Security News
The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten...
CISA is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could have severe repercussions, such as water supply contamination through manipulating the device to alter chemical dosing.
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. Today, the Treasury's Office of Foreign Assets Control has sanctioned Sinbad.io for its alleged use by North Korean hackers who have performed large-scale crypto heists, leading to hundreds of millions of dollars in losses.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it's responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers...
The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a report that contained the names and email addresses of all Okta customer support system users. Initial and latest findings about the Okta customer support system breach.
Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments. Of the three flaws, CVE-2023-49103 received a maximum CVSS severity score of 10.0 as it allows a remote threat actor to execute phpinfo() through the ownCloud 'graphapi' app, which reveals the server's environment variables, including credentials stored within them.
Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization’s entire network at...
Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a...
The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains,...
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language. Examination of the new Rust-based variants by Check Point has established a connection between the previously unattributed backdoor and 'Operation Electric Powder,' which dates back to 2016-2017.