ClickFix Campaign Targets Google Meet Users With Sophisticated Phishing Attacks
The ClickFix campaign employs deceptive phishing emails to distribute info-stealing malware, specifically targeting cryptocurrency and decentralized finance users through counterfeit Google Meet invitations.
View full story…
Internet Archive Restores Services After DDoS Attacks By Russian Hackers
The Internet Archive has resumed key services following DDoS attacks by the Russian hacker group “SN_BLACKMETA,” which aimed to draw attention to the plight of the Palestinian civilian population amid the Gaza conflict, although many features remain offline due to security concerns.
View full story…
Microsoft Discovers Critical macOS Vulnerability CVE-2024-44133
Microsoft has identified a significant security flaw in macOS, codenamed “HM Surf,” that allows unauthorized access to sensitive user data through the Safari browser on MDM-managed devices.
View full story…
Phishing Attacks Surge Against Major Tech Brands in Q3 2024
In the third quarter of 2024, Microsoft, Apple, and Google were frequently impersonated in phishing attacks, with Microsoft accounting for 61% of all brand spoofing attempts, highlighting ongoing vulnerabilities in the technology sector.
View full story…
Latest Cybernews
China Dismisses U.S. Allegations of Volt Typhoon Hacking as Political Farce
China’s National Computer Virus Emergency Response Center has rejected U.S. claims of state-sponsored hacking by the Volt Typhoon group, asserting that the allegations lack evidence and serve as a distraction from U.S. cyber operations.
View full story…
RansomHub Surges as Top Ransomware Operation in Q3 2024
RansomHub emerged as the leading ransomware group with 247 successful attacks in Q3 2024, while LockBit’s activity plummeted by 88%, highlighting significant shifts in the ransomware landscape.
View full story…
AI Zero-Day Vulnerabilities: Emerging Threats in AI Security
AI zero-day vulnerabilities pose significant risks to artificial intelligence systems, with threats such as prompt injection attacks and training data leakage becoming increasingly prevalent as organizations adopt AI technologies.
View full story…
Two Sudanese Brothers Indicted for Operating “Anonymous Sudan” Hacktivist Group
Ahmed Salah Yousif Omer and Alaa Salah Yusuff Omer have been indicted by the US Department of Justice for their alleged roles in the hacktivist group “Anonymous Sudan,” which is linked to over 35,000 cyberattacks against critical infrastructure worldwide.
View full story…
SideWinder APT Expands Cyber-Espionage Operations with StealerBot Toolkit
The Indian-based SideWinder group has broadened its cyber-espionage activities to include high-profile targets across various sectors and regions, utilizing a sophisticated malware toolkit known as StealerBot.
View full story…
North Korean Cyber Actors Shift Tactics From Espionage to Extortion
North Korean threat actors, including the Nickel Tapestry group and the Lazarus Group, have transitioned from traditional espionage to extortion, infiltrating Western companies by impersonating IT workers and generating millions in illicit revenue to fund the regime’s nuclear programs.
View full story…
Cicada3301 Emerges as a Major Ransomware Threat Targeting Critical Sectors
Cicada3301, a newly identified ransomware-as-a-service group, has quickly compromised at least 30 organizations in the US and UK using advanced Rust-based ransomware and a dark web affiliate program.
View full story…
Kubernetes Image Builder Vulnerability Allows Unauthorized VM Access
A critical security flaw in Kubernetes Image Builder, tracked as CVE-2024-9486, enables attackers to bypass authentication and gain root access to virtual machines, posing significant risks to affected environments.
View full story…
Instagram Launches Campaign to Combat Teen Sextortion
Instagram has initiated a comprehensive campaign to address sextortion among teenagers by introducing new safety features and educational resources in collaboration with child safety organizations.
View full story…
Iranian Cyber Actors Target Critical Infrastructure in Sustained Campaign
Intelligence agencies in Australia, Canada, and the US have identified a year-long cyber campaign by Iranian actors employing sophisticated techniques, including brute force attacks and MFA fatigue, to compromise critical infrastructure sectors.
View full story…