A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections.
#ADFS #Account #Computer #InfoSec #Lateral #MFA #Microsoft #Notification #Phishing #Push #Security #Takeover

Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate.
#Account #Canada #Car #Computer #Hacking #InfoSec #Japan #Security #Starlink #Subaru #Takeover #USA

Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface for web documents.

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key.

Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.
#Apple #Computer #InfoSec #Integrity #Microsoft #Protection #SIP #Security #System #Vulnerability #macOS

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.

​Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.

Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.

Apple's macOS has been under siege in 2024 as malware-as-a-service platforms and AI-driven threats make the year a turning point for Mac security.

Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.

The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the emails appear trustworthy and bypassing email security platforms.

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

The FreeBSD Foundation has released an extensive security audit of two critical FreeBSD components: bhyve and Capsicum.

T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests.

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.

A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers.

Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.

Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted.

Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server.