"US Military Academy Wins First Place at the 2024 NSA Cyber Exercise"

"US Military Academy Wins First Place at the 2024 NSA Cyber Exercise"

The US Military Academy won the sixth National Security Agency (NSA) Cyber Exercise (NCX). Participants from US service academies and senior military colleges competed for the NCX trophy alongside individuals from NSA professional development programs. Teams conducted offensive cyber activities against a fictional adversary that attacked a satellite downlink.

Submitted by Gregory Rigby on

"Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls"

"Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls"

Rapid7 researchers have found a social engineering campaign that sends spam emails to enterprises to gain initial access for follow-on exploitation. The researchers reported that a threat actor floods a user's email with junk and calls to offer help to the user. The threat actor then prompts affected users to download Remote Monitoring and Management (RMM) software such as AnyDesk or run Microsoft's Quick Assist feature in order to set up a remote connection.

Submitted by Gregory Rigby on

"Adobe Patches Critical Flaws in Reader, Acrobat"

"Adobe Patches Critical Flaws in Reader, Acrobat"

Software maker Adobe recently documented 35 security vulnerabilities in a wide range of products and urged users to pay immediate attention to critical severity bugs in its widely deployed Adobe Acrobat and Reader programs. As part of its scheduled Patch Tuesday updates, Adobe patched a dozen security bugs in Acrobat and Reader and slapped a critical severity label on several issues that expose users to code execution attacks. According to the advisory, the Acrobat and Reader vulnerabilities affect both macOS and Windows users.

Submitted by Adam Ekwall on

"CISA, DHS, FBI and International Partners Publish Guide for Protecting High-Risk Communities"

"CISA, DHS, FBI and International Partners Publish Guide for Protecting High-Risk Communities"

The US Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and Federal Bureau of Investigation (FBI), in collaboration with international cyber partners have published "Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society." The guide aims to help civil society organizations reduce their risk of cyber intrusions, particularly state-sponsored ones. It also encourages software manufacturers to implement and publicly commit to Secure by Design practices to protect vulnerable and high-risk communities.

Submitted by Gregory Rigby on

"PyPI Package Backdoors Macs Using the Sliver Pen-Testing Suite"

"PyPI Package Backdoors Macs Using the Sliver Pen-Testing Suite"

A new Python Package Index (PyPI) package mimicked the popular 'requests' library to target macOS devices with the Sliver C2 adversary framework. The campaign discovered by Phylum uses steganography in a PNG image file for covert installation of the Sliver payload. The malicious PyPI package has been removed, but its discovery shows Sliver's growing use of remote access to corporate networks.

Submitted by Gregory Rigby on

"Russian Actors Weaponize Legitimate Services in Multi-Malware Attack"

"Russian Actors Weaponize Legitimate Services in Multi-Malware Attack"

Recorded Future has highlighted a cyber campaign carried out by Russian-speaking actors involving the exploitation of GitHub and FileZilla to deploy multiple malware variants. The adaptive tactics and advanced capabilities used make tracking and defending against this threat difficult. The threat actor, who is most likely based in the Commonwealth of Independent States (CIS), targeted various Operating Systems (OS) and computer architectures in the credential harvesting campaign, demonstrating their ability to adapt.

Submitted by Gregory Rigby on

"Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign"

"Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign"

According to New Jersey's Cybersecurity and Communications Integration Cell (NJCCIC), millions of phishing emails have been sent through the Phorpiex botnet since April to conduct a large-scale LockBit Black ransomware campaign. The attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The NJCCIC noted that the LockBit Black encryptor deployed in these attacks is likely built using the LockBit 3.0 builder leaked by a disgruntled developer on Twitter in September 2022.

Submitted by Adam Ekwall on

"Log4Shell Shows No Sign of Fading, Spotted in 30% of CVE Exploits"

"Log4Shell Shows No Sign of Fading, Spotted in 30% of CVE Exploits"

According to a Cato Networks survey, organizations still run insecure protocols across their Wide Access Network (WAN), making cybercriminals' movement easier. The Cato CTRL SASE Threat Report Q1 2024 examines security threats and their network characteristics for all aggregate traffic and all endpoints across sites, remote users, and cloud resources. Threat actors have less trouble snooping critical data in transit once they penetrate a network.

Submitted by Gregory Rigby on

"Helsinki Suffers Data Breach After Hackers Exploit Unpatched Flaw"

"Helsinki Suffers Data Breach After Hackers Exploit Unpatched Flaw"

The City of Helsinki, located in Finland, is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. Though information about the attack was circulated on May 2, 2024, the city's authorities shared more details in a press conference recently. According to the authorities, an unauthorized actor gained access to a network drive after exploiting a vulnerability in a remote access server.

Submitted by Adam Ekwall on

"Heartbleed: When Is It Good to Name a Vulnerability?"

"Heartbleed: When Is It Good to Name a Vulnerability?"

Years have passed since the identification of "Heartbleed," a critical OpenSSL vulnerability, but questions remain regarding branded vulnerabilities and the appropriate naming of vulnerabilities. Branding the serious OpenSSL vulnerability with a name and logo garnered media attention and raised awareness.

Submitted by Gregory Rigby on
Subscribe to