Cybersecurity

US Cyber Command wrapped second ‘hunt forward’ mission to Lithuania

U.S. Cyber Command announced Tuesday that it completed its second “hunt forward” mission to uncover vulnerabilities in Lithuania’s networks. The operation is one of dozens the elite digital warfighting organization has undertaken since 2018 as part of a larger push to help the U.S. government understand weaknesses or malicious activity in foreign systems and how […]

Cybersecurity

High-profile CVEs turn up in vulnerability exploit sales

The dark web marketplaces dedicated to the trade of credentials and vulnerabilities boasts some big names in enterprise compromises, Flashpoint research released Tuesday shows. Three reported purchases of vulnerability exploits on the dark web during the first half of the year included high profile, actively exploited CVEs, according to the threat intelligence firm. The remote […]

Cybersecurity

Newly Discovered MetaStealer Malware Targets macOS Users | Cyware Hacker News

A new information-stealing malware named MetaStealer has appeared in the wild, targeting macOS systems. This malicious software is built using the Go programming language and can steal a variety of sensitive data from victims.  Distribution process According to SentinelOne researchers, many samples of the malware are targeting macOS business users through social engineering tactics, where […]

Cybersecurity

Ransomware: It Takes A Village, Says NCSC

Fraud Management & Cybercrime , Ransomware UK Crime and Cybersecurity Agencies Urge ‘Holistic’ View of Ransomware Ecosystem Akshaya Asokan (asokan_akshaya) • September 11, 2023     Image: Shutterstock Stopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the British […]

Cybersecurity

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

Sep 13, 2023THNKubernetes / Cloud Security Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the […]

Cybersecurity

Nearly 15,000 accounts raided at automaker sites to harvest vehicle IDs, report says

Cybercriminals appear to have deployed bots to break into customer accounts at several large automakers, then harvested important information about thousands of individual vehicles and offered it for sale in private Telegram channels, researchers said Tuesday. The evidence suggests the hackers used automated account takeover (ATO) techniques to “access to personal information as well as […]

Cybersecurity

CertifID, which develops products to prevent wire fraud, raises $20M | TechCrunch

CertifID, a startup developing fraud prevention tech for the real estate market, today announced that it raised $20 million in a funding round led by Arthur Ventures at “over double” its previous valuation. CertifID primarily develops products to fight wire fraud. The startup’s co-founder, Thomas Cronkright, launched the company in 2017 after losing $180,000 to […]

Cybersecurity

Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service

Sep 13, 2023THNVulnerability / Data Security More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. “The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of […]

Cybersecurity

Guarding Against the Unseen: Investigating a Stealthy Remcos Malware Attack on Colombian Firms – Check Point Research

Research by: Niv Asraf Abstract In the last two months, Check Point researchers encountered a new large-scale phishing campaign that recently targeted more than 40 prominent companies across multiple industries, in Colombia. The attackers’ objective was to discreetly install the notorious “Remcos” malware on victims’ computers. Remcos, a sophisticated “Swiss Army Knife” RAT, grants attackers […]