Multiple systems at the Port of Seattle, which oversees one of the busiest ports in the U.S. and the Seattle-Tacoma International Airport, are offline after an apparent cyberattack hit the government agency on Saturday. "Earlier this morning the Port of Seattle experienced certain system outages indicating a possible cyberattack," the official account for the airport posted Saturday afternoon on the social platform X. READ MORE...
Digital data thieves have reportedly breached AMD's internal communications and are offering the allegedly stolen goods for sale. In an August 25 listing on the dark web marketplace BreachForums, criminal groups IntelBroker and EnergyWeaponUser took credit for the break-in, which they claimed took place the same day - and also swore is separate from IntelBroker's earlier theft and sale of AMD source code and other internal data from June. READ MORE...
Malware hunters at Lumen Technologies have caught Chinese APT Volt Typhoon exploiting a fresh zero-day in Versa Director servers to hijack credentials to break into downstream customers' networks. The high-severity vulnerability, tracked as CVE-2024-39717, was added to the CISA must-patch list over the weekend after Versa Networks confirmed zero-day exploitation and warned that the Versa Director GUI can be hacked to plant malware on affected devices. READ MORE...
The notorious hacker USDoD, who is best known for high-profile data leaks, appears to be a man from Brazil, according to investigations conducted by CrowdStrike and others. Over the past few years, USDoD, aka EquationCorp, has leaked vast amounts of information stolen from major organizations. His targets include the FBI's InfraGard portal, Airbus, credit reporting firm TransUnion, background checking service National Public Data (NPD), and many others. READ MORE...
Network security company SonicWall has identified a critical vulnerability in its SonicOS platform that can be exploited to gain unauthorized access, and in certain conditions, cause the company's firewalls to crash. In a security advisory issued Thursday, the company gives the vulnerability (tracked as CVE-2024-40766) a CVSS score of 9.3. The related entry in the National Vulnerability Database does not have a score assigned as of this article's publication. READ MORE...
Greasy Opal, a sophisticated cyberattack enablement tool, is increasingly being used to execute volumetric bot attacks, providing machine-learning-based tools to enable attackers to launch large-scale bot attacks, particularly targeting CAPTCHA systems. Exhibit A: The Vietnam-based threat actor group Storm-1152 orchestrated an attack using Greasy Opal, resulting in the creation of 750 million fake Microsoft accounts. READ MORE...
The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General. Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states. READ MORE...
Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is caused by a bug in the compiler backend when selecting the instructions to generate for just-in-time (JIT) compilation. READ MORE...
An ongoing campaign is using two largely unheralded stealth techniques to infect high-level organizations in southeast Asia. The first, "GrimResource," is a new technique that allows attackers to execute arbitrary code in the Microsoft Management Console (MMC). The second trick, "AppDomainManager Injection," uses malicious dynamic link libraries (DLLs), but in a way that's easier than traditional sideloading. READ MORE...