Category: Security

New SuperBlack ransomware exploits Fortinet auth bypass flaws A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. […] Bill Toulas Go to bleepingcomputer

Juniper patches bug that let Chinese cyberspies backdoor routers ​Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. […] Sergiu Gatlan Go to bleepingcomputer

Facebook discloses FreeType 2 flaw exploited in attacks Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. […] Bill Toulas Go to bleepingcomputer

CISA: Medusa ransomware hit over 300 critical infrastructure orgs CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. […] Sergiu Gatlan Go to bleepingcomputer

Garantex crypto exchange admin arrested while on vacation Indian authorities arrested Aleksej Besciokov, the co-founder and one of the administrators of the Russian Garantex crypto-exchange while vacationing with his family in Varkala, India. […] Sergiu Gatlan Go to bleepingcomputer

X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. […] Lawrence Abrams Go to bleepingcomputer

US govt says Americans lost record $12.5 billion to fraud in 2024 The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year. […] Sergiu Gatlan Go to bleepingcomputer

FTC will send $25.5 million to victims of tech support scams ​Later this week, the Federal Trade Commission (FTC) will start distributing over $25.5 million in refunds to those misled by tech support companies Restoro and Reimage’s scare tactics. […] Sergiu Gatlan Go to bleepingcomputer

US cities warn of wave of unpaid parking phishing texts US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city’s parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. […] Lawrence Abrams Go to bleepingcomputer

Developer guilty of using kill switch to sabotage employer’s systems A software developer has been found guilty of sabotaging his ex-employer’s systems by running custom malware and installing a “kill switch” after being demoted at the company. […] Lawrence Abrams Go to bleepingcomputer

YouTubers extorted via copyright strikes to spread malware Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos. […] Bill Toulas Go to bleepingcomputer

Unpatched Edimax IP camera flaw actively exploited in botnet attacks A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. […] Bill Toulas Go to bleepingcomputer

Employee charged with stealing unreleased movies, sharing them online A Memphis man was arrested and charged with stealing DVDs and Blu-ray discs of unreleased movies and sharing ripped digital copies online before their release. […] Sergiu Gatlan Go to bleepingcomputer

US charges Garantex admins with money laundering, sanctions violations The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions. […] Sergiu Gatlan Go to bleepingcomputer

Data breach at Japanese telecom giant NTT hits 18,000 companies Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. […] Bill Toulas Go to bleepingcomputer

Ransomware gang encrypted network from a webcam to bypass EDR The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. […] Bill Toulas Go to bleepingcomputer

Cybercrime ‘crew’ stole $635,000 in Taylor Swift concert tickets New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. […] Sergiu Gatlan Go to bleepingcomputer

US charges Chinese hackers linked to critical infrastructure breaches The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. […] Sergiu Gatlan Go to bleepingcomputer

YouTube warns of AI-generated video of its CEO used in phishing attacks YouTube warns that scammers are using an AI-generated video featuring the company’s CEO in phishing attacks to steal creators’ credentials. […] Sergiu Gatlan Go to bleepingcomputer

Fake BianLian ransom notes mailed to US CEOs in postal mail scam Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. […] Lawrence Abrams Go to bleepingcomputer

Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. […] Lawrence Abrams Go to bleepingcomputer

New Eleven11bot botnet infects 86,000 devices for DDoS attacks A new botnet malware named ‘Eleven11bot’ has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. […] Bill Toulas Go to bleepingcomputer

Cisco warns of Webex for BroadWorks flaw exposing credentials Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. […] Sergiu Gatlan Go to bleepingcomputer

Rubrik rotates authentication keys after log server breach Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. […] Lawrence Abrams Go to bleepingcomputer

New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. […] Lawrence Abrams Go to bleepingcomputer

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. […] Bill Toulas Go to bleepingcomputer

Qilin ransomware claims attack at Lee Enterprises, leaks stolen data The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. […] Bill Toulas Go to bleepingcomputer

Police arrests suspects tied to AI-generated CSAM distribution ring Law enforcement agencies from 19 countries have arrested 25 suspects linked to a criminal ring that was distributing child sexual abuse material (CSAM) generated using artificial intelligence (AI). […] Sergiu Gatlan Go to bleepingcomputer

Over 49,000 misconfigured building access systems exposed online Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors. […] Bill Toulas Go to bleepingcomputer

Belgium probes if Chinese hackers breached its intelligence service ​The Belgian federal prosecutor’s office is investigating whether Chinese hackers were behind a breach of the country’s State Security Service (VSSE). […] Sergiu Gatlan Go to bleepingcomputer

Southern Water says Black Basta ransomware attack cost £4.5M in expenses United Kingdom water supplier Southern Water has disclosed that it incurred costs of £4.5 million ($5.7M) due to a cyberattack it suffered in February 2024. […] Bill Toulas Go to bleepingcomputer

GrassCall malware campaign drains crypto wallets via fake job interviews A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious “GrassCall” meeting app that installs information-stealing malware to steal cryptocurrency wallets. […] Lawrence Abrams Go to bleepingcomputer

VSCode extensions with 9 million installs pulled over security risks Microsoft has removed two popular VSCode extensions, ‘Material Theme – Free’ and  ‘Material Theme Icons – Free,’ from the Visual Studio Marketplace for allegedly containing malicious code. […] Bill Toulas Go to bleepingcomputer

PyPi package with 100K installs pirated music from Deezer for years A malicious PyPi package named ‘automslc’  has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. […] Bill Toulas Go to bleepingcomputer

Have I Been Pwned adds 284M accounts stolen by infostealer malware ​The Have I Been Pwned data breach notification service has added over 284 million accounts stolen by information stealer malware and found on a Telegram channel. […] Sergiu Gatlan Go to bleepingcomputer

OpenAI bans ChatGPT accounts used by North Korean hackers OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. […] Sergiu Gatlan Go to bleepingcomputer

Russia warns financial sector of major IT service provider hack Russia’s National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country’s credit and financial sector about a breach at LANIT, a major Russian IT service and software provider. […] Bill Toulas Go to bleepingcomputer

Botnet targets Basic Auth in Microsoft 365 password spray attacks A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, attempting to confirm credentials. […] Bill Toulas Go to bleepingcomputer

Beware: PayPal “New Address” feature abused to send phishing emails An ongoing PayPal email scam exploits the platform’s address settings to send fake purchase notifications, tricking users into granting remote access to scammers […] Lawrence Abrams Go to bleepingcomputer

CISA flags Craft CMS code injection flaw as exploited in attacks The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. […] Bill Toulas Go to bleepingcomputer

Black Basta ransomware gang’s internal chat logs leak online An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers use custom malware to spy on US telecom networks The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. […] Bill Toulas Go to bleepingcomputer

Integrating LLMs into security operations using Wazuh Large Language Models (LLMs) can provide many benefits to security professionals by helping them analyze logs, detect phishing attacks, or offering threat intelligence. Learn from Wazuh how to incorporate an LLM, like ChatGPT, into its open source security platform. […] Sponsored by Wazuh Go to bleepingcomputer

New NailaoLocker ransomware used against EU healthcare orgs A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. […] Bill Toulas Go to bleepingcomputer

CISA and FBI: Ghost ransomware breached orgs in 70 countries CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. […] Sergiu Gatlan Go to bleepingcomputer

Phishing attack hides JavaScript using invisible Unicode trick A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC). […] Bill Toulas Go to bleepingcomputer

Venture capital giant Insight Partners hit by cyberattack New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers abuse Microsoft APP-v tool to evade antivirus The Chinese APT hacking group “Mustang Panda” has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. […] Bill Toulas Go to bleepingcomputer

Chase will soon block Zelle payments to sellers on social media JPMorgan Chase Bank (Chase) will soon start blocking Zelle payments to social media contacts to combat a significant rise in online scams utilizing the service for fraud. […] Sergiu Gatlan Go to bleepingcomputer

New FinalDraft malware abuses Outlook mail service for stealthy comms A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. […] Bill Toulas Go to bleepingcomputer

Microsoft: Hackers steal emails in device code phishing attacks An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. […] Bill Toulas Go to bleepingcomputer

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. […] Bill Toulas Go to bleepingcomputer

SonicWall firewall bug leveraged in attacks after PoC exploit release Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. […] Sergiu Gatlan Go to bleepingcomputer

PostgreSQL flaw exploited as zero-day in BeyondTrust breach ​Rapid7’s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers breach more US telecoms via unpatched Cisco routers China’s Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. […] Sergiu Gatlan Go to bleepingcomputer

Hacker leaks account data of 12 million Zacks Investment users Zacks Investment Research (Zacks) last year reportedly suffered another data breach that exposed sensitive information related to roughly 12 million accounts. […] Bill Toulas Go to bleepingcomputer

Chinese espionage tools deployed in RA World ransomware attack A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. […] Bill Toulas Go to bleepingcomputer

Surge in attacks exploiting old ThinkPHP and ownCloud flaws Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023. […] Bill Toulas Go to bleepingcomputer