Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit
Microsoft's latest report on "one of the most dangerous financial criminal groups" operating offers security pros an abundance of threat intelligence to protect themselves from its myriad tactics. The "unique" native English-speaking group is tracked by Microsoft as Octo Tempest and in the space of a year has demonstrated a consistent and rapid evolution to become one of the most well-equipped cybercrime groups in existence. READ MORE...
France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. The threat group, which is considered part of Russia's military intelligence service GRU, was recently linked to the exploitation of CVE-2023-38831, a remote code execution vulnerability in WinRAR, and CVE-2023-23397, a zero-day privilege elevation flaw in Microsoft Outlook. READ MORE...
Nigerian Cybercrime Hub Shut Down With 6 Arrests
Nigerian police arrested six men they believe are associated with a cybercrime recruitment and mentoring hub. During interrogation, the six men - aged from 19 to 27 - admitted to activities including identity theft, hacking and trading of hacked Facebook accounts, romance scams, computer-related forgery, and other computer-related fraud, according to a statement from the Nigerian police force. READ MORE...
Iran APT Targets the Mediterranean With Watering-Hole Attacks
A threat actor sponsored by the Islamic Republic of Iran has been using watering-hole attacks, with a new malware downloader and a budding new method of infection, against Mediterranean organizations involved in the maritime, shipping, and logistics sectors. These latest tactics and tools represent in some ways a continuation, and in other ways an evolution, for the group variously known as Tortoiseshell, Imperial Kitten, TA456, Crimson Sandstorm, and Yellow Liderc. READ MORE...
Apple drops urgent patch against obtuse TriangleDB iPhone malware
Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops. The vulnerability, tracked as CVE-2023-32434, "may have been actively exploited against versions of iOS released before iOS 15.7," according to Apple's security update. Exploiting this flaw allows the execution of arbitrary code with kernel privileges. This is the second patch that Apple has issued to fix the vulnerability. READ MORE...
Advanced 'StripedFly' Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools
A highly sophisticated piece of malware posing as a cryptocurrency miner has stayed under the radar for five years, infecting more than one million devices, cybersecurity firm Kaspersky warns. Dubbed StripedFly, the threat contains code sequences previously observed in the malware used by the threat actor known as the Equation Group, which has been linked to the US National Security Agency. READ MORE...
Android adware apps on Google Play amass two million installs
Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices. In their latest monthly mobile threat report, Doctor Web's analysts identified trojans on Google Play associated with the 'FakeApp,' 'Joker,' and the 'HiddenAds' malware families. Of particular interest are the following four adware (HiddenAds) apps disguised as games. READ MORE...
F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP
Security and application delivery solutions provider F5 on Thursday warned customers of a critical-severity vulnerability in its BIG-IP product. Tracked as CVE-2023-46747 (CVSS score of 9.8) and impacting the Traffic Management User Interface of the solution, the vulnerability allows an unauthenticated attacker to execute arbitrary code remotely. According to Praetorian Security CVE-2023-46747 is a request smuggling issue that allows an unauthenticated attacker to gain full administrative privileges. READ MORE...
Novel zero-day exploits fuel Q3 surge in DDoS attacks
Distributed denial of service attacks escalated during the third quarter, as a novel zero-day vulnerability led to a series of record-breaking attacks that continued into the month of October, according to a report released Thursday by Cloudflare. Exploits of the HTTP/2 Rapid Reset vulnerability led to record breaking incidents, as Cloudflare reported 89 attacks that exceeded 100 million requests per second. READ MORE...
- ...in 1809, President James Madison orders the annexation of the western part of West Florida. Settlers there had rebelled against Spanish authority.
- ...in 1904, The New York subway officially opens running from the Brooklyn Bridge uptown to Broadway at 145th Street.
- ...in 1950, author and public speaker Fran Lebowitz ("Metropolitan Life", "Social Studies") is born in Morristown, NJ.
- ...in 1988, US President Ronald Reagan decides to tear down a new US Embassy in Moscow because Soviet listening devices were built into the structure.
