hackers,
-
A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. […]
-
A sophisticated campaign has been uncovered recently by cybersecurity researchers where hackers are exploiting Blogspot links to redirect unsuspecting users to malicious websites. This technique, part of the broader “ApateWeb” campaign, demonstrates the evolving tactics employed by cybercriminals to evade detection and compromise user security. The investigation began when researchers identified suspicious Blogspot links being…
-
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned recently of a sophisticated scam targeting computer users through fake AnyDesk requests. This new threat exploits social engineering tactics to gain unauthorized access to victims’ devices, potentially leading to data theft and other malicious activities. The scam involves attackers impersonating CERT-UA, sending connection requests via…
-
Russian cybercriminals are adopting a scam in which they pose as tech support on Microsoft Teams to convince victims they have an IT issue before tricking employees into allowing them to install ransomware on the targets’ computer networks. British cybersecurity company Sophos reported on Thursday to have seen more than 15 incidents in which two…
-
Adversaries frequently leverage legitimate tools in their malicious campaigns. The popular AnyDesk remote utility has also been largely exploited by hackers for offensive purposes. Cyber defenders have unveiled the recent misuse of AnyDesk software to connect to targeted computers, masquerading the malicious efforts as CERT-UA activity. Detect Cyber-Attacks Exploiting AnyDesk Based on CERT-UA Research Adversaries…
-
Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured on-premises applications can bypass Group Policy settings intended to disable NTLMv1. This vulnerability enables attackers to exploit the outdated authentication protocol. The bypass allows attackers to intercept NTLMv1 traffic, crack user credentials offline, and gain unauthorized access within the network that…
-
An attacker exploited a vulnerability in the batchupload.aspx and email_settings.aspx pages on the target server that allowed them to upload a malicious web shell to the IIS worker process (w3wp.exe). They initially attempted to upload a web shell to another location but failed to interact with it. Network traffic analysis revealed the source of the…
-
As California grapples with devastating wildfires, communities are rallying to protect lives and property. Unfortunately, these disasters have also created an opportunity for cybercriminals to exploit the chaos and uncertainty. Veriti Research has identified alarming trends in phishing scams linked to the ongoing wildfire disaster, highlighting an urgent need for heightened cybersecurity awareness during these…
-
US Cyber Defense Agency Was Not Initially Aware Hackers Were Part of Salt TyphoonThe U.S. federal government’s first hint that Chinese hackers penetrated American telecommunications infrastructure came from telemetry on government networks, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.
-
US Cyber Defense Agency Was Not Initially Aware Hackers Were Part of Salt TyphoonThe U.S. federal government’s first hint that Chinese hackers penetrated American telecommunications infrastructure came from telemetry on government networks, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.
-
Carly Page / TechCrunch: The US says the FBI hacked ~4.2K devices in the US to delete PlugX, malware used by China-backed hackers since 2014, after obtaining warrants in August 2024 — U.S. authorities have confirmed that they disrupted the operations of a Chinese state-backing hacking group, which infiltrated millions …
-
Blogs Blog Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers The court-authorized operation removes PlugX malware from over 4,200 infected U.S. computers. SHARE THIS: Flashpoint January 14, 2025 “The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted ‘PlugX’ malware from thousands…
-
The Justice Department and FBI announced a multi-month law enforcement operation that, alongside international partners, deleted PlugX malware from thousands of infected computers worldwide.
-
Welcome back, my rookie cyberwarriors! In recent weeks, a series of sophisticated cyber attacks has once again exposed critical vulnerabilities in the Signaling System 7 (SS7) protocol, a fundamental component of global telecommunications infrastructure that manages call routing, SMS messaging, and cellular network interoperability. These security breaches, detected across multiple major U.S. telecommunications carriers including…
-
Cyberespionage Campaign Reached Treasury Office that Reviews Foreign InvestmentChinese hackers reportedly breached a U.S. government office responsible for reviewing foreign investments for national security threats as part of a cyberespionage campaign targeting the Department of Treasury. Hackers gained access to the Committee on Foreign Investment in the U.S.
-
Cyberespionage Campaign Reached Treasury Office that Reviews Foreign InvestmentChinese hackers reportedly breached a U.S. government office responsible for reviewing foreign investments for national security threats as part of a cyberespionage campaign targeting the Department of Treasury. Hackers gained access to the Committee on Foreign Investment in the U.S.
-
Cyberespionage Campaign Reached Treasury Office that Reviews Foreign InvestmentChinese hackers reportedly breached a U.S. government office responsible for reviewing foreign investments for national security threats as part of a cyberespionage campaign targeting the Department of Treasury. Hackers gained access to the Committee on Foreign Investment in the U.S.
-
Ivanti publicly disclosed two critical vulnerabilities CVE-2025-0282 and CVE-2025-0283 affecting its Connect Secure (ICS) VPN appliances. The announcement comes amidst alarming reports of active zero-day exploitation of CVE-2025-0282, identified by cybersecurity firm Mandiant as having begun in mid-December 2024. The exploitation has raised concerns about potential network breaches and downstream compromises for affected organizations. CVE-2025-0282,…
-
Russian internet service provider Nodex confirmed on Tuesday that its network was “destroyed” in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance […]