Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor
Telecom companies can add one more sophisticated adversary to the already long list of advanced persistent threat (APT) actors they need to protect their data and networks against. The new threat is "Sandman," a group of unknown origin that surfaced mirage-like in August and has been deploying a novel backdoor using LuaJIT, a high-performance, just-in-time compiler for the Lua programming language. READ MORE...
Hotel hackers redirect guests to fake Booking.com to steal cards
Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers. By using this indirect approach and a fake Booking.com payment page, cybercriminals have found a combination that ensures a significantly better success rate at collecting credit card information. READ MORE...
Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones
Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited "against versions of iOS before iOS 16.7." Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group have been credited with reporting them, so the flaws have probably been used to deploy spyware. READ MORE...
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware. The fake PoC exploit was spotted by Palo Alto Networks' Unit 42 team of researchers, who reported that the attacker uploaded the malicious code to GitHub on August 21, 2023. The attack is no longer active, but it once again highlights the risks of sourcing PoCs from GitHub and running them without additional scrutiny to ensure they're safe. READ MORE...
India's biggest tech centers named as cyber crime hotspots
India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurugram - centers of India's tech development - are hubs of this activity. The report - A Deep Dive into Cybercrime Trends Impacting India from the non-profit Future Crime Research Foundation (FCRF) - identified cyber crime hot spots from January 2020 until June 2023. The analysis of the top 10 cyber crime-prone districts in India reveals several common factors contributing to their vulnerability READ MORE...
US is making headway on securing cyber infrastructure, commission sa
The U.S. has made significant progress towards developing a more resilient cybersecurity infrastructure, after implementing about 70% the Cyberspace Solarium Commission's recommendations. Key gaps remain in the nation's cybersecurity posture, including the need to create more resilient federal networks and strengthen key critical infrastructure sectors, such as healthcare, agriculture and water. READ MORE...
Incomplete disclosures by Apple and Google create "huge blindspot" for 0-day hunters
Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a "huge blindspot" that's causing a large number of offerings from other developers to go unpatched, researchers said Thursday. Two weeks ago, Apple reported that threat actors were actively exploiting a critical vulnerability in iOS so they could install espionage spyware known as Pegasus. READ MORE...
- ...in 1789, the office of United States Postmaster General is established.
- ...in 1958, rock musician Joan Jett ("I Love Rock 'n' Roll", "Bad Reputation") is born in Wynnewood, PA.
- ...in 1961, President John F. Kennedy signs legislation establishing the Peace Corps as a permanent government agency.
- ...in 1991, the Dead Sea Scrolls are made available to the public for the first time.
