberattack caused $872 million loss

Source

UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. [...]

Apr 16 2024 Open sourcerers say suspected xz-style attacks continue to target maintainers

Source

Social engineering patterns spotted across range of popular projects Open source groups are warning the community about a wave of ongoing attacks targeting project maintainers similar to those that led to the recent attempted backdooring of a core Linux library.... [...]

Apr 16 2024 How to make your web apps resistant to social engineering

Source

There are things that you can do to make your web apps more resistant to social engineering. Learn more from Outpost24 on securing your web applications. [...]

Apr 16 2024 Why the US government’s overreliance on Microsoft is a big problem

Source

Enlarge (credit: Joan Cros via Getty ) When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company. Despite the angst among policymakers, security experts, and competitors, Microsoft …

Apr 16 2024 Change Healthcare’s ransomware attack costs edge toward $1B so far

Source

First glimpse at attack financials reveals huge pain UnitedHealth, parent company of ransomware-besieged Change Healthcare, says the total costs of tending to the February cyberattack for the first calendar quarter of 2024 currently stands at $872 million.... [...]

Apr 16 2024 Who Stole 3.6M Tax Records from South Carolina?

Source

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may …

Apr 16 2024 X.com Automatically Changing Link Text but Not URLs

Source

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if …

Apr 16 2024 Google location tracking deal could be derailed by politics

Source

$62 million settlement plan challenged over payments to progressive nonprofits Google's plan to pay $62 million to settle allegations that it tracked people even when their Location History setting was switched off may have to be renegotiated based on several objections.... [...]

Apr 15 2024 CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Source

Hard-coded credentials last thing you want in home security app Some smart locks controlled by Chirp Systems' software can be remotely unlocked by strangers thanks to a critical security vulnerability.... [...]

Apr 15 2024 Ransomware gang starts leaking alleged stolen Change Healthcare data

Source

The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. [...]

Apr 15 2024 New SteganoAmor attacks use steganography to target 320 orgs globally

Source

A new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems. [...]

Apr 15 2024 Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M

Source

Enlarge (credit: Getty Images) Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providers—one based in Seattle and the other in Redmond, Washington—out of $3.5 million. The indictment, filed in US District Court for the Eastern District of …

Apr 15 2024 Microsoft will limit Exchange Online bulk emails to fight spam

Source

Microsoft has announced plans to fight spam by imposing a daily Exchange Online bulk email limit of 2,000 external recipients starting January 2025. [...]

Apr 15 2024 Crypto miner arrested for skipping on $3.5 million in cloud server bills

Source

The U.S. Department of Justice has announced the arrest and indictment of Charles O. Parks III, known as "CP3O," for allegedly renting large numbers of cloud servers to conduct crypto mining and then skipping out on paying the bills. [...]

Apr 15 2024 Winter 2023 SOC 1 report now available in Japanese, Korean, and Spanish

Source

Japanese | Korean | Spanish We continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs at Amazon Web Services (AWS). We are pleased to announce that for the first time an AWS System and Organization Controls (SOC) 1 report is …

Apr 15 2024 Chipmaker Nexperia confirms breach after ransomware gang leaks data

Source

Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data. [...]

Apr 15 2024 Roku makes 2FA mandatory for all after nearly 600K accounts pwned

Source

Streamer says access came via credential stuffing Streaming giant Roku is making 2FA mandatory after attackers accessed around 591,000 customer accounts earlier this year.... [...]

Apr 15 2024 Daixin ransomware gang claims attack on Omni Hotels

Source

The Daixin Team ransomware gang claimed a recent cyberattack on Omni Hotels & Resorts and is now threatening to publish customers' sensitive information if a ransom is not paid. [...]

Apr 15 2024 Cisco Duo warns third-party data breach exposed SMS MFA logs

Source

Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider. [...]

Apr 15 2024 Crickets from Chirp Systems in Smart Lock Key Leak

Source

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical …

Apr 15 2024 Google Cloud offers new AI, cybersecurity, and data analytics training to unlock job opportunities

Source

Google Cloud is on a mission to help everyone build the skills they need for in-demand cloud jobs. Today, we're excited to announce new learning opportunities that will help you gain these in-demand skills through new courses and certificates in AI, data analytics, and cybersecurity. Even better, we’re …

Apr 15 2024 Delinea Secret Server customers should apply latest patches

Source

Attackers could nab an org's most sensitive keys if left unaddressed Updated Customers of Delinea's Secret Server are being urged to upgrade their installations "immediately" after a researcher claimed a critical vulnerability could allow attackers to gain admin-level access.... [...]

Apr 15 2024 Accelerate security automation using Amazon CodeWhisperer

Source

In an ever-changing security landscape, teams must be able to quickly remediate security risks. Many organizations look for ways to automate the remediation of security findings that are currently handled manually. Amazon CodeWhisperer is an artificial intelligence (AI) coding companion that generates real-time, single-line or full-function code suggestions in …