A hacking campaign leveraging compromised routers in Europe and Latin America that went dark this spring has resumed operations, and is now targeting U.S. Department of Defense procurement sites and organizations in Taiwan, according to research from Black Lotus Labs, the security research arm of Lumen. The recent attacks share some similarities to recent campaigns, including Volt Typhoon. READ MORE...
A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole data from them, and demanded a ransom threatening to leak the information. Believed to be one of the leaders of the group, Arion Kurtaj, from Oxford, England, was arrested twice in 2022, first in January and then again in March, in connection with Lapsus$ hacking activity. READ MORE...
Lazarus Group, the infamous cryptocurrency thieves backed by North Korea, may try to liquidate a stash of stolen Bitcoin worth more than $40 million, according to the FBI. In an alert issued on Tuesday, agents said they tracked the purloined cryptocurrency over the past 24 hours. During the investigation, they found that Kim Jong Un's cyber goons, which the FBI calls TraderTraitor and is more widely known as Lazarus Group, moved about 1,580 Bitcoin from several cryptocurrency heists. READ MORE...
In recent attacks against healthcare organizations and an Internet infrastructure company, North Korea's famous Lazarus Group deployed a new, ultra-compact, highly evasive remote access Trojan (RAT) called "QuiteRAT." QuiteRAT is an upgraded version of another RAT the group deployed in 2022, "MagicRAT," itself a follow-up from 2021's "TigerRAT." QuiteRAT can pilfer information about its host machine and user, as well as run commands. READ MORE...
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe ColdFusion vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by September 11, 2023 to protect their networks against active threats. READ MORE...
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts. Openfire is a widely used Java-based open-source chat (XMPP) server downloaded 9 million times. On May 23, 2023, it was disclosed that the software was impacted by an authentication bypass issue that affected version 3.10.0, released in April 2015, until that point. READ MORE...