Cybersecurity
Category Added in a WPeMatico Campaign
ESET researchers have uncovered a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, most notably a publicly undocumented backdoor we named LightlessCan. Lazarus operators obtained initial access to the company’s network last year after a successful spearphishing campaign, masquerading as a recruiter for Meta – the company behind Facebook, […]
The FBI is warning organizations of new trends in ransomware attacks, where victims are targeted by multiple file-encrypting malware families or with wipers. As part of this trend, which was observed in July 2023, the FBI notes in a new private industry notification, threat actors deploy two ransomware variants in close date proximity to one […]
Nexusflow, a startup using generative AI to help companies make sense of cybersecurity data, today announced that it raised $10.6 million in a seed round led by Point72 Ventures with participation from Fusion Fund and several AI luminaries in Silicon Valley. The tranche, which values Nexusflow at $53 million post-money, will be put toward hiring, […]
A high-severity remote code execution (RCE) vulnerability in Apache NiFi, for which an exploitation tool already exists, can lead to unauthorized access and data breaches, cybersecurity firm Cyfirma warns. An open-source data integration and automation tool, Apache NiFi is used for the processing and distribution of data. Tracked as CVE-2023-34468 (CVSS score of 8.8) and […]
Misconfigured WBSC server leaks thousands of passports Pierluigi Paganini September 29, 2023 The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 […]
The Biden administration is moving forward with a plan to enhance cloud infrastructure security by requiring companies to collect personal information from users, despite intensifying backlash from executives at Amazon and other tech giants. The White House says the proposed cloud security policy — dubbed Know Your Customer (KYC) — is crucial for disrupting hackers […]
The Budworm APT group is evolving its cyber arsenal. In the latest discovery, Symantec’s Threat Hunter Team identified that Budworm has adapted and upgraded one of its primary tools. Two significant entities, an Asian government and a Middle Eastern telecommunication firm, were targeted with this renewed strategy. Diving into the Details In August 2023, Budworm, […]
A Russian flight booking system was hit by a cyberattack on Thursday, causing delays at airports. A “massive” distributed denial-of-service (DDoS) attack on the local airline booking system Leonardo was carried out by “foreign hackers,” reported one of the system’s developers, Russian state defense company Rostec. The incident lasted about an hour and affected the […]
Sep 29, 2023THNCyber Espionage / Malware The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. “Employees of the targeted company were contacted by a fake recruiter […]