U.S. Cyber Command announced Tuesday that it completed its second “hunt forward” mission to uncover vulnerabilities in Lithuania’s networks. The operation is one of dozens the elite digital warfighting organization has undertaken since 2018 as part of a larger push to help the U.S. government understand weaknesses or malicious activity in foreign systems and how […]
The dark web marketplaces dedicated to the trade of credentials and vulnerabilities boasts some big names in enterprise compromises, Flashpoint research released Tuesday shows. Three reported purchases of vulnerability exploits on the dark web during the first half of the year included high profile, actively exploited CVEs, according to the threat intelligence firm. The remote […]
A new information-stealing malware named MetaStealer has appeared in the wild, targeting macOS systems. This malicious software is built using the Go programming language and can steal a variety of sensitive data from victims. Distribution process According to SentinelOne researchers, many samples of the malware are targeting macOS business users through social engineering tactics, where […]
Fraud Management & Cybercrime , Ransomware UK Crime and Cybersecurity Agencies Urge ‘Holistic’ View of Ransomware Ecosystem Akshaya Asokan (asokan_akshaya) • September 11, 2023 Image: Shutterstock Stopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the British […]
Sep 13, 2023THNKubernetes / Cloud Security Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the […]
Cybercriminals appear to have deployed bots to break into customer accounts at several large automakers, then harvested important information about thousands of individual vehicles and offered it for sale in private Telegram channels, researchers said Tuesday. The evidence suggests the hackers used automated account takeover (ATO) techniques to “access to personal information as well as […]
CertifID, a startup developing fraud prevention tech for the real estate market, today announced that it raised $20 million in a funding round led by Arthur Ventures at “over double” its previous valuation. CertifID primarily develops products to fight wire fraud. The startup’s co-founder, Thomas Cronkright, launched the company in 2017 after losing $180,000 to […]
Sep 13, 2023THNVulnerability / Data Security More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. “The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of […]
Research by: Niv Asraf Abstract In the last two months, Check Point researchers encountered a new large-scale phishing campaign that recently targeted more than 40 prominent companies across multiple industries, in Colombia. The attackers’ objective was to discreetly install the notorious “Remcos” malware on victims’ computers. Remcos, a sophisticated “Swiss Army Knife” RAT, grants attackers […]