Breaking (Cyber) News
Keep abreast of breaking cyber security news and evolution in the cyber threat landscape
The Hacker News
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RATA new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. "The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT’s typical delivery mechanism by leveraging OLE (Object
- E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen CredentialsA 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession […]
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced TacticsA new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a
CSO Online
- Teams, Slack, and GitHub, oh my! – How collaborative tools can create a security nightmareFast and efficient collaboration is essential to today’s business, but the platforms we use to communicate with colleagues, vendors, clients, and customers can also introduce serious risks. Looking at some of the most common collaboration tools — Microsoft Teams, GitHub, Slack, and OAuth — it’s clear there are dangers presented by information sharing, as valuable […]
- North Korean Kimsuky group’s attack chain blends with legitimate trafficA recent attack campaign by one of North Korea’s state-run hacking groups uses a new PowerShell and VBScript-based attack chain that’s initiated from inside LNK files. Multiple attack stages are downloaded from legitimate cloud services and the final payload is an open-source remote access trojan. “All of the C2 communication is handled through legitimate services […]
- Hackers drop RisePro info stealers through GitHub repositoriesMultiple GitHub repositories posing as cracked software codes were found attempting to drop the RisePro info-stealer onto victim systems. The campaign delivers a new variant of the RisePro info-stealing malware designed to crash malware analysis tools like IDA and ResourceHacker. G Data CyberDefense, the German cybersecurity company that made the discovery, reported that it had […]
darkreading
- North Korea-Linked Group Levels Multistage Cyberattack on South KoreaKimsuky-attributed campaign uses eight steps to compromise systems — from initial execution to downloading additional code from Dropbox, and executing code to establish stealth and persistence.
- ML Model Repositories: The Next Big Supply Chain Attack TargetMachine-learning model platforms like Hugging Face are suspectible to the same kind of attacks that threat actors have executed successfully for years via npm, PyPI, and other open source repos.
- Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 ContinentsThe group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe.
Sophos News
- Benchmarking the Security Capabilities of Large Language ModelsComparative Sophos X-Ops testing not only indicates which models fare best in cybersecurity, but where cybersecurity fares best in AI
- Sophos named a Leader in the 2024 IDC MarketScape for Worldwide Modern Endpoint Security for Small BusinessesThis IDC MarketScape evaluates how their endpoint security vendors meet the needs of organizations with fewer than 100 employees.
- 59 CVEs primed for Microsoft’s March Patch TuesdayJust two critical-severity issues addressed, though Azure and OMI admins won’t want to delay patching this month
GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
- Mintlify Data Breach Exposes Customer GitHub TokensA renowned software documentation platform has confirmed a security breach that led to the unauthorized access of 91 GitHub tokens. This incident has raised alarms about the potential exposure of private repositories and the overall security measures to protect sensitive user data. A thorough examination of server logs revealed unusual requests from an unrecognized device, […]
- 900+ websites Exposing 10M+ Passwords: Most in PlaintextOver 900 websites inadvertently expose over 10 million passwords, many of which are in plaintext, alongside sensitive billing information and personally identifiable information (PII) of approximately 125 million users. This massive data exposure is attributed to misconfigured Firebase instances, a popular development platform for creating mobile and web applications, which, due to its ease of […]
- Hackers Exploiting Microsoft Office Templates to Execute Malicious CodeIn a cyberattack campaign dubbed “PhantomBlu,” hundreds of employees across various US-based organizations were targeted with phishing emails masquerading as messages from an accounting service. This campaign represents a significant evolution in the tactics, techniques, and procedures (TTPs) employed by cybercriminals. They are leveraging social engineering and advanced evasion techniques to deploy malicious code. The […]