Cybersecurity
Category Added in a WPeMatico Campaign
Nov 21, 2023NewsroomLinux / Rootkit The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. “Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host’s resources to mine cryptocurrencies like Bitcoin, resulting in significant damage […]
Royal Mail has revealed a multimillion-pound cost attached to a serious ransomware breach it suffered earlier this year. The British postal service company was hit by a LockBit affiliate, in an incident which caused “severe service disruption” for items sent abroad. It later transpired that the ransomware actors were demanding nearly $80m from the firm […]
An Israeli private investigator was sentenced in the Southern District of New York to nearly seven years in federal prison on Thursday on charges that he orchestrated a global hack-for-hire scheme. Aviram Azari pleaded guilty in April to wire fraud, conspiracy to commit hacking and aggravated identity theft for his role in coordinating hacking campaigns […]
Access-as-a-service (AaaS), a new business model in the underground world of cybercrime, refers to threat actors selling methods for accessing networks for a one-time fee. We have one group of criminals, referred to as an access broker or initial access broker (IAB), stealing enterprise user credentials to sell to other attack groups. The buyers then […]
Johnson Controls recently announced patches for a critical vulnerability found by an external researcher in some of its industrial refrigeration products. According to advisories published by Johnson Controls and the US cybersecurity agency CISA, the flaw, tracked as CVE-2023-4804, can “allow an unauthorized user to access debug features that were accidentally exposed”. Impacted products include […]
The US Department of Energy has announced a $70 million funding opportunity for electric cooperative, small investor-owned, and municipal utilities to improve their cybersecurity posture. Offered as part of President Biden’s Bipartisan Infrastructure Law, the funding is meant to enhance the resilience of the energy grid against more frequent and increasingly sophisticated cyber threats. The […]
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: Remote attackers gain control of the infected systemsSeverity Level: Critical FortiGuard Labs recently identified the use of a Russian-language Word document equipped with a malicious macro in the ongoing Konni campaign. Despite the document’s creation date of September, ongoing activity on the campaign’s C2 server is evident in […]
Wisconsin teenager Joseph Garrison has pleaded guilty to his involvement in a scheme to access user accounts at a fantasy sports and betting website. According to court documents, on November 18, 2022, Garrison launched a credential stuffing attack against the betting site, obtaining access to approximately 60,000 user accounts. The defendant and others then stole […]
A malware phishing campaign that began spreading DarkGate malware in September of this year has evolved to become one of the most advanced phishing campaigns active in the threat landscape. Since then, the campaign has changed to use evasive tactics and anti-analysis techniques to continue distributing DarkGate, and more recently, PikaBot. The campaign surged just […]