August 29, 2024

China’s Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs

Security researchers at Lumen Technologies have identified Chinese APT group Volt Typhoon leveraging a newly discovered zero-day vulnerability in Versa Director servers to compromise credentials and infiltrate downstream customer networks.The critical vulnerability, CVE-2024-39717, was recently added to the Cybersecurity and Infrastructure Security Agency’s (CISA) list of mandatory patches. Versa Networks confirmed the active exploitation of the zero-day and issued a […]
August 1, 2024

Possible APT28-linked hackers target Ukraine’s scientific institutions

A recent cyber-espionage campaign targeting Ukraine’s scientific and research institutions has been linked to APT28, a Kremlin-backed group associated with Russia’s military intelligence (GRU). Researchers from CERT-UA identified the involvement of the UAC-0063 group, which used malware strains Hatvibe and Cherryspy in July attacks. Hatvibe enables the execution of additional files on infected devices, while Cherryspy allows attackers to run […]
July 14, 2024

4TB of internaal date allegedly leaked in Austrailan medical research breach

The Medusa ransomware group has claimed responsibility for stealing over four terabytes of data from the Harry Perkins Institute of Medical Research in Western Australia. The group posted on its dark web leak site, stating that 4.6TB of internal building camera recordings had been uploaded. Medusa is demanding a ransom of US$500,000, though it is also willing to sell the […]
July 4, 2024

Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)

Researchers have discovered ongoing exploitation of a critical vulnerability in the HTTP File Server (HFS) that is being used to deploy cryptocurrency mining malware, Remote Access Trojans (RATs), backdoors, and infostealers.This vulnerability, identified as CVE-2024-23692, impacts the Rejetto HTTP File Server (HFS), a software that enables file sharing through a web browser using only an executable file, bypassing the need […]
June 12, 2024

361 million stolen accounts leaked on Telegram added to HIBP

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised.Cybersecurity researchers collected these credentials from numerous Telegram cybercrime channels, where the stolen data is commonly leaked […]
May 5, 2024

North Korea hacking teams hack South Korea defence contractors – police

North Korean hacking groups have targeted defense contractors in South Korea, according to police reports. The attackers were identified through an analysis of source IP addresses, signal re-routing structures, and malware signatures. Authorities, in collaboration with national intelligence agencies and private sector experts, traced the hacks back to these groups.The Hacking teams linked to North Korea’s intelligence apparatus and known […]
April 18, 2024

Cyberattack Takes Frontier Communications Offline

Texas-based Frontier Communications, a provider of local residential and business telecom services in 25 states, experienced a cyberattack. The breach allowed an unauthorized third party to access portions of its information technology environment, resulting in the theft of personally identifiable information (PII). As part of its containment measures, Frontier took certain systems offline, which led to an operational disruption that […]
April 15, 2024

EPA critical infrastructure contacts stolen, attackers claim

JSOutProx malware targets financial customers by delivering fake SWIFT payment notifications to businesses and fake MoneyGram templates to civilians.Currently, the threat group is targeting financial organizations in the Philippines, Laos, Singapore, Malaysia, India, and Saudi Arabia, which researchers believe is linked to China.
February 29, 2024

CISA: Admin Credentials of a Former Employee Leveraged to Compromise a State Government Organization

Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents with host and user information, including metadata, were posted on a dark web brokerage site. An analysis confirmed that an unknown threat actor compromised network administrator credentials through the account of a […]
123
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.