n Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network. The impacted systems were all using default passwords. Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database.
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.
A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files.
The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously documented by Black Hills Information Security in 2022, Trend Micro said in a report.
The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used by various governments worldwide.
BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers.
12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.
Cyber criminals claim to have successfully attacked Medion, a distributor of electronic products.
A shell-shocked owner woke to find a barrage of one-star reviews had dragged her Google rating from 4.9 to 2.3 virtually overnight.
Threat actors sponsored by China “compromised” government networks over the past five years and collected valuable information, says a new report from Canada’s cyber spy agency.
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.
A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware.
The Akamai Security Intelligence Research Team (SIRT) noticed this activity in their honeypots on November 18, 2024.
The vulnerability was originally discovered by Ta-Lun Yen and a CVE identifier has been requested by the Akamai SIRT.
The malware is a Mirai variant that has been modified to use improved encryption algorithms.
We have included a list of indicators of compromise (IoCs) in this blog post to assist in defense against this threat.
NotLockBit is a new and emerging ransomware family that actively mimics the behavior and tactics of the well-known LockBit ransomware.
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
In the dynamic and rapidly shifting landscape of hacktivism, few entities have managed to capture as much attention as NoName057(16). Once branded as the
Google Calendar is a tool for organizing schedules and managing time, designed to assist individuals and businesses in planning their days efficiently.
Introduction Telegram, as previously reported by KELA, is a popular and legitimate messaging platform that has evolved in the past few years into a major platform for cybercriminal activities. Its lack of strict content moderation has made the platform cybercriminals’ playground. They use the platform for distribution of stolen data and hacking tools, publicizing their […]
A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar
IntelBroker has leaked 2.9 Gb of data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total.
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.
China's ICCs reshape global propaganda via targeted messaging, social media, and influence networks to amplify the Communist Party's voice globally.
Chinese social media platforms like WeChat, Douyin, Zhihu, Xiaohongshu, and Weibo now required popular users’ legal names to be made visible to the public.
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from…
Today, the Commission has opened formal proceedings against TikTok for a suspected breach of the DSA in relation to TikTok's obligation to properly assess and mitigate systemic risks linked to election integrity, notably in the context of the recent Romanian presidential elections on 24 November.
Il n’aurait jamais dû faire ce footing dans la capitale. Explications.
Apple rejects requests for a copy of a Harris campaign staffer's iPhone.
ConnectOnCall.com, LLC provides a product (“ConnectOnCall”) that healthcare providers purchase to improve their after-hours call process and enhance communications between the providers and their patients. ConnectOnCall discovered an incident that involved personal information related to communications between patients and healthcare providers that use ConnectOnCall.
On May 12, 2024, ConnectOnCall learned of an issue impacting ConnectOnCall and immediately began an investigation and took steps to secure the product and ensure the overall security of its environment. ConnectOnCall’s investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications.
Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.
Meta has been fined €251 million (around $263 million) in the European Union for a Facebook security breach that affected millions of users, which the
Guardio Labs tracked and analyzed a large-scale fake captcha campaign distributing a disastrous Lumma info-stealer malware that circumvents general security measures like Safe Browsing. Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over 1 million daily “ad impressions” and causing thousands of daily victims to lose their accounts and money through a network of 3,000+ content sites funneling traffic. Our research dissects this campaign and provides insights into the malvertising industry’s infrastructure, tactics, and key players.
Through a detailed analysis of redirect chains, obfuscated scripts, and Traffic Distribution Systems (TDS) — in collaboration with our friends at Infoblox — we traced the campaign’s origins to Monetag, a part of ProepllerAds’ network previously tracked by Infoblox under the name “Vane Viper.” Further investigation reveals how threat actors leveraged services like BeMob ad-tracking to cloak their malicious intent, showcasing the fragmented accountability in the ad ecosystem. This lack of oversight leaves internet users vulnerable and enables malvertising campaigns to flourish at scale.
Discover Bishop Fox's survey on the current state of SonicWall appliances on the public internet.
Serbian authorities are using spyware and Cellebrite forensic extraction tools to hack journalists and activists in a surveillance campaign.
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerS…
I just wanted to make you all aware of what happened over the weekend.
On Sunday afternoon, Harry Sintonenen made us aware that several security
related websites posted articles about the "CRITICAL curl security flaw".
We announced that as severity LOW earlier this week. How and why did this
massive severiy level bump happen?
Amnesty said it found NoviSpy, an Android spyware linked to Serbian intelligence, on the phones of several members of Serbian civil society following police stops.
An “international cybercriminal group” harvested the personal data of potentially hundreds of thousands of people from the state’s social services and health insurance systems, officials said.
