A recent HiatusRAT campaign has been targeting a US military procurement system for reconnaissance, cybersecurity firm Lumen reports. Initially observed at the beginning of the year, HiatusRAT has been targeting high-bandwidth routers typically used by medium-sized businesses, allowing attackers to run commands, exfiltrate data, and establish a covert proxy network. READ MORE...
Tesla acknowledged In a filing with Maine's attorney general that a recent data breach it experienced affecting over 75,000 individuals was due to "insider wrongdoing." On May 10, Handelsbatt, a German media outlet, informed Tesla that it had received 100GB of data from an informant at Tesla. The information provided by the whistleblower contained 23,000 internal files from 2015 to 2022 concerning Tesla allegedly receiving 3,900 reports of self-acceleration and brake-function issues. READ MORE...
A newly discovered advanced persistent threat (APT) actor has been observed deploying the PlugX backdoor via a supply chain attack, mainly targeting organizations in Hong Kong, Symantec reports. Dubbed Carderbee, the adversary was seen abusing the legitimate Cobra DocGuard software, which helps users protect, encrypt, and decrypt applications. The tool is developed by EsafeNet, which is owned by Chinese information security firm NSFocus. READ MORE...
Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company's SRX firewalls and EX switches. Junos OS is an operating system based on Linux and FreeBSD that runs on Juniper Networks firewalls, network switches and other security devices. The affected component - J-Web - is the graphical user interface (GUI) used to manage devices running Junos. READ MORE...
In June, Russian ransomware group Cuba attacked an organization servicing US critical infrastructure. The cyberattack failed despite the group's use of multiple CVEs, off-the-shelf tools, unique malware programs, and evasion methods. Cuba is a financially motivated threat actor known for big money ransomware attacks primarily targeting US organizations. In its latest known campaign discovered by BlackBerry, it targeted an American critical infrastructure provider as well as a systems integrator in Latin America. READ MORE...
Cisco-owned multi-factor authentication (MFA) provider Duo Security is investigating an ongoing outage that has been causing authentication failures and errors starting three hours ago. The outage also led to Core Authentication Service issues across multiple Duo servers, triggering Azure Auth authentication errors for Azure Conditional Access integrations in a systemwide outage. READ MORE...
Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We'll start with the good news: the tricks that Jamf discovered can't magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to implant rogue software onto your iPhone first in order to pull off a "fake airplane" attack. READ MORE...
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link's Tapo app, which could allow attackers to steal their target's WiFi password. TP-Link Tapo L530E is a top-selling smart bulb on multiple marketplaces, including Amazon. TP-link Tapo is a smart device management app with 10 million installations on Google Play. The researchers from Universita di Catania and the University of London analyzed this product due to its popularity. READ MORE...