Geek-Guy.com

Category: Threats

Auto Added by WPeMatico

The North Korea worker problem is bigger than you think

North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop.  This swarm of technical North Korean experts isn’t just intruding businesses as ad hoc freelance IT workers; they’ve gained full-time employment as engineers and specialists of…

Browser extension sales, updates pose hidden threat to enterprises

Sometimes the simplest pieces of software can cause the most complex security headaches for organizations. Browser extensions, which can be bought, sold and repurposed without warning, are a blind spot for organizations — ignored and often left unrecognized as a hidden threat.  John Tuckner, founder of the browser extension security company Secure Annex, recently demonstrated…

String of defects in popular Kubernetes component puts 40% of cloud environments at risk

More than 40% of cloud environments are at risk of an account takeover due to a series of five recently discovered vulnerabilities — one regarded critical — in the Ingress Ngnix Controller for Kubernetes, according to security research published this week. Upon discovering the string of vulnerabilities in one of most widely used ingress controllers…

Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US

A Canadian citizen is one step closer to standing trial in the United States for his alleged involvement in a series of attacks targeting as many as 165 Snowflake customers, one of the most widespread and damaging attack sprees on record.  Connor Moucka consented to extradition on Friday to face 20 federal charges, including conspiracy…

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut…

Application Detection and Response Analysis: Why ADR? How ADR Works, and ADR Benefits

Two highly respected technology analysts from different cybersecurity disciplines are coming together to recommend that companies consider Application Detection and Response. Organizations face a constant barrage of cyber threats, including zero-day vulnerabilities that can exploit unknown weaknesses in software. Traditional security solutions often fall short in detecting and responding to these attacks, leaving organizations vulnerable.…

Six additional countries identified as suspected Paragon spyware customers

Researchers have identified suspected government customers of spyware company Paragon Solutions in six more countries that hadn’t previously been publicly identified, according to a report published Wednesday. The University of Toronto’s Citizen Lab said it mapped the infrastructure of Paragon’s Graphite tool after a tip from a collaborator, and found a subset of suspected Paragon…

Who is sending those scammy text messages about unpaid tolls?

It’s not just you.  Seemingly everyone is getting those text messages that serve as a notification of an unpaid toll road violation. The past due is usually less than $25, but is often paired with threats of excessive penalties, suspended vehicle registrations and threats to report the fare to state motor vehicle agencies. None of…

Lazarus Group deceives developers with 6 new malicious npm packages

Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data…

Microsoft patches 57 vulnerabilities, including 6 zero-days

Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale.  The software defects…

Apple discloses zero-day vulnerability, releases emergency patches

Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions. The sandbox is a security feature that isolates untrusted web content in order to prevent…

X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it.

Social media service X was hit by a series of distributed denial-of-service attacks Monday, which rendered the platform formerly known as Twitter inaccessible at times for users with intermittent outages and errors, according to researchers. The cause of those attacks has been much harder to discern. Elon Musk, the site’s owner, described the incident as…

Ransomware poseurs are trying to extort businesses through physical letters

The FBI and threat researchers are warning executives to be on the lookout for physical letters in the mail threatening to leak sensitive corporate data.  The letters, which are stamped “time sensitive read immediately” and shipped directly to executives through the Postal Service, are part of a nationwide scam designed to extort victims into paying…

Silk Typhoon shifted to specifically targeting IT management companies

The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets, Microsoft Threat Intelligence said in a blog released Wednesday.  The Chinese espionage group, which is also known as APT27, has abused stolen API keys and credentials for privileged access…

US indicts 12 Chinese nationals for vast espionage attack spree

The Justice Department on Wednesday indicted 12 Chinese nationals for their alleged involvement in an extensive nation-state-backed espionage campaign that included a spree of attacks on U.S. federal and state agencies, including the late 2024 attack targeting the Treasury Department.  Officials accused the Chinese individuals, including two officers of China’s Ministry of Public Security, eight…

Cybercriminals picked up the pace on attacks last year

Threat actors became increasingly efficient last year, rapidly achieving lateral movement and swiftly stealing data at a faster clip than ever before, according to multiple threat intelligence firms.  The reduced time frame is a clear indicator that cybercriminals are constantly improving their ability to be successful. With the abuse of legitimate system tools to help…

DHS says CISA won’t stop looking at Russian cyber threats

The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite. The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and…

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies

U.S. authorities say a 21-year-old U.S. Army soldier attempted to sell stolen sensitive information to a foreign intelligence service as part of a broader effort to extort victims and leak call records of high-ranking public officials. In November while on active duty, Cameron Wagenius made multiple attempts to extort $500,000 from a major telecommunications company…

It’s not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills

Cyberattacks carried out by China-backed nation-state actors surged last year, showcasing technical advancements and specialized targeting in a broader escalation of the country’s ability to infiltrate global critical infrastructure, CrowdStrike said in an annual threat report released Thursday. “After decades of investment into China’s offensive capabilities, they’re now on par with other world powers,” Adam…

Threat actors are increasingly trying to grind business to a halt

Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts. …

Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace

The United States is falling “increasingly behind” its adversaries in cyberspace, a former Cyber Command and National Security Agency boss said Saturday. Speaking at the DistrictCon cybersecurity conference in Washington, D.C., retired Gen. Paul Nakasone said that “our adversaries are continuing to be able to broaden the spectrum of what they’re able to do to…

Salt Typhoon gained initial access to telecoms through Cisco devices

Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a threat intelligence report. Cisco Talos, the networking vendor’s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco…

Russia-aligned threat groups dupe Ukrainian targets via Signal

Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday. “This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said…

Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says

One of the most notable elements of the monumental hack of major telecommunications companies is just how “indiscriminate” it was in its pursuit of data, a top FBI official said Wednesday. The FBI has been investigating the breach, which it has blamed on Chinese government hackers commonly known as Salt Typhoon. “What we found particularly…

Edge device vulnerabilities fueled attack sprees in 2024

Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo…

Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts

Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating…

Salt Typhoon remains active, hits more telecom networks via Cisco routers

Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating…

Russian state threat group shifts focus to US, UK targets

A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state…

U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure

A consortium of U.S., Australian and U.K. officials announced coordinated sanctions Tuesday against Zservers, a Russia-based bulletproof hosting provider. The action targets the company for its role in facilitating ransomware attacks, most notably those conducted by the LockBit ransomware-as-a-service (RaaS) group. Officials detailed that Zservers has long been linked to cybercriminal forums, where it has…

Thai authorities detain four Europeans in ransomware crackdown

In a sweeping international law enforcement operation, Thai authorities arrested four Europeans in Phuket, accusing them of orchestrating ransomware attacks affecting Swiss companies worldwide. The suspects are allegedly tied to the 8Base ransomware-as-a-service (RaaS) gang, which extorted $16 million worth of Bitcoin from over 1,000 individuals. The operation, termed “Phobos Aetor,” reflected a tightly coordinated…

Hugging Face platform continues to be plagued by vulnerable ‘pickles’

Researchers at ReversingLabs have identified at least two machine-learning models on Hugging Face, a popular platform for community AI development, that link to malicious web shells and managed to evade detection through the use of “pickling.” Pickle files are python-based modules that allow a developer to serialize and deserialize code. They’re commonly used by AI…

Ransomware payments dropped 35% in 2024

Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis.  The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity…

Infosec pros: We need CVSS, warts and all

A key pillar of a strong cybersecurity program is identifying vulnerabilities in the complex mix of software programs, packages, apps, and snippets driving all activities across an organization’s digital infrastructure. At the heart of spotting and fixing these flaws is the widely used Common Vulnerability Scoring System (CVSS), maintained by a nonprofit called the Forum…

Cybersecurity, government experts are aghast at security failures in DOGE takeover

As the world’s richest man and his team from the Department of Government Efficiency continue their quest to dismantle federal agencies, cybersecurity experts, good government experts and Democrats are increasingly expressing outrage and alarm, in some cases likening the actions to an ongoing data breach. Elon Musk and employees from DOGE — which is, legally,…

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts

A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…

WhatsApp says it disrupted spyware campaign aimed at reporters, civil society

WhatsApp said Friday that it had disrupted a spyware campaign that targeted 90 people, including journalists and activists. The company tied to the campaign, according to WhatsApp, is Israeli firm Paragon, which last fall signed a $2 million contract with Immigration and Customs Enforcement and recently was purchased by U.S. private equity giant AE International.…

Department of Justice partners with Dutch police to break up HeartSender network

Authorities in the United States and the Netherlands have dismantled a sophisticated Pakistan-based cybercrime network known as Saim Raza.  The operation, dubbed “Operation Heart Blocker,” culminated Wednesday with the coordinated seizure of 39 domains and servers. Also known as HeartSender, Saim Raza was responsible for developing and selling phishing kits, with the Department of Justice…

Wiz researchers find sensitive DeepSeek data exposed to internet

A security issue at Chinese artificial intelligence firm DeepSeek exposed over a million lines of sensitive internal data, including user chat histories, API secrets, and backend operational details, according to research published Wednesday by cloud security firm Wiz.  The exposure, discovered earlier this month, stemmed from a publicly accessible ClickHouse database linked to DeepSeek’s systems.…

FBI seizes major cybercrime forums in coordinated domain takedown

The Federal Bureau of Investigation, along with several other international law enforcement departments, has seized control of several high-profile online platforms linked to cybercrime in a sweeping operation aimed at disrupting digital marketplaces for stolen credentials and hacking tools. The domains of forums Cracked[.]io and Nulled[.]to now redirect to FBI-controlled servers, signaling efforts to dismantle…

New backdoor discovered that specifically targets Juniper routers

Researchers at Black Lotus Labs have uncovered an operation where a back door is dropped onto enterprise-grade Juniper Networks routers and listens for specific network signals, known as “magic packets,” to execute malicious commands.  The campaign, which researchers at the cybersecurity wing of Lumen Technologies refer to as “J-Magic,” was active between mid-2023 and mid-2024.…

BreachForums founder to be resentenced after court vacates previous punishment

A U.S. appeals court has vacated the initial sentence given to Conor Brian Fitzpatrick, who pleaded guilty in 2023 for charges related to his work as founder of the notorious BreachForums website. The appeal, filed by the U.S. government, signals that a new sentence could be much more harsh than the one initially issued last…

‘Severe’ bug in ChatGPT’s API could be used to DDoS websites

A vulnerability in ChatGPT’s API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST…

CloudFlare detected (and blocked) the biggest DDoS attack on record

Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention. The company said in research…

Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp

The cat-and-mouse game between state-sponsored Russian hackers and one of the world’s biggest technology companies has continued into 2025.  Microsoft’s threat intelligence team published research Thursday examining how a state-sponsored Russian threat actor group, known as Star Blizzard, has altered its longstanding attack strategies to target WhatsApp accounts. This attack vector is a significant change…

Law enforcement action deletes PlugX malware from thousands of machines

U.S. and international law enforcement agencies have removed the PlugX malware from thousands of computers worldwide in a coordinated campaign to blunt the effectiveness of one of the most infamous pieces of malware used by malicious cyber actors. According to recently unsealed court documents from the Eastern District of Pennsylvania, the U.S. Department of Justice…

Fancy Bear spotted using real Kazak government documents in spearpishing campaign

A hacking group linked to Russian intelligence has been observed leveraging seemingly legitimate documents from the Kazakhstan government as phishing lures to infect and spy on government officials in Central Asia, according to researchers at Sekoia. The files, laced with malware, include draft versions of diplomatic statements, correspondence letters, internal administrative notes and other documents…

Industrial networking manufacturer Moxa reports ‘critical’ router bugs

Firmware in cellular routers, secure routers and network security appliances made by Moxa are vulnerable to a pair of high severity bugs that can escalate privileges for an attacker, give root-level access or allow for unauthorized execution of commands. In a pair of CVEs published Jan. 3, Moxa called the flaws “critical” and warned they…

US sanctions Russian, Iranian groups for election interference

The U.S. State Department has sanctioned two foreign organizations and one individual who it alleges worked on behalf of Russian and Iranian intelligence agencies to interfere in the 2024 U.S. general election. “These actors sought to stoke sociopolitical tensions and undermine our election institutions during the 2024 U.S. general election,” said State Department Press Secretary…

White House: Salt Typhoon hacks possible because telecoms lacked basic security measures

The White House said Friday that as the U.S. government continues to assess the damage caused by the Salt Typhoon hacks, the breach occurred in large part due to telecommunications companies failing to implement rudimentary cybersecurity measures across their IT infrastructure.  Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology,…

Feds lay blame while Chinese telecom attack continues

The United States’ telecommunications infrastructure has been infiltrated by actors affiliated with China. Some of our nation’s most powerful leaders have been targeted — including President-elect Donald Trump and Vice President-elect JD Vance. This is one of the most severe cybersecurity incidents against telecom the United States has ever been subject to, and — worse…

Justice Department unveils charges against alleged LockBit developer

The U.S. Department of Justice revealed charges Friday against Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the notorious LockBit ransomware group. Panev was arrested in Israel following a U.S. provisional arrest request and is currently awaiting extradition. Authorities allege that Panev has been an instrumental figure…

Israeli court to hear U.S. extradition request for alleged LockBit developer

An Israeli Court is set to deliberate a significant extradition case involving Rostislav Panev, an Israeli citizen alleged to be involved with the notorious LockBit ransomware gang. According to Israeli news outlet Ynet, a U.S. extradition request was made public Thursday claiming that between 2019 and 2024, Panev served as a software developer for LockBit.…

What Is Privilege Escalation? Types, Examples, and Prevention

Privilege escalation is a critical cybersecurity threat in which a user—usually a malicious actor—gains access to data beyond what their account permissions allow. Attackers can gain this access through human error, stolen credentials, or social engineering.  The post What Is Privilege Escalation? Types, Examples, and Prevention appeared first on Security Boulevard.

Ukrainian sentenced to five years in jail for work on Raccoon Stealer

Ukrainian national Mark Sokolovsky was sentenced Wednesday to five years in federal prison for his role in operating Raccoon Infostealer malware, which infiltrated millions of computers worldwide to steal personal data. According to court documents, Sokolovsky, 28, was integral to operations that allowed the leasing of Raccoon Infostealer for $200 per month, payable via cryptocurrency.…

CISA pushes guide for high-value targets to secure mobile devices

The Cybersecurity and Infrastructure Security Agency unveiled a detailed set of guidelines Wednesday to safeguard the mobile communications of high-value government targets in the wake of the ongoing Salt Typhoon telecom breach. The guide aims to help both political and federal leadership harden their communications and avoid any data interception by the Chinese-linked espionage group.…

PHP backdoor looks to be work of Chinese-linked APT group

Cybersecurity researchers at a China-based cybersecurity company have uncovered an advanced PHP backdoor that suggests a new asset in the arsenal of Chinese-linked Advanced Persistent Threat group Winnti. Researchers at QiAnXin’s XLab discovered the backdoor, which they titled Glutton, targeting China, the United States, Cambodia, Pakistan, and South Africa. After initially discovering the malware in…

Amnesty International exposes Serbian police’s use of spyware on journalists, activists

Serbian police and intelligence authorities have combined phone-cracking technology with spyware to eavesdrop on activists and journalists there, Amnesty International revealed in a report Monday, in what the human rights group says could be a disturbing preview of a future era of digital surveillance. Amnesty International’s 87-page document surveys the broader picture of digital spying…

What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks

Zero-day vulnerabilities are serious threats. They’re completely unknown to both the vendor and the user. That gives attackers a significant advantage, allowing them to attack systems before patches are available. The post What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks appeared first on Security Boulevard.

International crackdown disrupts DDoS-for-hire operations

In a sweeping international crackdown, law enforcement agencies from 15 countries, including the United States and multiple European nations, have dismantled 27 of the most popular platforms used for carrying out distributed denial-of-service (DDoS) attacks, Europol announced Wednesday. The operation, known as PowerOFF, has led to the arrest of three administrators in France and Germany…

Turla living off other cybercriminals’ tools in order to attack Ukrainian targets

A Russian nation-state threat actor has been observed leveraging tools from other cybercriminal groups to compromise targets in Ukraine, a recent report by Microsoft Threat Intelligence disclosed. This clandestine approach, which is the second time in as many weeks that Microsoft has highlighted the group’s effort, shows how Turla uses a wide range of attack…

Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware 

MITRE Corporation released findings Wednesday from its latest round of ATT&CK evaluations, assessing the capabilities of enterprise cybersecurity solutions against some of the most prevalent ransomware tactics and North Korean malware. The sixth such evaluation from the nonprofit research organization measured 19 different vendors’ ability to protect enterprise systems by evaluating them against two prominent…

WordPress Appliance - Powered by TurnKey Linux