Threat actors have been observed exploiting a vulnerability in Four-Faith industrial routers to deploy a reverse shell, vulnerability intelligence company VulnCheck warns. The exploited flaw, tracked as CVE-2024-12856 (CVSS score of 7.2), is described as an OS command injection issue that can be exploited remotely but requires authentication. Affected devices include the Four-Faith router models […]

The US Department of Justice has issued a final rule carrying out Executive Order (EO) 14117, which addresses the risk of Americans’ bulk sensitive personal data being accessed and exploited by China, Russia, and other foreign adversaries. Also covering certain US government-related data, the final rule (PDF) and the executive order aim to prevent data […]

Malicious versions of Cyberhaven and other Chrome extensions were published to the Google Chrome Web Store as part of a supply chain attack likely targeting Facebook advertising users. The extension of data security firm Cyberhaven was compromised after an employee fell victim to a phishing attack and authorized a malicious OAuth application called ‘Privacy Policy […]

A hacker has leaked more data stolen from a Cisco DevHub instance and the tech giant has confirmed its authenticity and that it originated from a recently disclosed security incident. The hacker known as IntelBroker announced on October 14 that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, […]

A ninth U.S. telecoms firm has been confirmed to have been hacked as part of a sprawling Chinese espionage campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans, a top White House official said Friday. Biden administration officials said this month that at least eight […]

Intelligence operations have undergone a profound transformation. Gone are the days when intelligence gathering relied purely on information obtained from human and other restricted sources. Today, much of the intelligence is publicly available – if one knows where and how to find it. This practice, known as Open Source Intelligence (OSINT), has emerged as an […]

Aerospace and defense giant General Dynamics says threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel. The unauthorized activity was discovered on October 10, after the attackers had accessed and made changes to the employee benefits accounts through a login portal hosted by a third party. According to […]

The notorious Cl0p ransomware group will soon name more than 60 organizations that were hacked recently through the exploitation of vulnerabilities in file transfer products from enterprise software developer Cleo. Cl0p took credit for the Cleo attacks in mid-December, telling SecurityWeek at the time that they had hit “quite a lot” of targets as part […]

Japan Airlines said it was hit by a cyberattack Thursday, causing delays to more than 20 domestic flights but the carrier said it was able to stop the onslaught and restore its systems hours later. There was no impact on flight safety, it said. JAL said the problem started Thursday morning when the company’s network […]

The Federal Bureau of Investigation (FBI) is publicly blaming North Korean government hackers for a $308 million cryptocurrency heist from Bitcoin.DMM.com earlier this year. A brief statement from the FBI said it worked with Japan’s National Police Agency (NPA) to trace the theft of 4,502.9 BTC to “TraderTraitor,” a known Pyongyang hacking team that targets […]