Attackers roamed the systems of Avis Car Rental, a major car rental service provider, for several days, accessing data of nearly 300,000 individuals.
Malicious actors breached Avis systems on August 3rd and roamed inside the system for three days until the company secured its networks.
The company’s data breach notification letter, submitted to the Maine Attorney General’s Office, states that Avis discovered the breach on August 5th, indicating it took at least one day to kick the malicious actors out.
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.
One of Russia’s most prominent pro-democracy organisations, the Free Russia Foundation, announced that it was investigating a potential cyberattack on Friday, following a leak of thousands of emails and documents related to its work.
This post is about sandbox evasion techniques and their usefulness in more targeted engagements.
There's a lot of sandbox evasion techniques, some are simple: query WMI, some are cool: parsing SMBIOS tables, most try to detect sandbox artifacts. I wanted to know if these techniques are still effective for detecting sandboxes, or if the sandboxes have since been updated to counter them.
The Swiss do not seem to be particularly good at separating truth from lies, according to a study by the Organisation for Economic Co-operation and Development (OECD).
The Truth Quest Survey involved 40,765 participants in 21 countries. The 1,531 participants from Switzerland came third from last. Only Colombia and Brazil did worse. The US and France were also in the bottom third of the international comparison. By contrast, the best results were achieved by participants from Finland, the UK and Norway.
Intellexa’s Predator spyware infrastructure re-emerges after sanctions. Learn how this mercenary spyware is evolving, targeting high-profile individuals, and what defensive measures can be taken.
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.
An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make…
The hackers were working with a unit in the Russian Main Intelligence Directorate, according to the DOJ.
Cybersecurity experts uncover the infamous Lummac Stealer malware, disguised as an OnlyFans "Checker" tool, targeting hackers.
Ontinue Cyber Defenders have observed an uptick in activities related to the LummaC2 infostealer being used as a Malware-as-a-Service.
SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.
Thousands of records belonging to Confidant Health exposed on a non-password-protected database, including ID, insurance, medicaid cards, and more.
U.S. seizes 32 Russian propaganda domains influencing U.S. elections, targets Kremlin-backed disinformation efforts.
Criminals are impersonating MyLowesLife, Lowes' HR portal for current and former employees.
In early July 2024, the Sentinel Labs researchers released an extensive article1 about “FIN7 reboot” tooling, notably introducing “AvNeutralizer”, an anti-EDR tool. This tool has been found in the wild as a packed payload.
In this article, we offer a thorough analysis of the associated private packer that we named “PackXOR”, as well as an unpacking tool. Additionally, while investigating the packer usage, we determined that PackXOR might not be exclusively leveraged by FIN7.
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
FIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is primarily known for targeting the U.S. retail, restaurant, and hospitality sectors since mid-2015.
There is a critical vulnerability in the LiteSpeed Cache plugin - Unauth Account Takeover in < 6.5.0.1 affecting 5+ millions of sites.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.
