A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. "We executed court-authorized operations to take control of the botnet's infrastructure. When the bad guys realized what was happening, they tried to migrate their bots to new servers and even conducted a distributed denial-of-service attack against us." READ MORE...
Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months. READ MORE...
Hackers are demanding $6 million in bitcoin from the operator of the Seattle-Tacoma International Airport for documents they stole during a cyberattack last month and posted on the dark web this week, an airport official said Wednesday. The Port of Seattle, which owns and runs the airport, has decided not to pay, the official said. The airport previously linked the attack to a ransomware gang called Rhysida, and now the FBI is conducting a criminal investigation. READ MORE...
A North Korean threat actor tracked as UNC2970 has been using job-themed lures in an effort to deliver new malware to individuals working in critical infrastructure sectors, according to Google Cloud's Mandiant. The first time Mandiant detailed UNC2970's activities and links to North Korea was in March 2023, after the cyberespionage group was observed attempting to deliver malware to security researchers. READ MORE...
Atlassian on Wednesday announced patches for multiple high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd. A total of four bugs were addressed in these products, all four allowing attackers to cause denial-of-service (DoS) conditions, Atlassian's September 2024 security bulletin reveals. The company updated Bamboo Data Center and Server to address CVE-2024-34750, a security defect in Coyote, a connector component of Apache Tomcat. READ MORE...
A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new "issue" on an open source repository falsely claiming that the project contains a "security vulnerability" and urges others to visit a counterfeit "GitHub Scanner" domain. READ MORE...
In what seems to be an increasingly popular method of attack, two threat groups have been identified as utilizing QR code parking scams in the UK and throughout the world. The researchers at Netcraft believe that one of the groups is active across Europe, especially in France, Germany, Italy, Switzerland, and the UK. According to initial reports of the threat, threat actors trick unsuspecting victims into scanning malicious QR codes and entering their personal information. READ MORE...
Threat actors have been targeting Foundation accounting software commonly used by general contractors in the construction industry, leveraging active exploits within the plumbing, HVAC, and concrete sub-industries, among others. Researchers at Huntress initially discovered the threat when tracking activity on Sept. 14. "What tipped us off was host/domain enumeration commands spawning from a parent process of sqlservr.exe," the researchers wrote in their advisory. READ MORE...