Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. A report published by the US Office of Inspector General (OIG) revealed that threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day flaw. […]
North Korea-linked InkySquid group leverages two Internet Explorer exploits to deliver a custom implant in attacks aimed at a South Korean online newspaper. Experts from cybersecurity firm Volexity reported that North Korea-linked InkySquid group (aka ScarCruft, APT37, Group123, and Reaper) leverages two Internet Explorer exploits to deliver a custom backdoor in watering hole attacks aimed at the […]
FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. Researchers at FireEyeâs Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. The flaw […]
A security researcher discovered that a secret FBIâs terrorist watchlist was accidentally exposed on the internet for three weeks between July 19 and August 9, 2021. The security researcher Bob Diachenko discovered a secret terrorist watchlist with 1.9 million records that were exposed on the internet for three weeks between July 19 and August 9, 2021. In July, […]
The recent attacks that targeted Iran’s transport ministry and national train system were conducted by a threat actor dubbed Indra. In July, Iranâs railroad system was hit by a cyberattack, threat actors published fake messages about delays or cancellations of the trains on display boards at stations across the country, the Fars news agency reported. The […]
The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info. The US Financial Industry Regulatory Authority (FINRA) is warning US brokerage firms and brokers of an ongoing phishing campaign. Threat actors are impersonating FINRA officials and are using the threat of penalties to trick victims recipients into providing […]
T-Mobile is investigating a possible data breach after a threat actor published a post on a forum claiming to be selling the personal data of its customers. New problems for T-Mobile, the company is investigating a possible data breach after that a threat actor has published a post on a hacking forum claiming to be […]
The Glowworm attack leverages optical emanations from a device’s power indicator LED to recover sounds from connected peripherals and spy on electronic conversations. Boffins from the Ben-Gurion University of the Negev devised a new attack technique, dubbed the “Glowworm attack,” that leverages optical emanations from a device’s power indicator LED to recover sounds from connected […]
Emails allegedly stolen from the Lithuanian Ministry of Foreign Affairs are available for sale in a cybercrime forum, some emails include high-sensitive info. An archive containing 1.6 million emails containing highly sensitive messages allegedly stolen from the Lithuanian Ministry of Foreign Affairs is available for sale on the RaidForums hacking forum. The ad doesn’t include […]
A security expert devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365 Cloud PC service using Mimikatz. Benjamin Delpy, the popular security researcher and author of the Mimikatz tool, has devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365 […]