Notorious ransomware gang LockBit has reportedly exfiltrated "a tremendous amount of sensitive data from aerospace outfit Boeing. VX underground published a screenshot of Lockbit's announcement, and threat to expose data if Boeing does not engage with it by November 2nd. Boeing has told US media it is investigating Lockbit's claims. If Lockbit has indeed stolen Boeing data the repercussions could be enormous as the company does plenty of work for military clients. READ MORE...
Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. Initially the group made a name for itself by SIM swapping. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target's cell phone number. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim's carrier. READ MORE...
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution. The flaw has received a CVSS v3.1 score of 9.8, rating it "critical," as it can be exploited without authentication in low-complexity attacks. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port. READ MORE...
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag. This theory is supported by analysis of the new encryptor revealing multiple code overlaps between the two ransomware gangs. Security researchers analyzing a sample of the Hunters International malware discovered a striking resemblance to the code used in Hive ransomware attacks. READ MORE...
Are whistleblowers traitors to the company, a danger to corporate brand image, and a form of insider threat? Or are they an early warning safety valve that can be used to strengthen cybersecurity and compliance? Two high profile recent whistleblower cases confirm the arrival of whistleblowing to cybersecurity. These are Peiter (Mudge) Zatko and Twitter, and an FCA action against Penn State's Applied Research Laboratory (ARL). READ MORE...
Security researchers at eSentire are calling attention to a new method that attackers can use to redirect business professionals to malicious websites. Described as the Wiki-Slack attack, the new technique uses modified Wikipedia pages and relies on a formatting error when the page is rendered in Slack. To mount the attack, a threat actor would first need to select a Wikipedia article that might be of interest to an intended target, then modify it to add a legitimate footnote at the end of the first paragraph. READ MORE...
Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers. Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates - in the form of sound, light, or electromagnetic radiation, for example. READ MORE...