The hackers who breached Twilio and Cloudflare earlier in August also infiltrated more than 130 other organizations in the same campaign, vacuuming up nearly 10,000 sets of Okta and two-factor authentication (2FA) credentials. That's according to an investigation from Group-IB, which found that several well-known organizations were among those targeted in a massive phishing campaign that it calls 0ktapus. READ MORE...
Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information. The company, which is owned by GoTo (formerly LogMeIn), disclosed the breach in an online notice posted Thursday but insisted that the customer master passwords or any encrypted password vault data were not compromised. READ MORE...
New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision - short for Hangzhou Hikvision Digital Technology - is a Chinese state-owned manufacturer of video surveillance equipment. Their customers span over 100 countries (including the United States, despite the FCC labeling Hikvision "an unacceptable risk to U.S. national security" in 2019). READ MORE...
Ransomware cases jumped 47 percent amid a rise in attacks involving newer strains of malicious software infecting targets, according to the cybersecurity firm NCC Group. Reported incidents increased to 198 in July from 135 in June, according to the firm that issues semi-regular reports on ransomware activity by tracking websites that post victims' details. Just this week, ransomware attackers associated with LockBit, which has been deploying a potent new version of its malware, hobbled a French hospital. READ MORE...
Cisco this week announced patches for two vulnerabilities impacting the NX-OS software that powers its Nexus-series business switches. Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition. The flaw exists due to incomplete input validation of specific OSPFv3 packets. READ MORE...
The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers. According to a Kaspersky report published today, the threat group has been employing new techniques to filter out invalid download requests since the start of 2022, when the group launched a new campaign against various targets in the Korean peninsula. READ MORE...
September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021. May brought with it a flood of attacks that exploited the Dell system driver exploit (CVE-2021-21551), where we observed the greatest number of detections in Michigan. READ MORE...
A vulnerability affecting industrial automation software from Delta Electronics appears to have been exploited in attacks, and the US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to take action as soon as possible. CISA on Thursday added 10 security flaws to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address them by September 15. READ MORE...