TheHackerNews

March 5, 2024 U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and Article posted by: …

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure Read More »

March 3, 2024 A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant’s ongoing litigation against the Israeli spyware vendor. The decision, which marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the …

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp Read More »

March 3, 2024 The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the Treasury and State, …

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture Read More »

March 2, 2024 A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices. “This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick …

New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users Read More »

March 2, 2024 The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, noting that the Integrity Checker Tool (ICT) can be deceived to provide a false sense of security. “Ivanti ICT is not sufficient …

Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities Read More »

March 2, 2024 Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. “This latest version of Bifrost aims to bypass security measures and compromise targeted systems,” Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said. BIFROSE is one …

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion Read More »

March 2, 2024 More than a decade ago, the concept of the ‘blameless’ postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: “One option is to assume the single …

4 Instructive Postmortems on Data Downtime and Loss Read More »

March 2, 2024 GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you deem the …

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories Read More »

March 1, 2024 The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier …

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks Read More »

March 1, 2024 Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they …

GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks Read More »