North Korea's fake IT worker scams netted the hermit kingdom $88 million over six years, according to the US Department of Justice, which thinks it's found the people who run them. The scam sees North Korean (DPRK) techies mask their identities and locations to secure remote jobs. They then funnel their ill-gotten booty into Pyongyang's coffers. Some also use their access privileges to steal info such as proprietary source code and then extort their employers. READ MORE...
Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. Targeted devices include routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), IP cameras, firewalls, and fuel management systems. The malware's modular nature makes it capable of compromising a broad spectrum of devices from various manufacturers. READ MORE...
Bitcoin ATM operator Byte Federal is notifying 58,000 people that their personal information might have been compromised in a data breach. Discovered on November 18, the hack occurred after threat actors exploited a vulnerability in the GitLab collaboration platform to access one of its servers. To contain the incident, Byte Federal shut down its platform, hard reset all customer accounts, updated all internal passwords, tokens, and keys, and updated its password management system. READ MORE...
Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that "all customers upgrade immediately." Huntress security researchers first spotted evidence of attacks targeting fully patched Cleo software on December 3. READ MORE...
At least 30,000 media devices were sold in Germany with pre-installed malware that ensnared them into a botnet, Germany's Federal Office for Information Security (BSI) said on Thursday. The infected photo frames and streaming devices were running older Android versions and were infected with the BadBox malware prior to arriving on shelves, the German cybersecurity agency says. READ MORE...
A surveillance tool named EagleMeSpy, developed by a Chinese software company for legal use by the country's public security bureaus, has been scraping the most sensitive data from targeted Android devices since at least 2017. Researchers at Lookout warn that the EagleMeSpy spyware has been under constant development, and while at the moment they have only seen evidence of an Android version, analysis of the tool's infrastructure indicates a potential Apple iOS version is out there as well. READ MORE...
Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of malicious code, security researchers said. The vulnerability, tracked as CVE-2024-11972, is found in Hunk Companion, a plugin that runs on 10,000 sites that use the WordPress content management system. READ MORE...
Reseachers have discovered hundreds of thousands of servers running Prometheus open source monitoring software on the open Web are exposing passwords, tokens, and opportunities for denial of service (DoS) and remote code execution. As a leader among open source observability tools, Prometheus is used widely by organizations to monitor the performance of their applications and cloud infrastructure. READ MORE...