Security News > 2024 > January

A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. The attackers hide these payloads in plain sight, placing them in forum user profiles on tech news sites or video descriptions on media hosting platforms.

Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The...

The police in Saxony, eastern Germany, have seized 50,000 Bitcoin from the former operator of the pirate site movie2k. As the police announced, one of the two suspects voluntarily transferred Bitcoin to the Federal Criminal Police Office.

Car rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers. The post included samples of the stolen data for 31 alleged Europcar customers, including names, addresses, birth dates, driver's license numbers, and other information.

China's Volt Typhoon attackers used "Hundreds" of outdated Cisco and NetGear routers infected with malware in an attempt to break into US critical infrastructure facilities, according to the Justice Department. The Feds claim the Middle Kingdom keyboard warriors downloaded a virtual private network module to the vulnerable routers and set up an encrypted communication channel to control the botnet and hide their illegal activities.

A proof-of-concept exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers is now publicly available on GitHub. Tracked as CVE-2023-45779, the flaw was discovered by Meta's Red Team X in early September 2023 and was addressed in Android's December 2023 security update without disclosing details an attacker could use to discern and exploit it.

The data from ransomware response and negotiation company Coveware continues a downward trend since it began monitoring in 2019, when it said the rate of companies choosing to pay ransomware actors was a whopping 85 percent. Along with a decrease in overall ransomware payments, Coveware found that payments for data exfiltration-only incidents also hit an all-time low since it began tracking them in 2022.

CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks. Tracked as CVE-2022-48618 and discovered by Apple's security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.

Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems. In eight of security company TrueSec's most recent incident response engagements that involved Akira and Cisco's AnyConnect SSL VPN as the entry point, at least six of the devices were running versions vulnerable to CVE-2020-3259, which was patched in May 2020.

The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. Devices compromised and added to this botnet included Netgear ProSAFE, Cisco RV320s, and DrayTek Vigor routers, as well as Axis IP cameras, according to Lumen Technologies' Black Lotus Labs team, who first linked the malware to the Chinese threat group in December.