Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution. The flaw makes it possible for hackers with access to the connection between an affected device and the Internet to poison DNS requests used to translate domains to IP addresses, researchers from security firm Nozomi Networks said Monday. READ MORE...
An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments for at least 18 months. Catalogued as UNC3524 by Mandiant, the threat actor is also extremely adept at re-gaining access to a victim environment when booted out, "re-compromising the environment with a variety of mechanisms, immediately restarting their data theft campaign." READ MORE...
According to the US Department of Health and Human Services, Adaptive Health Integrations (AHI), a healthcare software and billing services firm in North Dakota, suffered a data breach that affected more than half a million individuals. According to the firm, the breach occurred in mid-October last year, but it only started notifying people last month. READ MORE...
Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations. Behind the incidents are believed to be pro-Ukrainian actors such as hacktivists, likely backed by the country's IT Army. DDoS cyberattacks aim to cripple operations of by sending out more requests than the target can handle and becomes unavailable to legitimate clients. READ MORE...
The Russian hacking group behind the SolarWinds hack, Nobelium, is setting up new infrastructure to launch attacks using old tricks, researchers at Recorded Future found. The findings, published Tuesday and shared first with CyberScoop, demonstrate how the group has evolved in recent months in an effort to avoid researcher detection. Researchers identified more than four dozen domains the group used in phishing attacks, some of which attempted to emulate real brands. READ MORE...
In an unexpected turn of events, research has surfaced about a Chinese APT (advanced persistent threat) group targeting the Russian military in recent cyberattacks. Tracked as Bronze President, Mustang Panda, RedDelta, and TA416, the group has focused mainly on Southeast Asian targets-and more recently, European diplomats-and turned their attention towards Russia and started targeting the country's military situated close to the Chinese border. READ MORE...
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today. Malware from notorious ransomware operations like Conti, the revived REvil, the newcomer Black Basta, the highly active LockBit, or AvosLocker, all came with security issues that could be exploited to stop the final and most damaging step of the attack, file encryption. READ MORE...
Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for malicious late stage trojans, according to a Kaspersky research report released Wednesday. READ MORE...
Over years of teaching threat modeling - including the STRIDE mnemonic, which I'll describe here - I've found that people often get stuck when trying to answer "what can go wrong?" My favorite way to help them clear these hurdles is with stories from a long time ago in a galaxy far, far away. Star Wars offers an accessible and expansive set of examples. READ MORE...