Sicurezza – News ENG
News da fonti internazionali (DARK Reading, The Hacker News, Threatpost)
- Texas Teen Arrested for Scattered Spider Telecom Hacksby Becky Bracken, Senior Editor, Dark Reading (darkreading) on 6 Dicembre 2024 at 9:10 pm
An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on ‘key Scattered Spider members’ and their tactics.
- Microsoft Expands Access to Windows Recall AI Featureby Tara Seals, Managing Editor, News, Dark Reading (darkreading) on 6 Dicembre 2024 at 8:56 pm
The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.
- FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraineby info@thehackernews.com (The Hacker News) (The Hacker News) on 6 Dicembre 2024 at 4:15 pm
A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto’s Citizen Lab. “The spyware placed on his device allows the operator to track a target device’s
- Why SOC Roles Need to Evolve to Attract a New Generationby Jessica Belt (darkreading) on 6 Dicembre 2024 at 3:00 pm
The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts.
- Open Source Security Priorities Get a Reshuffleby Robert Lemos, Contributing Writer (darkreading) on 6 Dicembre 2024 at 2:59 pm
The “Census of Free and Open Source Software” report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components.
- Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworksby info@thehackernews.com (The Hacker News) (The Hacker News) on 6 Dicembre 2024 at 11:28 am
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first
- Conquering the Complexities of Modern BCDRby info@thehackernews.com (The Hacker News) (The Hacker News) on 6 Dicembre 2024 at 11:00 am
The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex IT ecosystems.
- More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loaderby info@thehackernews.com (The Hacker News) (The Hacker News) on 6 Dicembre 2024 at 8:22 am
The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malwareby info@thehackernews.com (The Hacker News) (The Hacker News) on 6 Dicembre 2024 at 7:03 am
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that’s designed to drop the Visual Basic Script malware, Recorded Future’s Insikt Group said in a new analysis.
- Library of Congress Offers AI Legal Guidance to Researchersby Robert Lemos, Contributing Writer (darkreading) on 5 Dicembre 2024 at 10:18 pm
Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law.
- Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnelsby Tara Seals, Managing Editor, News, Dark Reading (darkreading) on 5 Dicembre 2024 at 10:04 pm
Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.
- Bypass Bug Revives Critical N-Day in Mitel MiCollabby Nate Nelson, Contributing Writer (darkreading) on 5 Dicembre 2024 at 9:13 pm
A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there’s a workaround.
- Trojan-as-a-Service Hits Euro Banks, Crypto Exchangesby Becky Bracken, Senior Editor, Dark Reading (darkreading) on 5 Dicembre 2024 at 8:49 pm
At least 17 affiliate groups have used the “DroidBot” Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn.
- LLMs Raise Efficiency, Productivity of Cybersecurity Teamsby Karen Spiegelman, Features Editor (darkreading) on 5 Dicembre 2024 at 7:59 pm
AI-powered tools are making cybersecurity tasks easier to solve, as well as easier for the team to handle.
- ‘Earth Minotaur’ Exploits WeChat Bugs, Sends Spyware to Uyghursby Elizabeth Montalbano, Contributing Writer (darkreading) on 5 Dicembre 2024 at 3:58 pm
The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called “DarkNimbus” to ethnic minorities, including Tibetans.
- This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchangesby info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 3:58 pm
As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. “DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring,” Cleafy researchers Simone Mattia, Alessandro
- Vulnerability Management Challenges in IoT & OT Environmentsby Malleswar Reddy Yerabolu (darkreading) on 5 Dicembre 2024 at 3:00 pm
By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats.
- Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Accessby info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 2:56 pm
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input
- Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Serversby info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 2:55 pm
Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices
- Want to Grow Vulnerability Management into Exposure Management? Start Here!by info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 12:46 pm
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident. At its core, Vulnerability Management
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoorby info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 12:43 pm
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. “Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackersby info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 11:00 am
A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn’t rule out the possibility that the intrusion may have occurred earlier. “The attackers moved laterally
- ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japanby info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 7:30 am
The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis. “An interesting aspect of this campaign is the comeback of a backdoor
- African Law Enforcement Nabs 1,000+ Cybercrime Suspectsby Robert Lemos, Contributing Writer (darkreading) on 5 Dicembre 2024 at 7:00 am
Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms.
- NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctionsby info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 5:47 am
The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks
- CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanelby info@thehackernews.com (The Hacker News) (The Hacker News) on 5 Dicembre 2024 at 5:09 am
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-51378 (CVSS score: 10.0) – An incorrect default permissions
- Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projectsby (darkreading) on 4 Dicembre 2024 at 10:52 pm
- Wyden and Schmitt Call for Investigation of Pentagon’s Phone Systemsby (darkreading) on 4 Dicembre 2024 at 10:44 pm
- CISA Issues Guidance to Telecom Sector on Salt Typhoon Threatby Jai Vijayan, Contributing Writer (darkreading) on 4 Dicembre 2024 at 10:06 pm
Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.
- Russian FSB Hackers Breach Pakistani APT Storm-0156by Nate Nelson, Contributing Writer (darkreading) on 4 Dicembre 2024 at 8:47 pm
Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT’s infrastructure, and stole the same kinds of info it targets in South Asian government and military victims.