Move Over, APTs: Cybercriminals Now Target Critical Infrastructure Too
A "crimewave" of mass exploitation of Zyxel firewall devices has been washing over critical infrastructure in Europe - and Sandworm, the Russian state-sponsored advanced persistent threat (APT) that specializes in such attacks, is behind only part of it. According to an analysis from Forescout Research, Vedere Labs this week, one of two previously reported attacks against the Danish energy sector in May was mistakenly attributed to Sandworm. READ MORE...
Framework discloses data breach after accountant gets phished
Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. The California-based manufacturer of upgradeable and modular laptops says a Keating Consulting accountant was tricked on January 11 by a threat actor impersonating Framework's CEO into sharing a spreadsheet containing customers' personally identifiable information (PII). READ MORE...
Apple Patches Keystroke Injection Vulnerability in Magic Keyboard
Apple this week announced Magic Keyboard firmware updates that patch a vulnerability potentially allowing attackers to inject keystrokes over Bluetooth. The issue was disclosed in December by SkySafe software engineer Marc Newlin, who warned that an attacker within Bluetooth range could exploit the bug without authentication. Newlin warned that an adversary would only need a Linux machine and a normal Bluetooth device to mount the attack, and that Android and Linux devices are also affected. READ MORE...
Actor paid to pose as crypto CEO "deeply sorry" about $1.3 billion scam
An actor who was hired to pretend to be the highly qualified CEO of a shady, collapsed cryptocurrency hedge fund called HyperVerse has apologized after a YouTuber unmasked his real identity last week. An Englishman currently living in Thailand, Stephen Harrison confirmed to The Guardian that HyperVerse hired him to pose as CEO Steven Reece Lewis. Harrison told The Guardian that he was "deeply sorry" to HyperVerse investors-who lost a reported $1.3 billion after buying into a cryptocurrency-mining operation. READ MORE...
Drivers: We'll take that plain dumb car over a flashy data-spilling internet one, thanks
Despite all the buzz around internet-connected smart cars at this year's CES in Las Vegas, most folks don't want vehicle manufacturers sharing their personal data with third parties - and even say they'd consider buying an older or dumber car to protect their privacy and security. According to a survey of 2,000 Americans conducted by Kaspersky in November and published this week, 72 percent of drivers are uncomfortable with automakers sharing their data with advertisers. READ MORE...
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout
The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response firm Volexity warned on January 10 that it had seen threat actors likely connected to China exploiting two previously unknown vulnerabilities in Ivanti Connect Secure (ICS) VPN devices to gain access to internal networks. READ MORE...
Over 150k WordPress sites at takeover risk via vulnerable plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. Last month, Wordfence security researchers Ulysses Saicha and Sean Murphy discovered two vulnerabilities in the plugin and reported them to the vendor. The first, tracked as CVE-2023-6875, is a critical authorization bypass flaw arising from a "type juggling" issue on the connect-app REST endpoint. READ MORE...
- ...in 1921, in reaction to the "Black Sox" scandal, Major League Baseball team owners elect Kenesaw Mountain Landis as the league's first commissioner.
- ...in 1944, professional boxer and former heavyweight champion Joe Frazier is born in Beaufort, SC.
- ...in 1965, hard rock musician and filmmaker Robert Bartleh Cummings, AKA Rob Zombie, is born in Haverhill, MA.
- ...in 1971, the controversial but highly influential TV sitcom "All in the Family" debuts on CBS.
