Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix. (The Hacker News)
|
“Given the chaos of the day and the sheer impact, it is no surprise threat actors immediately moved to capitalize on it. My hope is that this event is a watershed moment for many developers’ software development cycles, leading to better software change management and testing policies.” – Michael Schwartz, CSM Lead at Ingalls Information Security |
US telecom giant AT&T, which disclosed Friday that hackers had stolen the call records for tens of millions of its customers, paid a member of the hacking team more than $300,000 to delete the data and provide a video demonstrating proof of deletion. (WIRED)
Security awareness and training provider KnowBe4 recently disclosed that it inadvertently hired a fake North Korean IT worker who attempted to install malware on a company-issued computer. (Cyber Security News)
A known APT espionage group has updated its toolset in a number of recent attacks against organizations in Taiwan, as well as a U.S. non-governmental organization in China. (Decipher, Duo Security)
Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments, (The Hacker News)
ANY.RUN sandbox recently detected a surge in a phishing campaign that exploited SharePoint. In just 24 hours, over 500 instances of SharePoint phishing were uploaded to the service. (Cyber Security News)
Two foreign nationals pleaded guilty today in Newark federal court to participating in the LockBit ransomware group – at various times the most prolific ransomware variant in the world – and to deploying LockBit attacks against victims in the United States and worldwide. (U.S. Attorney's Office, District of New Jersey)
Pharmacy chain Rite Aid has revealed that a recent data breach impacts 2.2 million people. Meanwhile, a known ransomware group is threatening to leak sensitive information stolen from the company. (SecurityWeek)
Judge dismisses claims against SolarWinds for actions taken after its systems had been breached, but allows the case to proceed for alleged misstatements prior to the incident. (Dark Reading)
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January, (The Hacker News)
A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art. (WIRED)
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. (The Hacker News)
A recently patched Apache HugeGraph-Server vulnerability tracked as CVE-2024-27348 is being targeted in attacks. (SecurityWeek)
As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That's according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry's web traffic in 2023—a significant jump from 37.4% in 2022. (The Hacker News)