The threat actor went more than half a decade before being discovered — thanks to a remarkable backdoor delivered in invisible adversary-in-the-middle attacks.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-26 21:06:412024-01-26 21:06:41Microsoft Shares New Guidance in Wake of ‘Midnight Blizzard’ Cyberattack
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-26 21:06:412024-01-26 21:06:41Series of Cyberattacks Hit Ukrainian Critical Infrastructure Organizations
Many apps abuse the background processing feature to transmit device data to their servers, potentially enabling fingerprinting and persistent tracking, which is strictly prohibited in iOS.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-26 20:06:532024-01-26 20:06:53iPhone Apps Abuse iOS Push Notifications to Collect User Data
The threat actor, known as APT29 or BlueBravo, uses diverse methods including compromised accounts, OAuth applications, and password spraying to gain and maintain access, making traditional indicators of compromise-based detection ineffective.
The stolen data includes raw genotype data, health reports, and information from DNA Relatives and Family Tree profiles, potentially exposing personal and ancestral information of affected customers.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-26 17:06:342024-01-26 17:06:34Update: Hackers Stole Raw Genotype Data, Health Reports in 23andMe Data Breach
Refined tactics, increased collaboration between groups, and continued success exploiting zero-days is helping ICS ransomware attackers inflict more damage, researchers find.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-26 16:06:422024-01-26 16:06:42CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs’ Evolving Role
The integration of different disciplines of cybersecurity and fraud management is a necessary evolution in the face of increasingly sophisticated digital threats.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-01-26 16:06:412024-01-26 16:06:41Redefining Cybersecurity for a Comprehensive Security Posture
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Newly ID’ed Chinese APT Hides Backdoor in Software Updates
/in General NewsThe threat actor went more than half a decade before being discovered — thanks to a remarkable backdoor delivered in invisible adversary-in-the-middle attacks.
darkreading – Read More
Microsoft Shares New Guidance in Wake of ‘Midnight Blizzard’ Cyberattack
/in General NewsThreat actors created and abused OAuth apps to access Microsoft’s corporate email environment and remain there for weeks.
darkreading – Read More
Series of Cyberattacks Hit Ukrainian Critical Infrastructure Organizations
/in General NewsIt’s unclear if the attacks — which hit oil and gas, postal service, transport safety, and railway organizations in the nation — were related.
darkreading – Read More
iPhone Apps Abuse iOS Push Notifications to Collect User Data
/in General NewsMany apps abuse the background processing feature to transmit device data to their servers, potentially enabling fingerprinting and persistent tracking, which is strictly prohibited in iOS.
Cyware News – Latest Cyber News – Read More
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Firms
/in General NewsThe threat actor, known as APT29 or BlueBravo, uses diverse methods including compromised accounts, OAuth applications, and password spraying to gain and maintain access, making traditional indicators of compromise-based detection ineffective.
Cyware News – Latest Cyber News – Read More
Update: Hackers Stole Raw Genotype Data, Health Reports in 23andMe Data Breach
/in General NewsThe stolen data includes raw genotype data, health reports, and information from DNA Relatives and Family Tree profiles, potentially exposing personal and ancestral information of affected customers.
Cyware News – Latest Cyber News – Read More
ICS Ransomware Danger Rages Despite Fewer Attacks
/in General NewsRefined tactics, increased collaboration between groups, and continued success exploiting zero-days is helping ICS ransomware attackers inflict more damage, researchers find.
darkreading – Read More
Pegasus Spyware Targets Togolese Journalists’ Mobile Devices
/in General NewsAn investigation into 2021 intrusions uncovered multiple infections on the phones of journalists in the African country.
darkreading – Read More
CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs’ Evolving Role
/in General NewsOur collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
darkreading – Read More
Redefining Cybersecurity for a Comprehensive Security Posture
/in General NewsThe integration of different disciplines of cybersecurity and fraud management is a necessary evolution in the face of increasingly sophisticated digital threats.
darkreading – Read More