A pirate-website operator named Joshua Streit was charged with hacking into Major League Baseball (MLB) computer systems and trying to extort $150,000 from the league by threatening to publicize security vulnerabilities, the US Department of Justice announced yesterday. Streit also "is alleged to have illegally streamed sports content online from MLB, the NHL, the NBA, and the NFL for his own personal profit," the announcement said. READ MORE...
Hackers believed to be linked to Iran have breached an Israeli internet hosting company, taking down several of its sites, local media reported. The cyberattack hit websites including of Israeli public transport companies Dan and Kavim, a children's museum and public radio's online blog, with none of the sites available to users by midday Saturday. READ MORE...
Europol has announced the arrest of 12 individuals believed to be linked to ransomware attacks against 1,800 victims in 71 countries. According to the law enforcement report, the actors have deployed ransomware strains such as LockerGoga, MegaCortex, and Dharma, as well as malware like Trickbot and post-exploitation tools like Cobalt Strike. LockerGoga first appeared in the wild in January 2019, when it hit 'Altran Technologies', a French engineering and R&D consultant, part of the Capgemini group. READ MORE...
Cybercriminals are flooding to use the Snake password-stealing trojan, making it one of the popular malware families used in attacks. Snake has been active since November 2020 and is a different project from the ransomware operation that used the same name in the past. Written in .NET and using the same staging mechanism as FormBook and Agent Tesla, researchers from Cybereason take a deep dive into how the rising threat operates. READ MORE...
Crooks behind a newly identified malware campaign are targeting Windows 10 with malware that can infect systems via a technique that cleverly bypasses Windows cybersecurity protections called User Account Control (UAC). Researchers from Rapid7 recently identified the campaign and warn the goal of the attackers is to extricate sensitive data and steal cryptocurrency from the targeted infected PC. READ MORE...
Virtually all compilers - programs that transform human-readable source code into computer-executable machine code - are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. READ MORE...
The Microsoft 365 Defender Research Team released a blog post yesterday describing a newly found macOS vulnerability that can abuse entitlement inheritance in macOS's System Integrity Protection (SIP) to allow execution of arbitrary code with root-level privilege. The vulnerability is listed as CVE-2021-30892 and has been given the nickname "Shrootless." READ MORE...
MITRE and the DHS's Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the "2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses" list. Composed of the most frequent and critical errors that result in serious hardware vulnerabilities, the list includes a total of 12 entries, with five additional weaknesses that scored just outside the final list also mentioned. READ MORE...