A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says
By: Ravie Lakshmanan
As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing...
CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats
By:
Dec 18, 2023NewsroomSoftware Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing...
Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East
By:
A threat actor affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been observed waging a sophisticated cyber espionage campaign targeting financial, government, military, and telecommunications sectors...
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
By:
The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021.
The activity targeted Polish...
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
By:
Apr 21, 2023Ravie LakshmananKubernetes / Cryptocurrency
A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency...
Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks
By: Ravie Lakshmanan
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt...
Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency
By:
Mar 16, 2023Ravie LakshmananCyber Attack / Vulnerability
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal...
Coordinated DDoS Attack on US Service Providers
Anonymous Tweets U.S. Hit By Major DDoS Attack on June 15
Following a massive cell phone service outage that affected hundreds of thousands T-Mobile, AT&T, Verizon, and Sprint customers on Monday,...
Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa
By:
Jan 18, 2023Ravie LakshmananCyber Threat / Malware
An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle...
Watering Hole Attack Was Used to Target Florida Water Utilities
By: Ravie Lakshmanan
An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida...