Security News
A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under...
The Scattered Spider gang has started to steal data from software-as-a-service applications and establish persistence through creating new virtual machines. While there are reports about Scattered Spider being an organized gang with specific members, the group is actually a loose knit collective of English-speaking individuals that work together to carry out breaches, steal data, and extort their targets.
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the...
"Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information," Life360 CEO Chris Hulls said. The exposed data "Does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types," Hulls added.
Coathanger - a piece of malware specifically built to persist on Fortinet's FortiGate appliances - may still be lurking on too many devices deployed worldwide. It's also difficult to detect its presence by using FortiGate CLI commands, and to remove it from compromised devices.
State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the...
As the MIVD disclosed in February in a joint report with the General Intelligence and Security Service, Chinese hackers exploited a critical FortiOS/FortiProxy remote code execution vulnerability over a few months between 2022 and 2023 to deploy malware on vulnerable Fortigate network security appliances. The MIVD found that this previously unknown malware strain, which could survive system reboots and firmware upgrades, was deployed by a Chinese state-sponsored hacking group in a political espionage campaign targeting the Netherlands and its allies.
Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain...
Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. The web shell enables further exploitation of the breached endpoints, such as enlisting them as part of the attackers' infrastructure to evade detection in subsequent operations.
The attack utilizes the legitimate file-syncing software SyncThing in combination with malware called SPECTR. Vermin's apparent motive is to steal sensitive information from military organizations. SyncThing establishes a peer-to-peer connection for data synchronization, which is used for stealing documents and account passwords.