Despite a $10 million bounty on one member, APT45 is not slowing down, pivoting from intelligence gathering to extorting funds for Kim Jong-Un’s regime. Go to Source Author: Tara Seals, Managing Editor, News, Dark Reading
Author Archives: Onsite Computing, Inc.
All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs. Go to Source Author: Jai Vijayan, Contributing Writer
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. […] Go to Source Author: Bill Toulas
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. […] Go to Source Author: Sergiu Gatlan
A new ‘FakeUpdate’ campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware. […] Go to Source Author: Bill Toulas
Content distribution network Cloudflare has reported mitigating the largest distributed denial-of-service (DDoS) attack seen to date. The attack by unknown perpetrators, observed in September, was part of a bigger campaign of more than 100 attacks that constantly exceeded three terabits per second (Tbps) and peaked at 3.8 Tbps, the highest value for a network layer […]
A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that’s also widely known as pig butchering, in which prospective victims are lured into making […]
Microsoft has released Office 2024 for small businesses and consumers who want a standalone version without a Microsoft 365 subscription. […] Go to Source Author: Sergiu Gatlan
Large Language Models (LLMs) have a serious “package hallucination” problem that could lead to a wave of maliciously-coded packages in the supply chain, researchers have discovered in one of the largest and most in-depth ever studies to investigate the problem. It’s so bad, in fact, that across 30 different tests, the researchers found that 440,445 (19.7%) of […]
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. “The […]