3CX attack caused by another supply chain attack, Mandiant says
The supply chain attack against 3CX last month has far-reaching - and foreboding - consequences beyond what the security community first observed, marking a novel example of a multitiered supply chain attack. "This is the first time in history that Mandiant's ever observed a software supply chain attack of one company lead to the software supply chain attack of another company and another product," Mandiant Consulting CTO Charles Carmakal said Wednesday in a press briefing. READ MORE...
Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov't Agencies
As recently as 2021, the notorious Russian APT28 was exploiting network routers running outdated versions of Cisco's IOS and IOS XE operating system software, using them to deploy backdoors in networks across European and American government institutions. APT28 - aka Fancy Bear, Strontium, Tsar Team, and Sofacy Group - is best known for its campaigns against Ukraine and the 2016 US elections. The UK National Cyber Security Centre (NCSC) has attributed this group to part of Russia's GRU. READ MORE...
Medusa ransomware crew brags about spreading Bing, Cortana source code
The Medusa ransomware gang has put online what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code. "This leak is of more interest to programmers, since it contains the source codes of the following Bing products, Bing Maps and Cortana," the crew wrote on its website, which was screenshotted and shared by Emsisoft threat analyst Brett Callow. READ MORE...
Malware authors join forces and target organisations with Domino Backdoor
There's a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called "Domino", is the brainchild of FIN7 and ex-Conti ransomware members. Domino has been seen in attacks since at least February 2023 according to researchers at IBM Security Intelligence. Domino is being used to further the spread of backdoors and information stealers. READ MORE...
Microsoft summons weather events to name threat actors
Microsoft is changing tack in how it names threat actors, adopting a taxonomy inspired by weather. Gone are the days of Microsoft naming threat actors elements, trees, volcanoes and DEVs, John Lambert, distinguished engineer and corporate VP at Microsoft Threat Intelligence, said Tuesday in a blog post. Threat intelligence firms, Microsoft included, put their mark on the threat actors they track by assigning unique names to the adversaries. READ MORE...
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones
Fitness apps such as Strava leak sensitive location information of users, even when they've used in-app features to specifically set up privacy zones to hide their activity within specified areas, researchers have found. Two PhD students from KU Leuven in Belgium have discovered that if a person is starting his or her activity from home, an attacker with limited skills can use high-precision API metadata revealed in the app to pinpoint their home location. READ MORE...
Microsoft SQL servers hacked to deploy Trigona ransomware
Attackers are hacking into poorly secured and Interned-exposed Microsoft SQL (MS-SQL) servers to deploy Trigona ransomware payloads and encrypt all files. The MS-SQL servers are being breached via brute-force or dictionary attacks that take advantage of easy-to-guess account credentials. After connecting to a server, the threat actors deploy malware dubbed CLR Shell by security researchers from South Korean cybersecurity firm AhnLab who spotted the attacks. READ MORE...
- ...in 1902, Marie and Pierre Curie successfully isolate radioactive radium salts from the mineral pitchblende.
- ...in 1940, The first electron microscope is demonstrated by RCA researcher Vladimir Zworykin in Philadelphia, PA.
- ...in 1946, The League of Nations is dissolved, transferring most of its power to the United Nations.
- ...in 2008, Danica Patrick wins the Indy Japan 300, becoming the first woman in history to win an Indy car race.
