Lapsus$ hackers took SIM-swapping attacks to the next level
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to...
Read more →Category: Bleeping Computer
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router
Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the...
Read more →
Microsoft Exchange updates pulled after breaking non-English installs
Microsoft has pulled Microsoft Exchange Server’s August security updates from Windows Update after finding they break Exchange on non-English installs. On...
Read more →
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
Image: Midjourney A cyberespionage group named ‘MoustachedBouncer’ has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies...
Read more →
New Whirlpool backdoor used in Barracuda ESG hacks
Image: Midjourney The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named ‘Whirlpool’ used in...
Read more →
Exploring the Stealer Log Lifecycle
The first seven months of 2023 have seen a continued rapid evolution of the cybercrime ecosystem. Ransomware data exfiltration attacks,...
Read more →
Dell Compellent hardcoded key exposes VMware vCenter admin creds
An unfixed hardcoded encryption key flaw in Dell’s Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter...
Read more →
New BitForge cryptocurrency wallet flaws lets hackers steal crypto
Image: Midjourney Multiple zero-day vulnerabilities named ‘BitForge’ in the implementation of widely used cryptographic protocols like GG-18, GG-20, and Lindell...
Read more →
Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using ‘Merlin,’ an open-source post-exploitation and command and control...
Read more →
Missouri warns that health info was stolen in IBM MOVEit data breach
Missouri’s Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered...
Read more →
Rhysida ransomware behind recent attacks on healthcare
The Rhysida ransomware operation is making a name for itself after a wave of attacks on healthcare organizations has forced...
Read more →
Popular open source project Moq criticized for quietly collecting data
Open source project Moq (pronounced “Mock”) has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed...
Read more →