Cleaning Products Giant Clorox Takes Systems Offline Following Cyberattack
Cleaning products manufacturer and marketer Clorox Company says it has taken certain systems offline in response to a cyberattack. "The Clorox Company recently identified unusual activity on our IT systems. Upon detection, we immediately took steps to stop the activity and took certain systems offline," the company said in response to a SecurityWeek inquiry. Clorox also said that the affected systems remain offline as it is working on adding more "protections and hardening measures to further secure them". READ MORE...
QR Code Phishing Campaign Targets Top US Energy Company
Attackers targeted a major US energy company with a phishing campaign that overall sent more than 1,000 emails armed with malicious QR codes aimed at stealing Microsoft credentials. The campaign, discovered by Cofense in May, used both PNG image attachments and redirect links associated with Microsoft Bing and well-known business applications - including Salesforce and CloudFlare's Web3 services - with embedded QR codes, the researchers revealed in a post published today. READ MORE...
Hackers are increasingly hiding within services such as Slack and Trello to deploy malware
Criminal hackers have always abused legitimate web services such as Gmail and Facebook to do their bidding, but increasingly they are finding new ways of blending into popular applications to avoid detection and find unsuspecting victims. An analysis of more than 400 malware families deployed over the past two years found that at least a quarter of them abused legitimate internet services in some way as part of their infrastructure, allowing malicious hackers to more easily blend in with normal traffic. READ MORE...
Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution
Ivanti has released patches for seven critical- and high-severity vulnerabilities in Avalanche, its enterprise mobile device management (MDM) solution. The most severe of the flaws is CVE-2023-32563 (CVSS score of 9.8), a directory traversal bug that can be exploited to execute arbitrary code remotely. Reported by security researchers with Trend Micro's ZDI, the issue exists in the 'updateSkin' method of the MDM solution and can be exploited without authentication. READ MORE...
Raccoon Stealer malware returns with new stealthier version
The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals. Raccoon is one of the most well-known and widely used information-stealing malware families, having been around since 2019, sold via a subscription model for $200/month to threat actors. READ MORE...
LockBit's dirty little secret: ransomware gang is failing to publish victims' data
According to a fascinating report by Jon DiMaggio of Analyst1, who spent a year undercover gathering intelligence on the LockBit group, the ransomware gang is trying to cover up "the fact it often cannot consistently publish stolen data." And that's obviously a problem for a cybercriminal gang which is using the threat of publishing exfiltrated data as its primary lever for extorting a ransom from its victims. READ MORE...
Iran and the Rise of Cyber-Enabled Influence Operations
Iranian state actors have another weapon in their arsenal. Since June 2022, multiple Iranian state groups have deployed a new type of attack vector known as cyber-enabled influence operations (IO). This technique combines offensive computer network operations with messaging and amplification in a coordinated and manipulative fashion. The goal is to further geopolitical objectives by shifting the perceptions, behaviors, and decisions of their end targets. READ MORE...
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign
A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519. A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519. READ MORE...
Ford says it's safe to drive its cars with a WiFi vulnerability
Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system. Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles. The company said it started an investigation and subsequently decided that the vulnerability does not affect vehicle driving safety. READ MORE...
- ...in 1954, film director and screenwriter James Cameron ("Titanic", "Avatar", "The Terminator", "Aliens") is born in Ontario, Canada.
- ...in 1954, the first issue of "Sports Illustrated" is published by "Time" magazine publisher Henry Luce.
- ...in 1958, all-time best-selling female recording artist Madonna Louise Ciccone, AKA Madonna, is born in Bay City, MI.
- ...in 1962, original Beatles drummer Pete Best is dismissed from the band. His replacement: Ringo Starr.
