Last month, I received an alarming email from someone I did not know: Rui Zhu, a Ph.D. candidate at Indiana University Bloomington. Mr. Zhu had my email address, he explained, because GPT-3.5 Turbo, one of the latest and most robust large language models (L.L.M.) from OpenAI, had delivered it to him.
Une cyberattaque d’ampleur a paralysé des dizaines de milliers de stations services en Iran. Derrière l’attaque, de nombreuses hypothèses circulent sur l’origine de ces pirates.
Google is apparently struggling to contain a spam attack that's been ongoing for days.
Google’s search results have been hit by a spam attack for the past few days in what can only be described as completely out of control. Many domains are ranking for hundreds of thousands of keywords each, an indication that the scale of this attack could easily reach into the millions of keyword phrases.
Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.
I monitor (in an amateur, clueless way) ransomware groups in my spare time, to see what intelligence can be gained from looking at victim orgs and what went wrong.
Basically, I’m a giant big dork with too much free time.
I’ve discovered two organisations with ransomware incidents, where the entry point appears to have been Exchange Server 2013 with Outlook Web Access enabled, where all available security updates were applied.
he Donald W. Wyatt Detention Facility says the data of 2,000 inmates, staff, and vendors was stolen in a cyberattack.
ThreatFabric discovers a new variant of the Chameleon banking trojan distributed via Zombinder with features to bypass any biometric authentication.
Overview Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybe...
German law enforcement takes down dark web giant "Kingdom Market," specializing in narcotics and malware sales to tens of thousands of users.
Beware of phishing emails with invoice-themed attachments! Attackers are using an old Office vulnerability (CVE-2017-11882) to spread the Agent Tesla
MuddyC2Go framework and custom keylogger used in attack campaign.
Iranian espionage group Seedworm (aka Muddywater) has been targeting organizations operating in the telecommunications sector in Egypt, Sudan, and Tanzania.
Seedworm has been active since at least 2017, and has targeted organizations in many countries, though it is most strongly associated with attacks on organizations in the Middle East. It has been publicly stated that Seedworm is a cyberespionage group that is believed to be a subordinate part of Iran’s Ministry of Intelligence and Security (MOIS).
At least 6000 computer systems have been impacted by the Ukrainian Blackjack-led Russian water utility cyberattack.
Judge says hacker remains a high risk through his skills and motivation to carry out cyber crime.
Operation HAECHI IV emphasizes the key role of INTERPOL in enabling police worldwide to address the growing complexity of cyber-enabled scams
ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack.
Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.
The Rhysida ransomware gang publishes 98 per cent of leaked data minutes after the ransom deadline passes – Wolverine game files included.
Qakbot, a versatile malware threat, returned after a takedown in August. The new campaign targets the hospitality industry with IRS-themed phishing emails containing malicious PDFs. Microsoft identified the attack, offering two IP addresses for blocking and a way to detect the malware's digital signature.
Our open-source vulnerability impact scoring system is now available and enhances incident response capabilities. Here's how VISS is unique.
DanaBot is a sophisticated banking trojan targeting financial institutions and their customers. Now, a new global campaign has put more users at risk.
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.
Data for almost 36 million customers now in the hands of unknown hackers.
Le site vitrine de la franchise Alphv/BlackCat affiche désormais un message indiquant qu’il a été saisi par les autorités. Mais une vitrine alternative est en ligne, mais le coup est très sérieux.
The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception, including networks that support U.S. critical infrastructure.
The FBI says it has released a decryption tool allowing hundreds of ALPHV/BlackCat victims to restore their scrambled files.
The U.S.-based owner of apparel brands including Vans, Supreme and The North Face says it cannot fulfill customer orders after a cyberattack.
Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.
Reconstructing the Attack from a 4th party collector’s point of view
Hamid Kashfi
[Update: December 18th, 2023]: On 18th December, Predator Sparrows launched a second
attack against the fuel distribution system in Iran, similar to their previous operation in 2021.
Since 2021, Iranian officials or third-party security vendors have not published any analysis or
technical details about the original attack, which is not unusual. Their screenshots from the
latest attacks provide some clues that only confirm our previous work, indicating connections to
the “Yaas Arghavani” company, a VSAT and POS service provider for the fuel distribution
system. The following is an old draft from December 2021, which I wrote for peer eyes rather
than public view. The original draft focused on the first attack against the fuel distribution
system. Still, some remarks remain valid and relevant to the recent attack on 18 Dec 2023, as
little has changed regarding how the system works. The same infrastructure, same suppliers,
and same 3rd party vendors, so we are likely just talking about a different attack vector and
entry point from the previous case. I will probably draft a new note about the recent attack from
scratch soon and when more details are gathered rather than updating the old speculative work.
Since it appeared in July 2022, Play ransomware has launched devastating attacks on municipalities and critical infrastructure, agencies said.
Introducing a novel technique for e-mail spoofing
UK-based cybersecurity firm Sophos this week announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life (EOL).
The critical-severity flaw, tracked as CVE-2022-3236, was found to impact versions 19.0 MR1 (19.0.1) and older of the product. It was originally patched in September 2022, but only in supported versions of Sophos Firewall.
Sophos describes the security defect as a code injection issue in the Firewall’s User Portal and Webadmin components, allowing attackers to achieve remote code execution (RCE).
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
The Apache Struts group is pleased to announce that Apache Struts version 6.3.0.2 is available as a “General Availability” release. The GA designation is our highest quality grade.
The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework has been designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time.
This version addresses a potential security vulnerability identified as CVE-2023-50164 and described in S2-066 - please read the mentioned security bulletins for more details. This is a drop-in replacement and upgrade should be straightforward.
Hackers tied to Russian military take responsibility for hack on Ukraine's biggest provider.
