North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds
North Korean-linked hackers are picking up new tactics within the ongoing fake IT worker schemes, impersonating individuals trying to obtain remote employment. In the latest example, IT workers impersonate Vietnamese, Japanese, and Singaporean nationals seeking roles in engineering, and full-stack developer positions within the US and Japan. Human risk security firm Nisos is tracking the campaign, sharing that its researchers have identified six personas in the scheme. READ MORE...
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
Microsoft threat hunters warned Wednesday of a significant shift in tactics by Silk Typhoon, a Chinese government espionage group linked to recent US Treasury hacks. The group is now targeting companies in the global IT supply chain. Instead of going after high-profile cloud services, Microsoft said it caught the threat actor using stolen API keys and compromised credentials to breach a range of companies in the IT supply chain to extend their reach to downstream customer environments. READ MORE...
Rubrik discloses server breach, compromise of 'access information'
In a blog post on Feb. 22, Rubrik said its security team recently discovered "anomalous activity" on a server containing log files. A forensic investigation by a third-party partner revealed the server had been compromised by an unauthorized actor. Rubrik co-founder & CTO Arvind Nithrakashyap and CISO Michael Mestrovich said in the post that the intrusion was limited to the single server and there was no evidence that the threat actor had accessed customer data or Rubrik's internal code. READ MORE...
Toronto Zoo shares update on last year's ransomware attack
The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024. In a final notification regarding the cyberattack, the Toronto Zoo said the resulting data breach impacts varying combinations of personal and financial information belonging to employees, former employees, volunteers, and donors. The exposed information includes transaction data such as impacted individuals' names, street address information, and more. READ MORE...
Qilin ransomware gang claims attacks on cancer clinic, OB-GYN facility
Qilin - the "no regrets" ransomware crew wreaking havoc on the global healthcare industry - just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women's healthcare facility in the US. Qilin is the same group responsible for multiple attacks on healthcare orgs across the globe including one that locked up pathology labs across NHS facilities in the UK for weeks, and its spokesperson once famously told The Reg in an interview that it had no regrets. READ MORE...
Iranian Hackers Target UAE Firms With Polyglot Files
Proofpoint warns of a highly targeted campaign targeting several United Arab Emirates organizations across multiple sectors with a new backdoor. The attacks, attributed to an Iranian threat actor tracked as UNK_CraftyCamel, employed polyglot files to hide the malicious payload, a technique relatively uncommon in espionage attacks. The threat actor compromised an Indian electronics company's email account in October 2024 and then used it to send malicious email messages to UAE organizations. READ MORE...
Android zero-day vulnerabilities actively abused. Update as soon as you can
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn't always mean that the patches are available for all devices immediately. READ MORE...
More than 86K IoT devices compromised by fast-growing Eleven11 botnet
Security researchers warn that a malicious botnet exploiting internet of things devices for DDoS attacks is rapidly spreading since it was discovered last week. The Shadowserver Foundation said more than 86,000 IoT devices were compromised by Eleven11bot as of Sunday, which is more than double the total of about 30,000 devices reported as of Friday. Of 86,000 total, about 27,000 of the compromised devices were based in the U.S. READ MORE...
Hunters International ransomware claims attack on Tata Technologies
The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. Tata Technologies provides engineering and digital solutions for manufacturing industries worldwide. Founded in 1989 and based in Pune, it operates in 27 countries with over 12,500 employees, specializing in automotive, aerospace, and industrial sectors with product development and digital transformation services. READ MORE...
Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate
Three critical vulnerabilities in multiple virtual-machine products from VMware can give hackers unusually broad access to some of the most sensitive environments inside multiple customers' networks, the company and outside researchers warned Tuesday. The class of attack made possible by exploiting the vulnerabilities is known under several names, including hyperjacking, hypervisor attack, or virtual machine escape. READ MORE...
PayPal scam abuses Docusign API to spread phishy emails
PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails. The Docusign Application Programming Interface (API) allows "customers" to send emails that come from genuine Docusign accounts, and they can use templates to impersonate reputable companies. The phishers set up a Docusign account and then use the templates provided by Docusign to send out legitimate looking invoices from PayPal. READ MORE...
- ...in 1770, British troops fatally shoot five American civilians in Boston, a key event leading to the American Revolution.
- ...in 1910, Japanese businessman Momofuku Ando, the inventor of instant ramen noodles, is born in Taiwan.
- ...in 1946, Winston Churchill uses the phrase "Iron Curtain" to describe Soviet domination of Eastern Europe, in a speech at Westminster College in Fulton, MO.
- ...in 1955, stage magician and author Penn Jillette, of the comedy magic act Penn & Teller, is born in Greenfield, MA.
