In July, security researchers revealed a sobering discovery: hundreds of pieces of malware used by multiple hacker groups to infect Windows devices had been digitally signed and validated as safe by Microsoft itself. On Tuesday, a different set of researchers made a similarly solemn announcement: Microsoft's digital keys had been hijacked to sign yet more malware for use by a previously unknown threat actor in a supply-chain attack that infected roughly 100 carefully selected victims. READ MORE...
Multiple reports on social media warn of a data breach at financial and risk advisory company Kroll that resulted in exposing to an unauthorized third-party the personal data of some credit claimants. Kroll is facilitating claims for insolvent companies FTX, BlockFi, and Genesis Global Holdco. FTX and BlockFi posted on X today that a security incident at Kroll involving unauthorized third-party access on its systems exposed "limited, non-sensitive customer data of specific claimants." READ MORE...
The University of Minnesota has confirmed that a threat actor has exfiltrated data from its systems, but says no malware infection was identified. The confirmation comes one month after a threat actor boasted about accessing the university's database containing information about students, staff, and faculty. The attacker claimed to have accessed 7 million unique Social Security numbers, as the database contained records the university has been digitizing since 1989. READ MORE...
The FBI has warned owners of Barracuda Email Security Gateway (ESG) appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action. The attackers are exploiting CVE-2023-2868, a critical remote command injection vulnerability that was discovered in May 2023, and was exploited as far back as October 2022. READ MORE...
Researchers at Microsoft said on Thursday that a hacking group with suspected links to the Chinese government is actively targeting dozens of organizations in Taiwan as part of a cyber espionage campaign. Flax Typhoon, the name Microsoft uses to describe the group based in China, is working to gain and maintain long-term access to primarily Taiwanese organizations, although some victims have been observed in Southeast Asia, North America and Africa, the company said in a blog post Thursday. READ MORE...
A hacking group calling itself "KittenSec" claims it has struck government and private sector computer systems in multiple NATO countries over the past month, justifying its attacks by arguing that it is exposing corruption. The attacks by KittenSec are the latest in a string of groups hacking government and private targets around the world as part of an overall increase in hacktivism. READ MORE...
Researchers at Secureworks have come across a mysterious piece of malware that scans for nearby Wi-Fi access points in an effort to obtain the location of the infected device. The malware, dubbed Whiffy Recon, targets Windows systems and is designed to conduct Wi-Fi scanning every 60 seconds. The collected data is fed to a geolocation API from Google, which returns geographic coordinates by triangulating the location based on Wi-Fi access point and mobile network data. READ MORE...
Ransomware threat actors are widening the pool of potential targets as they shift their sights from Windows-powered devices to Linux and VMware ESXi hosts, according to SentinelOne. Cybercriminals are reusing and modifying code from ransomware families - including Conti, Lockbit and Babuk - to create novel attack techniques with malware that works across diverse platforms, Jim Walter, senior threat researcher at SentinelOne, said in a Wednesday blog post. READ MORE...