China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group.
Evasive Panda, also known by the names Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that’s been active since at least 2012,

The Hacker News – ​Read More

New Android Trojan “BlankBot” Targets Turkish Users’ Financial Data

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information.
“BlankBot features a range of malicious capabilities, which include customer injections, keylogging, screen recording and it communicates with a control server over a WebSocket connection,” Intel 471 said in an analysis published last week.

The Hacker News – ​Read More

CISA Names Lisa Einstein as First Chief AI Officer

Einstein has led CISA’s AI efforts since 2023 as CISA’s Senior Advisor for AI.

The post CISA Names Lisa Einstein as First Chief AI Officer appeared first on SecurityWeek.

SecurityWeek – ​Read More

DOJ and FTC Sue TikTok for Violating Children’s Privacy Laws

The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for “flagrantly violating” children’s privacy laws in the country.
The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share short-form videos and messages with adults and others on the service.
They

The Hacker News – ​Read More

US Hands Over Russian Cybercriminals in WSJ Reporter Prisoner Swap

Plus: Meta pays $1.4 million in a historic privacy settlement, Microsoft blames a cyberattack for a major Azure outage, and an artist creates a face recognition system to reveal your NYPD “coppelganger.”

Security Latest – ​Read More

UK Shuts Down ‘Russian Coms’ Fraud Platform Defrauding Millions

The UK’s National Crime Agency has dismantled Russian Coms, a major fraud platform responsible for global financial losses.…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks.
The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.
Attack chains entail the exploitation

The Hacker News – ​Read More

Millions of US Voter Data Exposed in 13 Misconfigured Databases

Cybersecurity researcher finds 4.6M Illinois voter records exposed in unsecured databases. Sensitive data including names, addresses, and SSNs…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Twilio Users Kicked Out of Desktop App, Forced to Switch to Mobile

Now that the Authy Desktop app has reached EOL and is no longer accessible, users are hoping their 2FA tokens synced correctly with their mobile devices.

darkreading – ​Read More

Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand

The runaway success of an upstart ransomware outfit called “Dark Angels” may well influence the cyberattack landscape for years to come.

darkreading – ​Read More