hackers
-
Blog
Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. According to a Microsoft Threat Intelligence report, the campaign was observed in mid-November 2024 and represents a tactical shift for Star Blizzard as a response to the recent exposure of the threat actor’s tactics,…
Read More » -
Blog
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. The data was leaked by the “Belsen Group,” a new hacking group first appearing on social media and cybercrime forums this month. To promote…
Read More » -
Blog
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victims
Hackers who were able to steal data belonging to two AWS customers used the platform’s encryption capabilities to conduct a novel type of ransomware attack, researchers have warned. A new report from cyber resilience firm Halcyon’s RISE team identified a new ransomware campaign targeting Amazon S3 buckets, where the attackers leverage AWS’ server-side encryption along with the Customer Provided Keys…
Read More » -
Blog
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. The campaign was recently discovered by incident response firm SpearTip, who said the attacks began on January 6, 2024, targeting the Azure Active Directory Graph API. The researchers warn that the brute-force attacks have to successful account takeovers 10% of the time.…
Read More » -
Blog
macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. System Integrity Protection (SIP), or ‘rootless,’ is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account’s powers in protected areas. SIP allows only Apple-signed…
Read More » -
Blog
Treasury hackers also breached US foreign investments review office
Silk Typhoon Chinese state-backed hackers have reportedly breached a Treasury Department office that reviews foreign investments for national security risks. CNN reported on Friday, citing U.S. officials familiar with the matter, that the attackers gained access to the Committee on Foreign Investment in the United States (CFIUS) systems. The CFIUS is a government office and interagency committee authorized to review foreign investment…
Read More » -
Blog
Russian ISP confirms Ukrainian hackers “destroyed” its network
Ukrainian hacktivists, part of the Ukrainian Cyber Alliance group, announced on Tuesday they had breached Russian internet service provider Nodex’s network and wiped hacked systems after stealing sensitive documents. “The Russian internet provider Nodex in St. Petersburg was completely looted and wiped. Data exfiltrated, while the empty equipment without backups was left to them,” the Ukrainian hacktivists announced yesterday on…
Read More » -
Blog
Chinese hackers also breached Charter and Windstream networks
More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. This comes after AT&T, Verizon, and Lumen confirmed on December 30 that they have evicted the hackers from their networks. After breaching their networks, the Salt Typhoon hackers gained access to targeted…
Read More » -
Blog
Millions of email users at risk — passwords could be exposed to hackers, experts warn
New research from security experts has revealed over 3 million mail servers are still using an aging protocol without encryption enabled, leaving millions of usernames and passwords vulnerable to hackers. This week the Shadowserver Foundation, a nonprofit security organization, pushed out an alert on X and that it found 3.3 million POP3 and IMAP servers are operating without transport layer…
Read More » -
Blog
US sanctions Chinese company linked to Flax Typhoon hackers
The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. As the Treasury’s Office of Foreign Assets Control (OFAC) said on Friday, the Chinese state-sponsored hackers used the company’s infrastructure to launch attacks targeting networks of victims in Europe and the United States for over…
Read More »