This blog post seeks to draw out some high-level trends and anomalies based on our ongoing tracking of QakBot command and control (C2) infrastructure. By looking at the data with a broader scope, we hope to supplement other research into this particular threat family, which in general focuses on specific infrastructure elements; e.g., daily alerting on active C2 servers.
Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype
A vulnerability (CVE-2023-32784) in KeePass can be exploited to retrieve the master password from the software's memory.
The vulnerability was assigned CVE-2023-32784. It should be fixed in KeePass 2.54, which should come out in ~July 2023. Thanks again to Dominik Reichl for his fast response and creative fix!
Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised.
Attacker activity in Microsoft Azure that we attribute to a financially motivated threat actor.
Comme d’autres médias, «Le Temps» a été sommé par CH Media et la NZZ, via leurs avocats, de ne publier aucune information confidentielle liée à la cyberattaque subie. En Suisse alémanique, deux médias ont dû modifier des articles en ligne
Highlights: CloudGuard Spectrals detected malicious extensions on the VSCode marketplace Users installing these extensions were enabling attackers to
Fake hardware cryptowallet, and how bitcoins were stolen from it.
Today, the FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its…
An unusual attack/phishing campaign delivering malware while using meme-filled code and complex obfuscation methods continues dropping Xworm payloads for the last few months and is still ongoing today.
A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks.
Weeks after breach of college chain Atid servers, hacker group Sharp Boys puts stolen information up for sale and releases additional data of students; Atid: ‘These are Iranian hackers, and most of the materials are outdated’
The former executive sued ByteDance, which owns TikTok, for wrongful termination and accused the company of lifting content from rivals and “supreme access” by the Chinese Communist Party.
It was October 2021 and the staff at Johnson Memorial Health were hoping they could finally catch their breaths. They were just coming out of a weeks-long surge of COVID hospitalizations and deaths, fueled by the Delta variant.
The time for attackers to respond to known vulnerabilities is shrinking. See an example of an attacker using sample code.
The Akamai Security Intelligence Group (SIG) has been analyzing attack attempt activity following the announcement of a critical vulnerability in a WordPress custom fields plug-in affecting more than 2 million sites.
Exploiting this vulnerability could lead to a reflected cross-site scripting (XSS) attack, in which malicious code is injected into a victim site and pushed to its visitors.
On May 4, 2023, the WP Engine team announced the security fix in version 6.1.6, including sample exploit code as a proof of concept (PoC).
Starting on May 6, less than 48 hours after the announcement, the SIG observed significant attack attempt activity, scanning for vulnerable sites using the sample code provided in the technical write-up.
This highlights that the response time for attackers is rapidly decreasing, increasing the need for vigorous and prompt patch management.
Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released a patch in March 2023.
Les directrices et directeurs du numérique des cantons latins ont décidé d’agir de concert en matière de souveraine
Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations.
