Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future." Existing premium subscriptions have been canceled and discord.io promised to reach out as soon as possible on an individual basis. READ MORE...
A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security. Roughly one-third (29%) of the 1,000 emails attributed to this campaign targeted a large US energy company, while the remaining attempts were made against firms in manufacturing (15%), insurance (9%), technology (7%), and financial services (6%). READ MORE...
In a room almost overflowing with spectators inside Caesars Forum, the main venue for this year's DEF CON hacking conference, five teams of hackers from around the world waited anxiously to see who would be named the winner of the first-ever capture the flag in space. It's not often that a crowd this large gathers to celebrate security researchers' work, but this was no ordinary hacking contest. READ MORE...
Threat actors are leveraging access to malware-infected Windows and macOS systems to deploy a proxy application, AT&T's Alien Labs reports. To date, AT&T Alien Labs researchers have identified over 400,000 systems that act as proxy exit nodes in this network. However, it is unclear how many of these were infected, and the company that offers the proxy service claims that all devices pertain to users who are aware of the proxy application's functionality. READ MORE...
Hackers, cybercrime groups and other digital adversaries are increasingly using artificial intelligence to generate images and video and will likely continue to capitalize on the average person's inability to distinguish digital fakes, researchers with Google's Mandiant said Thursday. The adoption of AI for intrusion operations "remains limited and primarily related to social engineering," the researchers added. READ MORE...
The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn't go as far as naming any specific vendors or services here, but one of the main reasons that crooks go down the "beta-testing" route is to lure users of Apple iPhones into installing software that didn't come from the App Store. READ MORE...
Nearly 1,900 Citrix networking products around the world have been backdoored as part of a large-scale automated campaign targeting CVE-2023-3519, according to researchers from Fox-IT, part of NCC Group. The adversary appears to have exploited and placed Web shells on vulnerable Citrix NetScaler Application Delivery Controllers (ADC) and Citrix NetScaler Gateways to establish persistence. READ MORE...
A few months ago, an engineer in a data center in Norway encountered some perplexing errors that caused a Windows server to suddenly reset its system clock to 55 days in the future. The engineer relied on the server to maintain a routing table that tracked cell phone numbers in real time as they moved from one carrier to the other. A jump of eight weeks had dire consequences. READ MORE...