Clik here to view.
FBIが暗号会社に攻撃的なソーシャル・エンジニアリング攻撃を警告
FBIは本日、北朝鮮のハッキング・グループが暗号通貨企業やその従業員を標的に、暗号資産を盗むことを目的としたマルウェアを展開する高度なソーシャル・エンジニアリング攻撃を積極的に行っていると警告した。 FBIによると、彼らのソーシャル・エンジニアリングの手口は高度に標的化されており、高度なサイバーセキュリティの専門知識を持つ者でも発見が難しいという。...
View ArticleClik here to view.
Zyxel warns of critical OS command injection flaw in routers
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command...
View ArticleClik here to view.
FTC: Over $110 million lost to Bitcoin ATM scams in 2023
The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. Bitcoin ATMs are...
View ArticleClik here to view.
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Threat actors are utilizing an attack called “Revival Hijack,” where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. The technique...
View ArticleClik here to view.
Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security
AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has achieved PCI DSS v4.0 certification for its flagship search engine solution, Criminal IP. This accomplishment builds on last year’s...
View ArticleClik here to view.
Google backports fix for Pixel EoP flaw to other Android devices
Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on...
View ArticleClik here to view.
Hackers inject malicious JS in Cisco store to steal credit cards, credentials
Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at...
View ArticleClik here to view.
Cisco warns of backdoor admin account in Smart Licensing Utility
Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. CSLU is a Windows application that helps...
View ArticleClik here to view.
New Eucleak attack lets threat actors clone YubiKey FIDO keys
A new “EUCLEAK” flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico’s YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm...
View ArticleClik here to view.
Cisco fixes root escalation vulnerability with public exploit code
Cisco has fixed a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on vulnerable systems. Tracked as CVE-2024-20469, the security flaw was found...
View ArticleClik here to view.
Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel
The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. Security researchers at...
View ArticleClik here to view.
US cracks down on Russian disinformation before 2024 election
Image: MidjourneyToday, the U.S. Justice Department said the FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the...
View ArticleClik here to view.
Microchip Technology confirms data was stolen in cyberattack
American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the...
View ArticleClik here to view.
Planned Parenthood confirms cyberattack as RansomHub claims breach
Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. Planned Parenthood is a New...
View ArticleClik here to view.
Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords
Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. The operation,...
View ArticleClik here to view.
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup &...
View ArticleClik here to view.
LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. The flaw, tracked as...
View ArticleClik here to view.
Musician charged with $10M streaming royalties fraud using AI and bots
Image: MidjourneyNorth Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated...
View ArticleClik here to view.
ロシア軍ハッカーが重要インフラ攻撃に関与か
イメージミッドジャーニー米国とその同盟国は、世界的な重要インフラ攻撃の背後にいるロシアのハッカー集団(Cadet BlizzardおよびEmber Bearとして追跡されている)を、ロシア軍参謀本部(GRUとしても知られる)の29155部隊と関連付けた。...
View ArticleClik here to view.
マイクロソフト、新ツールでBing検索からリベンジポルノを削除
マイクロソフトは本日、StopNCIIと提携し、人々が敏感なメディアから作成したデジタルハッシュを使用して、Bingから有害な親密な画像やビデオを積極的に削除することを発表した。...
View Article