Google's Threat Analysis Group confirmed Wednesday that they observed a threat actor backed by the Iranian government targeting Google accounts associated with US presidential campaigns, in addition to stepped-up attacks on Israeli targets. APT42, associated with Iran's Islamic Revolutionary Guard Corps, "consistently targets high-profile users in Israel and the US," the Threat Analysis Group writes. The Iranian group uses hosted malware, phishing pages, malicious redirects, and other tactics. READ MORE...
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We'll also take a closer look at the data broker that got hacked - a background check company founded by a retired sheriff's deputy from Florida. READ MORE...
Two Russia-linked threat actors have been observed targeting multiple entities perceived as Russia's enemies in two spear-phishing campaigns, Access Now and Citizen Lab report. The attacks have been ongoing since at least the beginning of 2023, with several international NGOs receiving phishing emails impersonating a staff member using the Proton email service. The member's email account had previously been targeted in October 2022. READ MORE...
Distributed denial of service attacks during the first half of 2024 have more than doubled since the latter half of 2023, rising 106%, researchers said in a report Thursday from Zayo Group. The report is based on more than 62,000 threat detections among Zayo customers during the first half of the year. DDoS attacks have also gained in intensity year over year, each lasting about 45 minutes in the first half of this year, according to the report. READ MORE...
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can let attackers bypass the BitLocker Device Encryption feature and access encrypted data with physical access to the targeted device. READ MORE...
SolarWinds is urging its customers to patch a critical vulnerability that was discovered in its Web Help Desk platform, tracked as CVE-2024-28986. This vulnerability is a Java deserialization remote code execution (RCE) flaw that was initially discovered by researchers at Inmarsat Government. Left unpatched, the vulnerability will allow an attacker to run commands on the host machine if exploited, the researchers reported in the advisory. READ MORE...
In a previous blog, we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Google's entire product line and redirecting victims to a fake Google home page. Clearly not afraid of poking the bear, they even used and abused yet another Google product, Looker Studio, to lock up the browser of Windows and Mac users alike. READ MORE...
RansomHub ransomware operators are now deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks. Named EDRKillShifter by Sophos security researchers who discovered it during a May 2024 ransomware investigation, the malware deploys a legitimate, vulnerable driver on targeted devices to escalate privileges, disable security solutions, and take control of the system. READ MORE...
When CrowdStrike pushed a few bits of errant code last month, Michael Sherwood, Las Vegas's chief information officer, watched as seemingly random networks around the city shut down. Meanwhile, digital security tools stayed quiet and it was unclear what - or perhaps who - was the cause of the outage. "We started seeing what everybody else saw - machines dropping off, going into a blue screen mode," Sherwood said during an interview at the Black Hat hacker conference. READ MORE...