Hacking

Pierluigi Paganini August 06, 2024
North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. South Korea’s national security and intelligence agencies, including the National Intelligence Service, the Prosecutor’s Office, the Police Agency, the Military Intelligence Command, and the Cyber Operations Command, have issued a joint cybersecurity advisory to warn that […]

Pierluigi Paganini August 05, 2024
Researchers warn of a new critical Apache OFBiz flaw

Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw. Experts urge organizations to address a new critical vulnerability, tracked as CVE-2024-38856, in Apache OFBiz. The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions through 18.12.14, version 18.12.15 addressed the flaw. “Unauthenticated […]

Pierluigi Paganini August 05, 2024
Keytronic incurred approximately $17 million of expenses following ransomware attack

Printed circuit board assembly (PCBA) manufacturer Keytronic reported that a recent ransomware attack led to expenses and lost revenue exceeding $17 million. In June, Keytronic disclosed a data breach after a ransomware group leaked allegedly stolen personal information from its systems. The company did not provide any info on the ransomware operation that hit its […]

Pierluigi Paganini August 05, 2024
China-linked APT41 breached Taiwanese research institute

China-linked group APT41 breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported that the China-linked group compromised a Taiwanese government-affiliated research institute. The experts attributed the attack with medium confidence to the APT41 group. The campaign started as early as July 2023 and threat actors delivered the ShadowPad malware, Cobalt […]

Pierluigi Paganini August 04, 2024
Chinese StormBamboo APT compromised ISP to deliver malware

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda, Daggerfly, and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The threat actors targeted […]

Pierluigi Paganini August 04, 2024
Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. A proposed class action claims that Jerico Pictures Inc., operating with the National Public Data, exposed the personal information of nearly 3 billion individuals in a data breach that occurred in April. On […]

Pierluigi Paganini August 03, 2024
Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. Palo Alto researchers reported that a Russia-linked threat actor known as Fighting Ursa (also identified as APT28, Fancy Bear, or Sofacy) used a fake car advertisement to distribute HeadLace backdoor malware, targeting diplomats. The campaign began […]

Pierluigi Paganini August 02, 2024
Avtech camera vulnerability actively exploited in the wild, CISA warns

CISA warned that an Avtech camera vulnerability, which is still unpatched, is being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of a vulnerability, tracked as CVE-2024-7029 (CVSS base score of 8.8), in Avtech camera that has been exploited in the wild.  An attacker can exploit […]

Pierluigi Paganini August 02, 2024
Sitting Ducks attack technique exposes over a million domains to hijacking

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. Over a dozen Russian-linked cybercriminal groups exploited this attack technique to carry out […]

Pierluigi Paganini August 01, 2024
Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation reported that approximately 20,000 VMware ESXi servers exposed online appear impacted by the exploited vulnerability CVE-2024-37085. Microsoft this week warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS […]