Ukraine claims to have successfully hacked Russian military servers and gained access to highly sensitive information. According to an official statement from the Defence Intelligence of Ukraine, the hack has allowed Ukraine to gain possession of "the information security and encryption software" used by Russia's Ministry of Defence (Minoborony), as well as secret documents, reports, and instructions exchanged between over 2,000 units of Russia's security services. READ MORE...
Fidelity Investments Life Insurance Company is informing roughly 28,000 individuals that their personal information was compromised in a data breach at third-party services provider Infosys McCamish System (IMS). The data breach, Fidelity says, was the result of a cyberattack on IMS' systems, which occurred in October 2023 and led to unauthorized access to data that IMS was holding on behalf of its customers. READ MORE...
Belgian beer brewer Duvel says a ransomware attack has brought its facility to a standstill while its IT team works to remediate the damage. Spokesperson Ellen Aarts had a statement on tap for local media on Wednesday: "At 0130 last night, the alarms went off in Duvel's IT department because ransomware had been detected. Production was therefore immediately stopped. It is not yet known when it could start again. We hope today or tomorrow. READ MORE...
Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack. Credential stuffing relies on the re-use of passwords. Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are exposed. People with access to the credentials from Site A try them on Site B, often via automation, and gain access to the user's account. READ MORE...
Incident response firm Sygnia was contacted by a company to investigate suspect activity on its network. Sygnia rapidly concluded the company was experiencing a ransomware attack and was in imminent danger of having its entire environment encrypted. It recommended immediate and bold action - disconnect from the internet. The company (which we'll now call the victim) complied. The attack was blocked, and the attacker could neither continue to the encryption phase nor delete its trail. READ MORE...
A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. According to Proofpoint, whose analysts have been tracking the campaign, the threat actors impersonate the U.S. Department of Transportation, the U.S. Department of Agriculture (USDA), and the U.S. Small Business Administration (SBA). READ MORE...
Digital crimes potentially cost victims more than $12.5 billion last year, according to the FBI's latest Internet Crime Complaint Center (IC3) annual report. The Feds recorded 880,418 complaints in 2023, which represents almost a 10 percent increase in reports of crime versus a year earlier. The potential monetary loss, however, marks a 22 percent jump from 2022's figures. Of course, these are only the crimes that victims report to the FBI, so the actual count is likely much higher. READ MORE...
VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. A constellation of four vulnerabilities are serious because they undermine the fundamental purpose of the VMware products, which is to run sensitive operations inside a virtual machine that's segmented from the host machine. READ MORE...
Researchers have spotted a concerted cyber compromise campaign targeting cloud servers running vulnerable instances of Apache Hadoop, Atlassian Confluence, Docker, and Redis. The attackers are dropping a cryptomining tool, but also installing a Linux-based reverse shell that would allow potential future targeting and malware infestations. According to an analysis from Cado Security, in most cases the adversary is hunting for common cloud misconfigurations to exploit. READ MORE...
A targeted watering-hole cyberattack linked to a Chinese threat group infected visitors to a Buddhism festival website and users of a Tibetan language translation application. The cyber-operations campaign by the so-called Evasive Panda hacking team began September 2023 or earlier and affected systems in India, Taiwan, Australia, the United States, and Hong Kong, according to new research from ESET. READ MORE...
Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. Exploitation appears to be massive, with hundreds of new users created on unpatched instances of TeamCity exposed on the public web. LeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix. READ MORE...