"Lazarus Group Targets Developers in Fresh VMConnect Campaign"

"Lazarus Group Targets Developers in Fresh VMConnect Campaign"

According to ReversingLabs, "Lazarus Group" is continuing its "VMConnect" campaign by distributing new malicious software packages to developers via open source repositories. The North Korean group masqueraded as Capital One employees and used fake job interviews to trick developers into downloading the malware. The malware installs malicious downloaders on developer systems that can fetch second and third-stage malware, such as backdoors and infostealers. This article continues to discuss findings regarding the continued VMConnect campaign.  

Submitted by Gregory Rigby on

"Iranian Hackers Targeting Iraqi Government: Security Firm"

"Iranian Hackers Targeting Iraqi Government: Security Firm"

According to researchers at Check Point, hackers suspected of operating on behalf of the Iranian government have been targeting Iraqi government networks. Iran has been discovered to be conducting cyber espionage operations against various Iraqi entities, including the government. The attacks use custom malware and infrastructure designed for specific targets, with links to known threat actors previously associated with Iran's Ministry of Intelligence and Security (MOIS).

Submitted by Gregory Rigby on

"Open Source Updates Have 75% Chance of Breaking Apps"

"Open Source Updates Have 75% Chance of Breaking Apps"

According to Endor Labs, about 95 percent of version upgrades of open source software include at least one breaking change that causes other components to fail. Patches have a 75 percent chance of causing a break. The problem of breaking changes is exacerbated by the finding that a quarter of vulnerable components require a major version update. This article continues to discuss key findings from Endor Labs' "Dependency Management Report."

Submitted by Gregory Rigby on

"Fortinet Confirms Data Breach After Hacker Claims to Steal 440GB of Files"

"Fortinet Confirms Data Breach After Hacker Claims to Steal 440GB of Files"

Cybersecurity giant Fortinet has recently confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server.  Fortinet is one of the largest cybersecurity companies in the world.  Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance.  The threat actor then shared credentials to an alleged S3 bucket, where the stolen data is stored for other threat actors to download.

Submitted by Adam Ekwall on

"Gallup Cross-Site Scripting Error Could Have Led to Data Theft"

"Gallup Cross-Site Scripting Error Could Have Led to Data Theft"

Checkmarx reports that Gallup fixed two Cross-Site Scripting (XSS) errors on its website that could have resulted in data theft and account takeovers. Gallup is known for its public opinion polls, including polls regarding US politics and elections. An attacker could have exploited the XSS flaws to trick victims into clicking links from the legitimate Gallup website that led to data extraction or session hijacking. This article continues to discuss the Gallup XSS errors and the impact these flaws could have had.  

Submitted by Gregory Rigby on

"GitLab Warns of Critical Pipeline Execution Vulnerability"

"GitLab Warns of Critical Pipeline Execution Vulnerability"

GitLab has released critical updates for multiple vulnerabilities, one of which enables an attacker to trigger pipelines as arbitrary users under certain conditions. As part of GitLab's Continuous Integration/Continuous Delivery (CI/CD) system, the pipelines are automated workflows used in the building, testing, and deployment of code. They automate repetitive tasks and ensure codebase changes are tested and deployed consistently. The critical vulnerability can allow an attacker to execute environment stop actions as the owner of the stop action job.

Submitted by Gregory Rigby on

"Evasion Tactics Used By Cybercriminals To Fly Under The Radar"

"Evasion Tactics Used By Cybercriminals To Fly Under The Radar"

Etay Maor, Chief Security Strategist and founding member of Cyber Threats Research Lab (CTRL) at Cato Networks, highlights some of the top tactics used by cybercriminals to evade traditional security measures. One example of an evasion tactic is the use of crypting-as-a-service providers on the dark web that offer cryptic and code obfuscation services. They involve reconfiguring known malware with a different signature set. As traditional anti-virus filters are signature-based, they cannot detect the tampered malware because it has a new signature.

Submitted by Gregory Rigby on

"Business Email Compromise Costs $55bn Over a Decade"

"Business Email Compromise Costs $55bn Over a Decade"

Since cybercrime has made threat actors tens of billions of dollars over the past decade, the Federal Bureau of Investigation (FBI) has warned organizations to be on the lookout for Business Email Compromise (BEC) attempts. The FBI's Internet Crime Complaint Center (IC3) reported in a recent notice that over 305,000 BEC incidents cost US and global organizations nearly $55.5 billion between October 2013 and December 2023. This article continues to discuss the rising costs of BEC attacks and advice on how to mitigate BEC risk.

Submitted by Gregory Rigby on

"TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested"

"TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested"

Transport for London (TfL) has recently confirmed that some customer data has been breached following a cyberattack on its systems.  The information accessed by the attackers includes names, email addresses, home addresses, and Oyster refund data, encompassing bank account numbers and sort codes for around 5000 customers.  The National Crime Agency (NCA) revealed it had arrested a 17-year-old male in Walsall, West Midlands, on suspicion of Computer Misuse Act offenses in relation to the TfL cyberattack.

 

Submitted by Adam Ekwall on

"Schools Face Million-Dollar Bills as Ransomware Rises"

"Schools Face Million-Dollar Bills as Ransomware Rises"

According to security researchers at Sophos, schools, colleges, and universities face growing costs from ransomware attacks.  In a new study the researchers found that 44% of schools across 14 nations surveyed faced a ransom demand of $5m or more.  In higher education, 32% faced demands of between $1m and $5m, and 35% over $5m.  The researchers found that schools paid the highest median ransoms at $6.6m.  The researchers noted that the number of ransomware attacks against the education sector actually fell in 2024 compared with 2023.

Submitted by Adam Ekwall on
Subscribe to