Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. On Monday, the company first warned about a spike in attacks targeting VPN devices, sharing recommendations on how admins can protect their devices. Later, it discovered the source of the problem, a zero-day flaw that hackers exploited against its customers. READ MORE...
First American Financial Corporation this week revealed that the personal information of 44,000 individuals was compromised in a December 2023 cyberattack. The financial services firm initially disclosed the incident on December 21, when it announced that it had taken certain systems offline as a containment measure, after identifying unauthorized activity on its network. The next day, First American announced that it had taken its email systems offline as well. READ MORE...
BreachForums is back online just weeks after the notorious dark-web marketplace for stolen data was seized by law enforcement. Online threat hunters spotted the bazaar's resurgence, now seemingly under the control of ShinyHunters - one of the earlier BreachForums admins. The marketplace opened for registration on Tuesday. The BreachForums website and Telegram channel takedown happened on May 15 with both displaying warnings that they were now "under the control of the FBI." READ MORE...
Microsoft has named yet another state-aligned threat actor: Moonstone Sleet (formerly Storm-1789), which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime. "Moonstone Sleet uses tactics, techniques, and procedures (TTPs) also used by other North Korean threat actors over the last several years, highlighting the overlap among these groups," Microsoft's threat analysts say. READ MORE...
More than 90 malicious mobile apps have been downloaded more than 5.5 million times from the Google Play store in the last few months. They spread various malware, including the Anatsa banking Trojan, researchers have found. The apps, discovered by researchers at Zscaler over the past few months, act as decoys for the malware, and include a variety of PDF and QR code readers as well as file managers, editors, and translators, Zscaler revealed in a blog post published yesterday. READ MORE...
Researchers have spotted a recent surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant called CatDDoS. The attacks have targeted organizations across multiple sectors and include cloud vendors, communication providers, construction companies, scientific and research entities, and educational institutions in the US, France, Germany, Brazil, and China. READ MORE...
The US Treasury Department has sanctioned three Chinese nationals for their involvement in a VPN-powered botnet with more than 19 million residential IP addresses they rented out to cybercriminals to obfuscate their illegal activities, including COVID-19 aid scams and bomb threats. The criminal enterprise, the Treasury Department said Tuesday, was a residential proxy service known as 911 S5. READ MORE...