Threat intelligence company GreyNoise warns of a concerning phenomenon involving massive amounts of spoofed traffic that is likely linked to China. Periodically since January 2020, millions of IPs are seen generating spoofed traffic that looks like a broadcast, which GreyNoise has named Noise Storm. Typically focusing on TCP connections, the storms may also be formed of ICMP packets, but never of UDP packets which may suggest that the sender is concerned with who is receiving the traffic. READ MORE...
Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. The two defendants, 20-year-old Malone Lam and 21-year-old Jeandiel Serrano were arrested Wednesday night by FBI agents and appeared in court on Thursday. During a successful attack on August 18, they stole more than 4,100 Bitcoin from a Washington, D.C., victim (worth more than $230 million at the time). READ MORE...
With heightened geopolitical tensions, a surge in cyberattacks on US and allied organizations by a North Korean cyber-espionage group is hardly unexpected. What is disquieting, however, is that an advanced persistent threat (APT) group known as Kimsuky has seen remarkable success by turning a defensive strength into a weakness - exploiting poorly configured Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to carry out spear-phishing campaigns to secure advantage. READ MORE...
A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmaceutical companies are the alleged victims of what looks like a new ransomware gang that started leaking stolen info this week. Brand new cybercrime crew Valencia Ransomware emerged earlier this month, and right off the bat, the miscreants listed five major entities on their Tor-hidden "wall of shame" website, claiming to have stolen data from each of them. READ MORE...
LinkedIn admitted Wednesday that it has been training its own AI on many users' data without seeking consent. Now there's no way for users to opt out of training that has already occurred, as LinkedIn limits opt-out to only future AI training. In a blog detailing updates coming on November 20, LinkedIn general counsel Blake Lawit confirmed that LinkedIn's user agreement and privacy policy will be changed to better explain how users' personal data powers AI on the platform. READ MORE...
A Federal Trade Commission inquiry found that popular social media and video streaming services engaged in "mass data collection" of their users, as well as some non-users, while also failing to implement privacy safeguards for children and teens. The findings, contained in a report that has been unanimously endorsed by the agency's commissioners, provides fresh insights into online video streaming's data collection practices. READ MORE...
Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week. The update addresses a maximum severity bug in GitLab Community Edition (CE) and Enterprise Edition (EE) that allows an attacker to bypass authentication checks and log in as an arbitrary user in an affected system. READ MORE...
Despite people generally considering the Tor network as an essential tool for anonymous browsing, German law enforcement agencies have managed to de-anonymize Tor users after putting surveillance on Tor servers for months. Before we go into the what the agencies did, let's take a look at some basics of Tor. On a daily basis, millions of people use the Tor network to browse privately and visit websites on the dark web. READ MORE...
Ivanti warned Thursday of a critical path traversal vulnerability in Cloud Service Appliance, which is currently facing exploitation attempts by hackers. The vulnerability has a CVSS score of 9.4 and allows an unauthenticated hacker to gain access to restricted functionality. Ivanti previously issued a patch for CSA on Sept. 10., but the company said the path traversal vulnerability was discovered while investigating exploitation linked to a command injection vulnerability. READ MORE...