Two foreign nationals pleaded guilty today to participating in the LockBit ransomware group—at various times the most prolific ransomware variant in the world—and to deploying LockBit attacks against victims in the United States and worldwide.
An operation labeled TAG-100 by Insikt Group researchers deploys two types of backdoor malware — SparkRAT and Pantegana — that have only been spotted in limited ways previously.
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.
Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system.
Trello Data Breach: Trello, a project management tool developed by Atlassian, has experienced a data breach, exposing sensitive user information
Police seize millions in illegal assets, including cryptocurrencies and luxury items
Actors are masquerading as hacktivists targeting AI-centric communities with commodity malware and customized LockBit payloads.
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
This research explores how FIN7 has adopted automated attack methods and developed defense evasion techniques previously unseen in the wild.
Company says it is unable to identify specific individuals affected by one of the largest breaches in Australian history
Germany's top security official says the country will bar the use of critical components made by Chinese companies Huawei and ZTE in core parts of its 5G networks in two steps starting in 2026.
An information-stealing script embedded in a Python package on the popular repository PyPI appears to be connected to a cybercriminal operation based in Iraq, according to researchers at Checkmarx.
11.07.2024 - At the end of June 2024, cybercriminals spread the malware "Poseidon Stealer" in German-speaking Switzerland by email, using AGOV as a lure with the aim of infecting computers with the macOS operating system. The NCSC has now produced and published a brief technical analysis of the malware.
#news
Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as
The FBI announced on Monday it had successfully gained access to the phone used by Thomas Matthew Crooks, the suspected shooter in the attempted assassination of former President Donald Trump.
On patch Tuesday last week, Microsoft released an update for CVE-2024-38112, which they said was being exploited in the wild. We at the Trend Micro Zero Day Initiative (ZDI) agree with them because that’s what we told them back in May when we detected this exploit in the wild and reported it to Microsoft. However, you may notice that no one from Trend or ZDI was acknowledged by Microsoft. This case has become a microcosm of the problems with coordinated vulnerability disclosure (CVD) as vendors push for coordinated disclosure from researchers but rarely practice any coordination regarding the fix. This lack of transparency from vendors often leaves researchers who practice CVD with more questions than answers.
Russian cybersecurity firm, Kaspersky Lab, has told workers in its U.S.-based division that they are being laid off this week and that it is closing its U.S. business, according to several sources. The sudden move comes after the U.S. Commerce Department announced last month that it was banning the sale of Kaspersky software in the U.S. beginning July 20. The company has been selling its software here since 2005.
A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped—but some risks may remain.
Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences.
This page is designed to gather a timeline of the Doppelganger operation with a few elements gathered from different reports.
