Security News

The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments. Researchers at ESET, who discovered the activity, didn't name the specific government entities it targeted but given Winter Vivern's nexus to Russia and Belarus, they are likely to be adversaries of those countries.

Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware attack earlier this year, warning that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information. On August 21, 2023, the BlackCat/ALPHV ransomware gang added Seiko to its extortion site, claiming to have stolen production plans, employee passport scans, new model release plans, specialized lab test results, and confidential technical schematics of existent and upcoming Seiko watches.

Generative AI is likely behind the increases in both the volume and sophistication of email attacks that organizations have experienced in the past few months, and it's still early days, according to Abnormal Security. Their leading worry is the increased sophistication of email attacks that generative AI will make possible - particularly, the fact that generative AI will help attackers craft highly specific and personalized email attacks based on publicly available information.

French professional basketball team LDLC ASVEL has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club. "Alerted on October 12 through the press and having immediately contacted companies specializing in the field of cybersecurity, LDLC ASVEL is unfortunately today able to confirm that it has indeed been the victim of a violation of its computer system, with data exfiltration," reads a press statement from ASVEL. The threat actors claimed to have stolen 32 GB of data, including the personal data of players, passports and ID cards, and many documents relating to finance, taxation, and legal matters.

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various...

According to NCC Group data, ransomware groups launched 514 attacks in September. This surpasses March 2023 activity, which counted 459 attacks, and was heavily skewed by Clop's MOVEit Transfer data theft attacks.

As businesses scramble to take the lead in operationalizing AI-enabled interfaces, ransomware actors will use it to scale their operations, widen their profit margins, and increase their likelihood of pulling off successful attacks. Researchers have charted a 37% rise in ransomware incidents in 2023 in the Zscaler cloud, a triple-digit increase in double-extortion tactics across numerous industries, and an overall surge in sector-specific attacks targeting industries like manufacturing.

QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital Ocean, took down the command-and-control server within two days.

The introduction of Munchkin to BlackCat's already extensive and advanced arsenal makes the RaaS more attractive to cybercriminals seeking to become ransomware affiliates. After compromising a device, the threat actors install VirtualBox and create a new virtual machine using the Munchkin ISO. This Munchkin virtual machine includes a suite of scripts and utilities that allow the threat actors to dump passwords, spread laterally on the network, build a BlackCat 'Sphynx' encryptor payload, and execute programs on network computers.

North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail...