APT28-linked hackers have targeted Ukraine’s scientific institutions in a cyber-espionage campaign, believed to have ties to the Kremlin-backed group APT28, also known as Fancy Bear and BlueDelta.
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.
“On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques,” the company
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-24 10:08:302024-07-24 10:08:30CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-24 10:08:292024-07-24 10:08:29CrowdStrike Explains Why Bad Update Was Not Properly Tested
RMM tools have become essential in managing remote devices, but they also pose risks if exploited by threat actors. Attackers can gain remote access to devices, exfiltrate data, and remain undetected.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-24 10:08:292024-07-24 10:08:29The Power and Peril of RMM Tools
A security flaw in Microsoft Defender SmartScreen was exploited to deliver ACR, Lumma, and Meduza stealers in a recent campaign. The campaign targeted Spain, Thailand, and the U.S. by using booby-trapped files exploiting CVE-2024-21412.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-24 10:08:282024-07-24 10:08:28Infostealer Campaign Exploits Microsoft Windows SmartScreen Flaw to Spread Payloads
Verizon Communications has agreed to pay a $16 million settlement to the FCC for three data breaches at TracFone Wireless, a subsidiary acquired in 2021. TracFone provides services under brands like Total by Verizon Wireless and Straight Talk.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-24 09:07:332024-07-24 09:07:33Verizon to Pay $16 Million in TracFone Data Breach Settlement
Infoblox revealed a Chinese cybercrime syndicate called Vigorish Viper behind illegal online gambling brands advertised at European football stadiums. The group is linked to online gambling and cyber fraud-related human trafficking in Southeast Asia.
Google has decided to continue supporting third-party cookies, instead proposing a new approach that allows users to opt-in to their Privacy Sandbox. This comes after criticism and regulatory pressure over privacy concerns and competition issues.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-24 09:07:312024-07-24 09:07:31Google Abandons Plan to Drop Third-Party Cookies in Chrome
The leak comes from a backup allegedly sold by Conor Fitzpatrick, also known as Pompompurin. Following the seizure of RaidForums in 2022, Fitzpatrick launched BreachForums v1, which was later seized by the FBI and linked to his arrest.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-24 08:06:312024-07-24 08:06:31BreachForums v1 database leak is an OPSEC test for hackers
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub
/in General NewsCybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.
Security Latest – Read More
Possible APT28-linked Hackers Target Ukraine’s Scientific Institutions
/in General NewsAPT28-linked hackers have targeted Ukraine’s scientific institutions in a cyber-espionage campaign, believed to have ties to the Kremlin-backed group APT28, also known as Fancy Bear and BlueDelta.
Cyware News – Latest Cyber News – Read More
CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
/in General NewsCybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.
“On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques,” the company
The Hacker News – Read More
CrowdStrike Explains Why Bad Update Was Not Properly Tested
/in General NewsCrowdStrike has shared a preliminary incident review, explaining why the update that caused global chaos was not caught by testing.
The post CrowdStrike Explains Why Bad Update Was Not Properly Tested appeared first on SecurityWeek.
SecurityWeek – Read More
The Power and Peril of RMM Tools
/in General NewsRMM tools have become essential in managing remote devices, but they also pose risks if exploited by threat actors. Attackers can gain remote access to devices, exfiltrate data, and remain undetected.
Cyware News – Latest Cyber News – Read More
Infostealer Campaign Exploits Microsoft Windows SmartScreen Flaw to Spread Payloads
/in General NewsA security flaw in Microsoft Defender SmartScreen was exploited to deliver ACR, Lumma, and Meduza stealers in a recent campaign. The campaign targeted Spain, Thailand, and the U.S. by using booby-trapped files exploiting CVE-2024-21412.
Cyware News – Latest Cyber News – Read More
Verizon to Pay $16 Million in TracFone Data Breach Settlement
/in General NewsVerizon Communications has agreed to pay a $16 million settlement to the FCC for three data breaches at TracFone Wireless, a subsidiary acquired in 2021. TracFone provides services under brands like Total by Verizon Wireless and Straight Talk.
Cyware News – Latest Cyber News – Read More
Chinese ‘Cybercrime Syndicate’ Behind Gambling Sites Advertised at European Sporting Events
/in General NewsInfoblox revealed a Chinese cybercrime syndicate called Vigorish Viper behind illegal online gambling brands advertised at European football stadiums. The group is linked to online gambling and cyber fraud-related human trafficking in Southeast Asia.
Cyware News – Latest Cyber News – Read More
Google Abandons Plan to Drop Third-Party Cookies in Chrome
/in General NewsGoogle has decided to continue supporting third-party cookies, instead proposing a new approach that allows users to opt-in to their Privacy Sandbox. This comes after criticism and regulatory pressure over privacy concerns and competition issues.
Cyware News – Latest Cyber News – Read More
BreachForums v1 database leak is an OPSEC test for hackers
/in General NewsThe leak comes from a backup allegedly sold by Conor Fitzpatrick, also known as Pompompurin. Following the seizure of RaidForums in 2022, Fitzpatrick launched BreachForums v1, which was later seized by the FBI and linked to his arrest.
Cyware News – Latest Cyber News – Read More