A long-running Chinese-linked cyberespionage group targeted a U.S. state legislature's network in July, marking the outfit's first confirmed attack against the U.S. in years, according to analysis published Thursday. The findings from the Symantec Threat Hunter Team point to a group the company refers to as Budworm. Other researchers call the group Bronze Union, APT27, Emissary Panda, Lucky Mouse and Temp.Hippo. READ MORE...
Medibank, a private health insurer in Australia with 3.7 million customers, has confirmed today it is the latest business down under to fall victim to a digital break-in. In a brief statement, the company confirmed it had yanked the ahm and international student policy systems offline, "and we are in the process of methodically and safety restarting systems." "The work we have done today continues to show no evidence that customer data has been accessed, however our investigation is ongoing," Medibank added. READ MORE...
Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service (DDoS) attack. It was a multi-vector attack that lasted for about two minutes and consisted of UDP and TCP floods packets attempting to overwhelm the server and keep out hundreds of thousands of players, DDoS mitigation company Cloudflare says. The researchers say this was the largest bitrate attack they ever recorded and handled. READ MORE...
A US prisoner has been charged with orchestrating an $11 million scam from his cell using a hidden … cellphone. On June 8, 2020, an individual claiming to be billionaire film producer and philanthropist Sidney Kimmel contacted brokerage Charles Schwab by phone and stated that he had uploaded a wire disbursement form using the service's secure email service. READ MORE...
Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host. Aruba EdgeConnect Orchestrator is a widely used WAN management solution, offering enterprise users optimization, administration, automation, and real-time visibility and monitoring features. READ MORE...
Security researchers have detected a threat actor distributing a data-stealing mobile Trojan via a spoofed version of YoWhatsApp, a relatively widely used, modified version of the WhatsApp messaging application. Users who download the app are at risk of having their WhatsApp account details stolen and being signed up for paid subscriptions they did not want or were even aware of. READ MORE...
More than 800 corporate users have been infected in a new QBot malware distribution campaign since September 28, Kaspersky warns. Also known as Qakbot and Pinkslipbot, QBot is an information stealer with backdoor and self-spreading capabilities that has been around since 2009 and which is often used as the initial infection vector in malicious attacks. READ MORE...
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. The attack relies on a small time difference in the return of a "404 Not Found" error when searching for a private compared to a non-existent package in the repository. While the response time difference is only a few hundred milliseconds, it is enough to determine whether a private package exists. READ MORE...
Android devices are leaking certain traffic when a mobile device is connected to a Wi-Fi network, even when features aimed to protect data being sent over the public Internet by using virtual private networks (VPNs) are enabled. The issue could poke a hole in a user's ability to remain anonymous when using a VPN to encrypt data being sent from an Android device over a public Wi-Fi network, allowing a would-be attacker to monitor a user's traffic and even pinpoint someone's location, researchers noted. READ MORE...