The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
Une famille chinoise a acquis en 2018 une auberge donnant vue sur l'aérodrome militaire. Les services secrets ont mis la main dessus grâce à des touristes en 2023.
Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader.
On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate.
In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.
Two individuals behind the Anonymous Sudan cybercriminal group were indicted by the U.S. Department of Justice, which acknowledged AWS for its contributions.
The United States Department of Justice (DOJ) recently announced the takedown of Anonymous Sudan, a prolific entity in the distributed denial-of-service (DDoS) space who are known especially for their politically motivated hacktivism. This takedown is a huge step toward making the internet a safer place, and it required significant effort from multiple parties, including Akamai.
A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.
Austrian security authorities have identified a Swiss man as the suspect in a series of emails containing bomb threats.
A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
GCHQ's National Cyber Security Centre (NCSC) is rolling out a free service that will help protect schools from connecting to malicious internet domains.
It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild.
This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s
At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.
Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.
MITRE’s AI Incident Sharing initiative helps organizations receive and hand out data on real-world AI incidents.
Non-profit technology and R&D company MITRE has introduced a new mechanism that enables organizations to share intelligence on real-world AI-related incidents.
Shaped in collaboration with over 15 companies, the new AI Incident Sharing initiative aims to increase community knowledge of threats and defenses involving AI-enabled systems.
The iPhone Mirroring feature in macOS Sequoia and iOS 18 may expose employees’ private applications to corporate IT environments.
Gamers searching for game cheats are falling victim to a global malware campaign delivering RedLine Stealer.
App swears there’s no way for law enforcement to track users’ identities.
48-page report citing Ars Technica urges FTC, FCC investigate connected TV data harvesting. Gen AI, potentially racially discrimniatory practices head concerns.
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.
