"Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for
Group uses novel method of reading commands from legitimate IIS logs. Symantec, by Broadcom Software, has discovered a previously undocumented dropper that is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services (IIS) logs. The dropper
A Group-IB kiberbiztonsági cég szakértői egy olyan POS (point-of-sale) terminálok ellen irányuló kampányt fedeztek fel, melynek során több mint 167 000 bankkártya adatait lopták el kiberbűnözők 2021 februárja és 2022 szeptembere között.
Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware. A team of researchers at the Leiden Institute of Advanced Computer Science (Soufian El Yadmani, Robin The, Olga Gadyatskaya) discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits
The number of cyberattacks on Russia in 2022 increased by 80%, 25 thousand fell on state resources – Chernyshenko “And of course, information security is at the forefront, because the number of cyber attacks on Russia has increased by 80% this year. Moreover, if last year the financial sector was the
A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware. Some of the malicious sites were discovered by cyber-intelligence firm Cyble, which published a report this week focusing on domains mimicking popular Android app stores
The NRA (National Republican Army) claimed they are responsible for the hacking attack against Technoserv. Russia's largest systems integrator Technoserv was hacked by Russian hackers on October 17. In perhaps one of the largest IT-security breaches in Russian history. In total, the hackers managed to get more than
On 21 October CERT-UA detected SpearPhishing attack against Ukranian governmental organisations.
Pro-Ukranian hacker group, Team OneFist claims a Cisco data center switch belonging to the Institute for Systems Analysis of the Russian Academy of Sciences (ISA RAS) was identified and sucessfully pentetrated.
In recent years, “Big Game Hunting” ransomware attacks against enterprises have dominated media headlines because of their high-profile victims and substantial ransom demands. Yet single-client ransomware – a type of ransomware that infects individual computers, rather than fleets of devices – can still cause significant damage to individuals and organizations. In this
Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India. It further said
SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe activity of the group is espionage-related and that WIP19 is a Chinese-speaking threat actor. The threat cluster has some overlap with Operation
Details and a proof-of-concept (PoC) exploit have been published for the recent Fortinet vulnerability tracked as CVE-2022-40684, just as cybersecurity firms are seeing what appears to be the start of mass exploitation attempts. Fortinet privately informed some customers last week about the availability of patches and workarounds for a critical
Container and cloud-native application security provider Aqua Security warns that the existence of private NPM packages can be disclosed by performing timing attacks. Specifically, the security firm has discovered that an attacker armed with a list of package names may launch timing attacks to determine whether an organization has created
ESET researchers reveal their findings about POLONIUM, an advanced persistent threat (APT) group about which little information is publicly available and its initial compromise vector is unknown. POLONIUM is a cyberespionage group first documented by Microsoft Threat Intelligence Center (MSTIC) in June 2022. MSTIC’s assessment is that POLONIUM is
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. They observed this new ransomware, which labels itself in its ransom note as “Prestige ranusomeware”, being deployed
