A new ransomware family calling itself 3AM has emerged. To date, the ransomware has only been used in a limited fashion. Symantec’s Threat Hunter Team, part of Broadcom, has seen it used in a single attack by a ransomware affiliate that attempted to deploy LockBit on a target’s network and then switched to 3AM when […]
Dive Brief: Valid, compromised account credentials were the initial access vector for more than 1 in 3 cloud intrusions observed by IBM Security X-Force during the last year, making it the most common point of entry across all cloud security incidents. Credentials used as an initial access vector for cloud intrusions jumped from 9% in […]
Sep 14, 2023THNVulnerability / Hacking A high-severity security flaw has been disclosed in N-Able’s Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged […]
Sep 14, 2023THNSpyware / Malware The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group’s Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023. Timchenko is […]
We meet the MB of MB Disco, Martin Brodin Martin Brodin WHAT’S THE NAME OF YOUR LABEL, AND WHO RUNS IT? MB Disco, run by me, Martin Brodin. WHEN & WHY DID THE LABEL START? The label started in 2010 with a vision to embrace all kinds of disco sound, including influences from soulful, synth, […]
U.S. Cyber Command announced Tuesday that it completed its second “hunt forward” mission to uncover vulnerabilities in Lithuania’s networks. The operation is one of dozens the elite digital warfighting organization has undertaken since 2018 as part of a larger push to help the U.S. government understand weaknesses or malicious activity in foreign systems and how […]
The dark web marketplaces dedicated to the trade of credentials and vulnerabilities boasts some big names in enterprise compromises, Flashpoint research released Tuesday shows. Three reported purchases of vulnerability exploits on the dark web during the first half of the year included high profile, actively exploited CVEs, according to the threat intelligence firm. The remote […]
A new information-stealing malware named MetaStealer has appeared in the wild, targeting macOS systems. This malicious software is built using the Go programming language and can steal a variety of sensitive data from victims. Distribution process According to SentinelOne researchers, many samples of the malware are targeting macOS business users through social engineering tactics, where […]
Fraud Management & Cybercrime , Ransomware UK Crime and Cybersecurity Agencies Urge ‘Holistic’ View of Ransomware Ecosystem Akshaya Asokan (asokan_akshaya) • September 11, 2023 Image: Shutterstock Stopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the British […]