APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat actor that focuses on cyberespionage, has a penchant for compromising third parties to breach intended targets. READ MORE...
The Federal Bureau of Investigation (FBI) issued a public service announcement warning the public about scammers impersonating cryptocurrency exchange employees to steal funds. There are many types of crypto related scams, but in this case, the FBI provided an advisory about scammers that contact the target and pretend to be employees of a cryptocurrency exchange. READ MORE...
Israel-based hacktivists are taking credit for an ongoing internet outage in Iran. Operating under the name WeRedEvils, the group has been around since at least October 2023, likely as a direct consequence of Hamas's attack on Israel, which led to the current Gaza war. "In the coming minutes we will attack systems and internet providers in Iran," WeRedEvils said on Telegram yesterday. "A hard blow is on the way." READ MORE...
Federal officials said the global IT outage stemming from a faulty CrowdStrike software update is raising prior concerns about the security of the software supply chain. The U.S. Government Accountability Office released a report Tuesday noting the July 19 outage, which led to the disruption of 8.5 million Microsoft Windows systems. The CrowdStrike incident resurrected concerns raised during the state-linked supply chain attack against SolarWinds in 2020, according to the GAO. READ MORE...
Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software. A team at security shop Malwarebytes spotted the adverts, which appear to come from a Google approved domain - and from a verified user - earlier this week. They even list the domain for the download as coming from google.com, as you can see below, even though it defaults to a GitHub download. READ MORE...
A massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. Magniber launched in 2017 as a successor to the Cerber ransomware operation when it was spotted being distributed by the Magnitude exploit kit. Since then, the ransomware operation has seen bursts of activity over the years, with the threat actors utilizing various methods to distribute Magniber and encrypt devices. READ MORE...
Organizations using Apache OFBiz are being urged to patch a critical vulnerability, following reports of increasing exploitation attempts targeting another recently discovered security hole. The new vulnerability, tracked as CVE-2024-38856, was disclosed over the weekend. According to Apache OFBiz developers, versions through 18.12.14 are impacted and 18.12.15 includes a fix. READ MORE...
Millions of near-undetectable emails impersonating blue chip companies were spreading every day through the first half of 2024, thanks to some permissive features of Microsoft 365 and Proofpoint's email protection service. Proofpoint's secure email gateway (SEG) is a kind of firewall for corporate emails, filtering what comes in and applying authentication to what goes out. READ MORE...