Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control C&C infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo...

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, could be weaponized to obtain unauthenticated remote shell command execution o...

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command IRGC-CEC from at least 2016 to April 202...

Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool

By Waqas Update Windows Now or Get Hacked: Microsoft Warns of Actively Exploited Vulnerability! This is a post from HackRead.com Read the original post: Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool...

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the...

boldelectric.ca Cross Site Scripting vulnerability OBB-3920746

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

The head of counterintelligence for a division of the Russian Federal Security Service FSB was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. T...

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment NERVE...

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

Microsoft has revealed that North Korea-linked state-sponsored cyber actors have begun to use artificial intelligence AI to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models LLM to make their operations more efficient and...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 RCE Test Script Overview This Python script...

Who Stole 3.6M Tax Records from South Carolina?

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the states revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a...

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in...

Security Bulletin: IBM Security Verify Directory products are vulnerable to CVE-2022-32751

Summary A Security Vulnerability discovered by the IBM Ethical Hacking team has been fixed in IBM Security Directory products. Vulnerability Details CVEID:CVE-2022-32751 DESCRIPTION: IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further...

Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

The Police of Finland aka Poliisi has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the...

U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation

The U.S. Department of Justice DoJ on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin 倪高彬, Weng Ming 翁...

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesnt...

Security Bulletin: Multiple Security Vulnerabilites have been fixed in IBM Security Verify Directory Container (CVE-2022-32753, CVE-2022-32756, CVE-2022-32751, CVE-2022-32754)

Summary Multiple Vulnerabilities found by the IBM Ethical Hacking team have been fixed in IBM Verify Directory Container. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Directory Server uses weaker than expected cryptographic algorithms that could allow an attacker to decryp...

[updated] Apex Legends Global Series plagued by hackers

The North American finals of online shooter game Apex Legends has been postponed after games were disrupted by hacking incidents. Apex Legends, published by EA, is currently in an important stage of its Global Series, the regional finals mode. This is a big deal for the top players since there is...

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts

The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. ...