UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

/in

The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.
“This research focuses on completing the picture of UAC-0063’s operations, particularly documenting their expansion beyond their initial focus on Central Asia,

The Hacker News – ​Read More

MGM agrees to pay $45 million to victims of 2019 data breach and 2023 ransomware attack

/in

MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023.

The Record from Recorded Future News – ​Read More

OAuth Flaw Exposed Millions of Airline Users to Account Takeovers

/in

The now-fixed vulnerability involved a major travel services company that’s integrated with dozens of airline websites worldwide.

darkreading – ​Read More

Lynx Ransomware Group ‘Industrializes’ Cybercrime With Affiliates

/in

The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.

darkreading – ​Read More

Phishing Campaign Baits Hook With Malicious Amazon PDFs

/in

In their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal.

darkreading – ​Read More

Super Bowl LIX Could Be a Magnet for Cyberattacks

/in

Concerns include everything from ransomware, malware, and phishing attacks on the game’s infrastructure to those targeting event sponsors and fans.

darkreading – ​Read More

VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer

/in

VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access.

The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared first on SecurityWeek.

SecurityWeek – ​Read More

Ransomware attack kept major energy industry contractor out of some systems for 6 weeks

/in

Oklahoma-based ENGlobal Corporation said in an updated 8-K filing with the SEC that company officials were locked out of financial systems for six weeks because of a November ransomware attack.

The Record from Recorded Future News – ​Read More

Hackers Claim 2nd Breach at HP Enterprise, Plan to Sell Access

/in

IntelBroker targets Hewlett-Packard Enterprise (HPE) again, claiming to have access to the company’s internal infrastructure and the possibility…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

This new Android feature protects your phone, even if someone has your PIN

/in

If you’re looking for an additional layer of security for your Android device, Google’s Identity Check might be just the ticket. Here’s how it works.

Latest stories for ZDNET in Security – ​Read More