Lending firm LoanDepot said the personal information of 16.9 million individuals was stolen in a ransomware attack in early January 2024.
Patients having trouble getting lifesaving meds have the AlphV crime group to thank.
The idea is simple; take advantage of the typos that people make when they enter email addresses. If we positioned ourselves in between the sender of an email (be it a person or a system) and the legitimate recipient, we may be able to capture plenty of information about the business, including personally identifiable information, email verification processes, etc. This scenario is effectively a Person-in-the-Middle (PiTM), but for email communications.
German chancellor promises probe after leak of officers discussing the supply of long-range missiles.
Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DDoS attacks and the specifics of the evolution of the C2 servers. It also provides an overview of the country and sectors targeted by the group for 2024.
Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.
GitHub keeps removing malware-laced repositories, but thousands remain.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets.
Dans la plupart des cas, les attaquants n’ont pas tenté d’aller plus loin, sauf quelques exceptions. Il s’agissait vraisemblablement pour les attaquants de mettre d’abord un premier pied chez leur cible.
Based upon the authoring organizations’ observations during incident response activities and available industry reporting, as supplemented by CISA’s research findings, the authoring organizations recommend that the safest course of action for network defenders is to assume a sophisticated threat actor may deploy rootkit level persistence on a device that has been reset and lay dormant for an arbitrary amount of time. For example, as outlined in PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure), sophisticated actors may remain silent on compromised networks for long periods. The authoring organizations strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment.
Discover our TDR team's revelations about Predator spyware: its C2 infrastructure and list of countries still using its cyber espionage tool.
Learn how the threat actor Savvy Seahorse Facebook ads to lure users to fake investment platforms and leverages DNS to allow their attacks to persist for years.
This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment.
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
In a memo to employees sent Tuesday evening, Sundar Pichai vowed to make structural changes to address the issues found in Gemini’s racially inaccurate images.
Warning of North Korean cyber threats targeting the Defense Sector
On 26 February, EDRi and its partners Global Witness, Gesellschaft für Freiheitsrechte and Bits of Freedom have submitted a complaint to the European Commission regarding a potential infringement of the Digital Services Act (DSA).
Specifically, we have raised concerns that LinkedIn, a designated Very Large Online Platform (VLOP) under the DSA, infringes the DSA’s new prohibition of targeting online adverts based on profiling using sensitive categories of personal data such as sexuality, political opinions, or race.
Guardio Labs uncovers a sprawling campaign of subdomain hijacking, compromising already over 8,000 domains from esteemed brands and institutions, including MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, eBay and others. This malicious activity, dubbed “SubdoMailing”, leverages the trust associated with these domains to circulate spam and malicious phishing emails by the Millions each day, cunningly using their credibility and stolen resources to slip past security measures.
In our detailed analysis, we disclose how we detected this extensive subdomain hijacking effort, its mechanisms, its unprecedented scale and the main threat actor behind it. Furthermore, we developedthe “SubdoMailing” checker — a website designed to empower domain owners to reclaim control over their compromised assets and shield themselves against such pervasive threats. This report not only sheds light on the magnitude of the issue but also serves as a call to action for enhancing domain security against future exploits.
Elastic Security Labs observed new PIKABOT campaigns, including an updated version. PIKABOT is a widely deployed loader malicious actors utilize to distribute additional payloads.
