Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers
Google's threat hunting unit has again intercepted an active North Korean APT actor sliding into the DMs of security researchers and using zero-days and rigged software tools to take control of their computers. Google's Threat Analysis Group (TAG) on Thursday outed the government-backed hacking team's social media accounts and warned that at least one actively exploited zero-day is being used and is currently unpatched. READ MORE...
Multiple nation-state hackers infiltrate single aviation organization
Nation-state hackers from numerous unnamed countries have infiltrated an aviation organization using vulnerabilities on internet-facing services, according to an alert on Thursday from U.S. security agencies. The Cybersecurity and Infrastructure Security Agency, the FBI and Cyber Command's Cyber National Mission Force all warned that malicious hackers are continuing to use vulnerabilities in Zoho and Fortinet services to gain access to networks inside the anonymous aviation sector organization. READ MORE...
Thousands of dollars stolen from Texas ATMs using Raspberry Pi
A Texas court has heard how last month a gang of men used a Raspberry Pi device to steal thousands of dollars from ATMs. According to local media reports, three men were arrested in Lubbock, Texas, after attempting to steal "large sums of US currency" from ATMs. The men - 38-year-old Abel Valdes, 41-year-old Yordanesz Sanchez, and 33-year-old Carlos Jordano Herrera-Ruiz - were arrested on August 3 in a hotel room, where a number of Raspberry Pis and other evidence was recovered. READ MORE...
Wealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme
A wealthy Russian businessman with ties to the Kremlin was sentenced Thursday to nine years in prison for his role in a nearly $100 million stock market cheating scheme that relied on secret earnings information stolen through the hacking of U.S. computer networks. Vladislav Klyushin was convicted in February of charges including wire fraud and securities fraud after a two-week trial in federal court in Boston. READ MORE...
Apple patches "clickless" 0-day image processing vulnerability in iOS, macOS
Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that can be used to install malware via a "maliciously crafted image" or attachment. The iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2 updates patch the flaws across all of Apple's platforms. As of this writing, no updates have been released for older versions like iOS 15 or macOS 12. READ MORE...
Weaponized Windows Installers Target Graphic Designers in Crypto Heist
Attackers are targeting 3D modelers and graphic designers with malicious versions of a legitimate Windows installer tool in a cryptocurrency-mining campaign that's been ongoing since at least November 2021. The campaign abuses Advanced Installer, a tool for creating software packages, to hide malware in legitimate installers for software used by creative professionals, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro. READ MORE...
US, UK take action against members of the Russian-linked Trickbot hacker syndicate
U.S. and U.K. officials on Thursday announced sanctions against 11 alleged members of the notorious Trickbot cybercrime syndicate, saying that the people were key to the group's management and procurement efforts. Thursday's action marks the second time in seven months the two governments have sanctioned members of a cybercrime group that has "ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies," the U.S. Treasury Department said in a statement. READ MORE...
Cisco warns of VPN zero-day exploited by ransomware gangs
Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. The medium severity zero-day vulnerability impacts the VPN feature of Cisco ASA and Cisco FTD, allowing unauthorized remote attackers to conduct brute force attacks against existing accounts. READ MORE...
Does Generative AI Comply With Asimov's 3 Laws of Robotics?
Newly developed generative artificial intelligence (AI) tools that can generate plausible human language or computer code in response to operator prompts have provoked discussion of the risks posed by these tools. Many people are worried that AI will generate social engineering content or create exploit code that can be used in attacks. These concerns have led to calls to regulate generative AI to ensure it will be used ethically. READ MORE...
- ...in 1930, 3M begins marketing Scotch brand transparent tape.
- ...in 1943, Gen. Dwight Eisenhower publicly announces the surrender of Italy to the Allies.
- ...in 1966, the U.S.S. Enterprise (NCC-1701) embarks on its mission to "boldly go where no man has gone before," with the premiere of Star Trek.
- ...in 1974, President Gerald Ford pardons Richard Nixon for any crimes he may have committed, following Nixon's resignation in the wake of the Watergate scandal.
