Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

Microsoft says the early June disruptions to its Microsoft’s flagship office suite — including the Outlook email apps — were denial-of-service attacks by a shadowy new hacktivist group. In a blog post published Friday evening after The Associated Press sought clarification on the sporadic but serious outages, Microsoft confirmed that that they were DDoS attacks by a group calling itself Anonymous Sudan, which some security researchers believe is Russia-affiliated. The software giant offered few details on the attack. It did not comment on how many customers were affected.

The vulnerability — now fixed — was discovered in a cloud-based system that allows customers to remotely manage their security alarm systems.

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

Top U.S. cybersecurity officials confirmed Thursday that several federal agencies have been impacted by cyberattacks on the widely used MOVEit file transfer tool.

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly told reporters that her team and the FBI are working to provide assistance to federal agencies that used MOVEit, which is being exploited by the Russia-based Clop ransomware gang in a widespread breach that appears to have compromised dozens of entities.

“We’ve been working closely with Progress Software [which makes MOVEit], the FBI and our federal partners to understand its prevalence within federal agencies,” she said. Earlier in the day, CNN first reported that several government agencies were compromised in the hacks. Easterly said that CISA is providing support to “several agencies that have experienced intrusions of their MOVEit applications.”

Mandiant is investigating a Barracuda ESG appliance zero-day vulnerability being exploited in the wild.

Russian national Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Department for allegedly deploying LockBit ransomware on the networks of victims in the United States and abroad.

VulnCheck discovers a network of fake security researcher accounts promoting hidden malware.

The hackers responsible for exploiting a flaw to target users of a popular file transfer tool has begun listing victims of the mass-attacks

Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message.

Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.

The commercial attack tool’s use by bad actors has faded after an initial flurry, while Cobalt Strike remains the go-to post-exploitation tool for many.

The Swiss government is under DDoS attacks, but several ransomware gangs have also turned their sights on other Swiss organizations.

Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.

Affected Platforms: FortiOS
Impacted Users: Targeted at government, manufacturing, and critical infrastructure
Impact: Data loss and OS and file corruption
Severity Level: Critical

Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with several other SSL-VPN related fixes. This blog adds context to that advisory, providing our customers with additional details to help them make informed, risk-based decisions, and provides our perspective relative to recent events involving malicious actor activity.

When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy of the bug itself. Details were scarce and guesswork was rife.

On May 31, 2023, Progress Software disclosed a critical SQL injection vulnerability that was later assigned CVE-2023-34362. Rapid7 has observed exploitation in…

Regime has trained cybercriminals to impersonate tech workers or employers, amid other schemes

Oil giant Shell said it is investigating after a security researcher found an exposed internal database spilling the personal information of drivers who use the company’s electric vehicle charging stations.

Les CFF et le canton d'Argovie sont à leur tour concernés par la cyberattaque qui a touché la société informatique bernoise Xplain. Des données ont été volées, ont indiqué l'entreprise ferroviaire et le canton.

Une fuite a entraîné le vol des données, ont confirmé dimanche les CFF, suite à un article de la NZZ am Sonntag. De leur côté, les autorités argoviennes font savoir qu'"un petit volume de données opérationnelles liées à des protocoles d'erreur qui étaient analysées chez Xplain" est concerné par la fuite, ainsi que "de la correspondance commerciale".