Security News

A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks. [...]

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. Ticketmaster later confirmed the data breach, which they ultimately stated was from their account on Snowflake, a cloud-based data warehousing company used by the enterprise to store databases, process data, and perform analytics.

Hackers are targeting older versions of the HTTP File Server from Rejetto to drop malware and cryptocurrency mining software. The researchers say that during the attacks the hackers collect information about the system, install backdoors and various other types of malware.

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as...

Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords. Although D-Link DIR-859 WiFi router model reached end-of-life and no longer receives any updates, the vendor still released a security advisory explaining that the flaw exists in the "Fatlady.php" file of the device, affects all firmware versions, and allows attackers to leak session data, achieve privilege escalation, and gain full control via the admin panel.

RMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week. TeamViewer says they believe their internal corporate network, not their production environment, was breached on Wednesday, June 26, using an employee's credentials.

The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency prior to invading the country. The announcement from the Department of Justice says that in January 2022 Stigal and members of the GRU used a U.S.-based company to distribute the WhisperGate pseudo-ransomware to systems at dozens of Ukrainian government entities to destroy data.

Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it. MOVEit Transfer is a managed file transfer solution used in enterprise environments to securely transfer files between business partners and customers using the SFTP, SCP, and HTTP protocols.

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world...