The second quarter of 2023 has seen "an alarming escalation in the sophistication" of distributed denial-of-service attacks, Cloudflare said Tuesday, pointing to a proliferation of more targeted digital assaults designed to take down websites and other connected services. Cloudflare, a company that mitigates DDoS attacks and provides other web services, said in its second quarter threat report that it has tracked thousands of attacks launched by a consortium of pro-Russian hacktivist groups. READ MORE...
At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company's security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. READ MORE...
Norwegian mining and recycling giant TOMRA says it has isolated tech systems as it deals with an "extensive cyberattack." TOMRA has multiple divisions that focus on areas including waste and recycling solutions, metal sorting systems, mining machine systems and food sorting equipment. It turned over $1.2 billion in calendar 2022. The attack began at the weekend on July 16, the company told the Oslo Stock Exchange yesterday. READ MORE...
The threat actor FIN8 has resurged after a lull, using a revised version of its Sardonic backdoor to deliver the BlackCat ransomware. It's an evolution of its malware arsenal that fits the group's pattern of constant reinvention. FIN8, which Symantec tracks as "Syssphinx," is a well-known, financially-motivated cybercrime group, which in the past has indiscriminately targeted organizations across the chemicals, entertainment, finance, hospitality, insurance, retail, and technology industries. READ MORE...
A threat actor infected their own computer with an information stealer, which has allowed Israeli threat intelligence company Hudson Rock to uncover their real identity. Using the online moniker 'La_Citrix', the threat actor has been active on Russian speaking cybercrime forums since 2020, offering access to hacked companies and info-stealer logs from active infections. READ MORE...
Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. CVE-2023-3519 is a remote code execution (RCE) vulnerability that could allow an unauthenticated threat actor to execute arbitrary code on a vulnerable server. At this time there is no public PoC, but the vulnerability has been observed being exploited in the wild. READ MORE...
Oracle on Tuesday announced the release of 508 new security patches as part of the July 2023 CPU, including more than 75 patches that resolve critical-severity vulnerabilities. More than 350 of the security patches address vulnerabilities that can be exploited remotely, without authentication. Some of these flaws impact multiple products, Oracle's advisory reveals. READ MORE...
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. Discovered yesterday by MalwareHunterTeam, the ransomware was initially thought to be part of a red team exercise by Sophos. However, the Sophos X-Ops team tweeted that they did not create the encryptor and that they are investigating its launch. READ MORE...
The Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. The bots were used to push Russian propaganda justifying Russia's war in Ukraine, to disseminate illegal content and personal information, and in various other fraudulent activities. READ MORE...
Attackers have been exploiting a critical flaw in the WordPress WooCommerce Payments plug-in in a spate of attacks over the last few days that peaked at 1.3 million attempts against 157,000 sites on July 15, researchers have found. Researcher Michael Mazzolini of GoldNetwork discovered flaw - tracked as CVE-2023-28121 and rated as 9.8 out of 10 on the CVSS vulnerability rating scale - in March while doing white-hat testing through WooCommerce's HackerOne program. READ MORE...