8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

/in

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server.
“The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms,” Trend Micro researchers Ahmed

The Hacker News – ​Read More

US Federal Agencies Warn Healthcare Sector of Payment Diversion Schemes

/in

Federal authorities are warning about social engineering and phishing scams that target IT help desk workers and allow attackers to steal login credentials in order to access healthcare sector entities’ IT systems.

Cyware News – Latest Cyber News – ​Read More

Microsoft Details ‘Skeleton Key’ AI Jailbreak Technique

/in

Microsoft has tricked several gen-AI models into providing forbidden information using a jailbreak technique named Skeleton Key.

The post Microsoft Details ‘Skeleton Key’ AI Jailbreak Technique appeared first on SecurityWeek.

SecurityWeek – ​Read More

Chicago Children’s Hospital Says 791,000 Impacted by Ransomware Attack

/in

Ann & Robert H. Lurie Children’s Hospital of Chicago says the recent data breach caused by a ransomware attack impacts 791,000 people.

The post Chicago Children’s Hospital Says 791,000 Impacted by Ransomware Attack appeared first on SecurityWeek.

SecurityWeek – ​Read More

Inside a Violent Gang’s Ruthless Crypto-Stealing Home Invasion Spree

/in

More than a dozen men threatened, assaulted, tortured, or kidnapped victims in likely the worst-ever crypto-focused serial extortion case of its kind in the US.

Wired – ​Read More

WhisperGate Data-Wiping Malware Suspect Indicted

/in

The US Department of Justice has indicted a 22-year-old Russian, Amin Timovich Stigal, for his alleged involvement in cyber attacks on Ukrainian government computers and critical infrastructure systems known as the “WhisperGate” attack.

Cyware News – Latest Cyber News – ​Read More

New SnailLoad Attack Exploits Network Latency to Spy on Users’ Web Activities

/in

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user’s web activity.
“SnailLoad exploits a bottleneck present on all Internet connections,” the researchers said in a study released this week.
“This bottleneck influences the latency of network packets, allowing an attacker

The Hacker News – ​Read More

Fortra Patches Critical SQL Injection in FileCatalyst Workflow

/in

Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts.

The post Fortra Patches Critical SQL Injection in FileCatalyst Workflow appeared first on SecurityWeek.

SecurityWeek – ​Read More

CISA Report Finds Critical Open-Source Memory Safety Risks

/in

CISA urges manufacturers to reduce memory safety vulnerabilities by ditching memory-unsafe languages, implementing secure coding practices, and adopting routine security testing measures.

Cyware News – Latest Cyber News – ​Read More

‘The Acolyte’ and the Long-Awaited Death of Review-Bombing

/in

Leslye Headland’s new Star Wars show is getting positive reviews from critics and being trashed by audiences. Some are calling it review-bombing—but it’s more complicated than that.

Wired – ​Read More