‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks
A serious privilege escalation vulnerability patched recently in the GNU C Library (glibc) has been exploited in cloud attacks by a threat group known for…
Author: Cybernoz
Who’s Behind the SWAT USA Reshipping Service? – Krebs on Security
Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances…
Fake Ledger App on Microsoft Store Leads to $800,000 Crypto Theft
The fake Ledger Live app on the Microsoft Store deceived users into downloading malware, which stole their Bitcoin and Ethereum funds. Hackread.com has been actively…
Shadow IT use at Okta behind series of damaging breaches
An Okta employee who signed into their personal Google account on a company-owned device appears to have been the source a breach that is now…
Medusa Claims Canadian Psychological Association Cyberattack
The Canadian Psychological Association (CPA), the primary representative body for psychologists across Canada, has allegedly fallen victim to a cyberattack by the notorious Medusa ransomware…
US Sanctions Russian National for Helping Ransomware Groups Launder Money
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Friday announced sanctions against Ekaterina Zhdanova, a Russian national allegedly involved in…
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached…
Iranian APT Targets Israeli Education, Tech Sectors With New Wipers
Since January 2023, an Iranian advanced persistent threat (APT) actor has been targeting higher education and technology organizations in Israel with wipers, cybersecurity firm Palo…
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure Pierluigi Paganini November 06, 2023 Google warns of multiple threat actors that are leveraging…
Cybercrime service bypasses Android security to install malware
A new dropper-as-a-service (DaaS) cybercrime operation named ‘SecuriDropper’ has emerged, using a method that bypasses the ‘Restricted Settings’ feature in Android to install malware on devices…
Medical research data Advarra stolen after SIM swap
Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is…
ALPHV Leaks Intimate Employee Images
Following a previous data breach at Advarra, the infamous ALPHV ransomware group has escalated its cyberattack by beginning to leak purported intimate photographs of female…