Google said it has been contacted by several major U.S. companies recently who discovered that they unknowingly hired North Koreans using fake identities for remote IT roles.

McAfee Labs recently observed an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer. We are observing a campaign targeting multiple countries. Below is a map showing the geolocation of devices accessing fake CAPTCHA URLs, highlighting the global distribution of the attack.

Le système informatique du Canton tourne au ralenti depuis mardi, mais il n’y a aucun risque pour les données de l’État. L’attaque est toujours en cours.

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.

Kryptina's adoption by Mallox affiliates complicates malware tracking as ransomware operators blend different codebases into new variants.

• Kryptina evolved from a free tool on public forums to being actively used in enterprise attacks, particularly under the Mallox ransomware family.
• In May 2024, a Mallox affiliate leaked staging server data, revealing that their Linux ransomware was based on a modified version of Kryptina.
• The affiliate made superficial changes to source code and documentation, stripping Kryptina branding but retaining core functionality.
• The adoption of Kryptina by Mallox affiliates exemplifies the commoditization of ransomware tools, complicating malware tracking as affiliates blend different codebases into new variants.
• This original research was presented by the author at LABScon 2024 in Scottsdale, Arizona.

The U.S. intelligence community on Monday said Russia is responsible for recent videos shared on social media that sought to denigrate Vice President Kamala Harris, including one that tried to implicate her in a hit-and-run accident.

Spy agencies also assess that Russian influence actors were responsible for altering videos of the vice president's speeches — behavior consistent with Moscow’s broader efforts to boost former President Donald Trump’s candidacy and disparage Harris and the Democratic Party, an official with the Office of the Director of National Intelligence said during a press briefing.

North Korea's IT workforce presents a persistent and escalating cyber threat.

Back in May, I started tracking Handala, a hacktivist branded group expressing pro-Palestine views:

In an update to its privacy policy, Telegram says it will now share IP addresses and phone numbers to authorities in response to valid orders. The change is a dramatic switch for the social network app, which has become a hotbed for criminals.

Legitimate emails with bad practices and an insecure website add insult to injury.

The hacking group's X account shared videos comparing Xi Jinping to an emperor and others commemorating the 1989 Tiananmen Square demonstrations.

Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel.

German authorities sent a loud and clear message to criminal users of the exchanges: We found their servers and have your data — see you soon.

• At least two threat groups identified, one of which Netcraft can link to customs tax and postal scams carried out earlier this year.
• Up to 10,000 potential victims identified visiting this group’s phishing websites between June 19 and August 23.
• At least 2,000 form submissions, indicating how much personal data has been extracted from victims, including payment information.
• Evidence suggesting the group is running activity across Europe, including France, Germany, Italy, and Switzerland.

Investigators reported 483 000 victims worldwide, who had attempted to regain access to their phones and been phished in the process. The victims are mainly Spanish-speaking nationals from European, North American and South American countries.The successful operation took place thanks to international cooperation between law enforcement and judiciary authorities from Spain, Argentina, Chile, Colombia, Ecuador and Peru.The action week took...

• Affected chipsets: MT6890, MT7915, MT7916, MT7981, MT7986, MT7622
• Affected software: SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02

• Restrictions apply only to official devices, not personal phones
• Telegram heavily used in Ukraine and Russia since 2022 invasion
• Budanov: Issue of Telegram is a matter of national security

Learn more about GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10 for GitLab Community Edition (CE) and Enterprise Edition (EE).

Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.

Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.

Aaron Costello and Dan Meged, of the AppOmni and Adaptive Shield security shops respectively, separately published their findings this week, concluding that pages set to "private" could still be read by tinkering with a ServiceNow customer's KB widgets.

These widgets are essentially containers of information used to construct the pages in KB articles. These can include page elements that allow users to leave feedback on articles, either through star ratings or comments, for example.