European Commission Orders TikTok to Preserve Data on Romanian Election Under Digital Services Act

/in

The European Commission issued a retention order to TikTok on December 6, 2024, mandating the need to keep all data related to the Romanian elections for further investigations. This order comes a few days after Romanian’s president Klaus Iohannis ordered to declassify SRI’s (Romanian’s Intelligence Service) recent investigation. The Romanian Intelligence Service (SRI) accused Russia of…

Source

TechSplicer – ​Read More

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

/in

The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation.
This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on

The Hacker News – ​Read More

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

/in

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.
The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that’s designed to drop the Visual Basic Script malware, Recorded Future’s Insikt Group said in a new analysis.

The Hacker News – ​Read More

Critical Vulnerability Discovered in SailPoint IdentityIQ

/in

A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.

The post Critical Vulnerability Discovered in SailPoint IdentityIQ appeared first on SecurityWeek.

SecurityWeek – ​Read More

Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels

/in

Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.

darkreading – ​Read More

Library of Congress Offers AI Legal Guidance to Researchers

/in

Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law.

darkreading – ​Read More

Chinese Hackers Breach US Firm, Maintain Network Access for Months

/in

SUMMARY A large U.S. company with operations in China fell victim to a large-scale cyberattack earlier this year,…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

US org with ‘significant presence in China’ targeted by hackers, Symantec says

/in

The cybersecurity firm did not name the company but said the attack was “likely carried out by a China-based threat actor, since some of the tools used in this attack have been previously associated with Chinese attackers.”

The Record from Recorded Future News – ​Read More

Bypass Bug Revives Critical N-Day in Mitel MiCollab

/in

A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there’s a workaround.

darkreading – ​Read More

Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges

/in

At least 17 affiliate groups have used the “DroidBot” Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn.

darkreading – ​Read More