menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securelist

4w

read

8

img
dot

Image Credit: Securelist

Advanced threat predictions for 2025

  • Kaspersky's Global Research and Analysis Team analyzed most sophisticated attacks that shaped the threat landscape and anticipated emerging trends previously for 2024, which they review and offer insights about six of their predictions that have mostly come true. They also offer trend predictions for 2025, which include the IoT becoming a growing attack vector, backdoored AI models, and BYOVD exploits in APT campaigns.
  • 2024 trends reviewed include the continued rise in attacks by threat actors targeting mobile devices, the emergence of more groups building their botnets, kernel rootkits seeing a comeback, growth in cyberattacks by state-sponsored actors, and more hacktivism in cyberwarfare.
  • The Kaspersky research team predicted for 2025 that spear-phishing via Generative AI to more easily compose and illustrate phishing emails will expand. Additionally, the IoT will garner more attention from APTs, supply chain attacks on open-source projects will increase, and C++ and Go malware will be adapted to the open-source ecosystem.
  • The Kaspersky team also predicts that hacktivist alliances will escalate in 2025 and that deepfakes will be used by APT groups. Finally, they forecast that BYOVD exploits will continue to be used by attackers to escalate to kernel-level access.

Read Full Article

like

Like

share

Share

source image

Securityaffairs

4w

read

266

img
dot

Image Credit: Securityaffairs

Russia-linked APT TAG-110 uses targets Europe and Asia

  • Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe.
  • The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia, and Europe.
  • The APT used HATVIBE loader to deliver malware like CHERRYSPY, which enables encrypted data exfiltration and system monitoring of targeted entities.
  • TAG-110's operations align with Russia's geopolitical interests, focusing on Central Asia to maintain influence amid strained relations.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

4w

read

280

img
dot

Image Credit: Securityaffairs

Russia-linked threat actors threaten the UK and its allies, minister to say

  • Chancellor of the Duchy of Lancaster Pat McFadden will warn that Russia is preparing cyberattacks against the UK and its allies.
  • He believes that Russia is conducting a "hidden war" against the UK and its allies.
  • He will warn about the activity conducted by Russia's GRU Unit 29155, accused of conducting several attacks across the UK and Europe.
  • McFadden will also warn of cyber attacks carried out by "unofficial hacktivists" linked to the Russian government.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

4w

read

0

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

  • A cyberattack on gambling giant IGT disrupted portions of its IT systems
  • China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane
  • Microsoft seized 240 sites used by the ONNX phishing service
  • U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

Read Full Article

like

Like

share

Share

source image

Securityaffairs

4w

read

370

img
dot

Image Credit: Securityaffairs

DoJ seized credit card marketplace PopeyeTools and charges its administrators

  • The U.S. seized the stolen credit card marketplace PopeyeTools and charged its operators.
  • PopeyeTools was a dark web marketplace specializing in selling stolen credit cards and cybercrime tools.
  • The operators of PopeyeTools are charged with conspiracy to commit access device fraud, trafficking access devices, and solicitation of another person to offer access devices.
  • US authorities seized $283,000 in cryptocurrency and took down the PopeyeTools domains.

Read Full Article

like

22 Likes

share

5 Shares

source image

Securityaffairs

4w

read

66

img
dot

Image Credit: Securityaffairs

A cyberattack on gambling giant IGT disrupted portions of its IT systems

  • A cyberattack on gambling giant IGT disrupted its systems, forcing the company to take certain services offline.
  • IGT detected a cyberattack on November 17 and immediately initiated its incident response procedures.
  • As a multinational gambling company, IGT produces slot machines and gambling technology.
  • To contain the threat, IGT took some of the impacted systems offline and is working on bringing them back online.

Read Full Article

like

4 Likes

share

Share

source image

Securityaffairs

4w

read

165

img
dot

Image Credit: Securityaffairs

China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane

  • China-linked APT Gelsemium has deployed a new Linux backdoor called WolfsBane in attacks targeting East and Southeast Asia.
  • The backdoor WolfsBane is a Linux version of Gelsevirine, a Windows backdoor previously used by Gelsemium APT.
  • The shift to targeting Linux reflects APT groups adapting to enhanced Windows defenses and focusing on vulnerabilities in internet-facing Linux systems.
  • The initial access method used by Gelsemium APT is still unclear, but researchers believe web application vulnerabilities were exploited.

Read Full Article

like

9 Likes

share

2 Shares

source image

Securityaffairs

4w

read

187

img
dot

Image Credit: Securityaffairs

Microsoft seized 240 sites used by the ONNX phishing service

  • Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation.
  • Microsoft identified Abanoub Nady as the man behind the ONNX phishing service who developed and sold phishing kits.
  • Phishing heavily targets financial services and Microsoft observed a 146% increase in Adversary-in-the-Middle attacks.
  • Through a civil court order, Microsoft has redirected the malicious technical infrastructure, permanently stopping the use of these domains for phishing attacks.

Read Full Article

like

11 Likes

share

2 Shares

source image

Hackingblogs

4w

read

441

img
dot

Image Credit: Hackingblogs

Warning: OpenAI’s ChatGPT Can Lead You Into Scams—How a Simple Request Cost Me $2.5K!

  • A user reported a serious bug in OpenAI's ChatGPT program that led to a loss of $2.5k.
  • The user requested coding assistance from ChatGPT and was suggested a fake @solana API website, resulting in the loss of funds.
  • The user discovered the scam after noticing the lack of information on a possible hack and investigating solanaapis.com.
  • The user no longer trusts OpenAI and shared the entire conversation with ChatGPT as proof.

Read Full Article

like

26 Likes

share

6 Shares

source image

Coinpedia

4w

read

196

img
dot

Image Credit: Coinpedia

How AI-Powered Crypto Scams Are Changing the Blockchain Security Landscape

  • A Solana wallet was poisoned in the first documented AI poisoning attack on the cryptocurrency market, resulting in a loss of $2,500 USD.
  • The attack involved an AI chatbot providing a fake link containing an API for Solana services, which stole the wallet's private keys and transferred the funds to a fraudulent wallet.
  • AI poisoning refers to the act of feeding bad data to AI models during the training process, and this incident highlights the dangers of AI systems in specialized fields like blockchain.
  • Developers and users are advised to verify all code and APIs, segregate wallets, and monitor blockchain activity to prevent similar incidents.

Read Full Article

like

11 Likes

share

2 Shares

source image

Securityaffairs

4w

read

160

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog.
  • The vulnerabilities added include CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability, CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability, and CVE-2024-21287 Oracle Agile PLM Incorrect Authorization Vulnerability.
  • Apple released security updates for two zero-day vulnerabilities, CVE-2024-44309 and CVE-2024-44308, which were actively exploited in the wild.
  • CISA orders federal agencies to fix the vulnerabilities by December 12, 2024.

Read Full Article

like

9 Likes

share

2 Shares

source image

Crypto-News-Flash

4w

read

125

img
dot

Image Credit: Crypto-News-Flash

North Korea’s $1B Crypto Heist: Upbit Hack Explained

  • North Korean hackers stole 342K ETH from Upbit in 2019 and laundered through exchanges in over 51 countries.
  • Investigations by South Korea and the FBI traced crypto trails, recovering only 4.8 BTC from the billion-dollar theft.
  • The heist highlighted weaknesses in crypto systems and the role of state-sponsored cybercrime in bypassing global sanctions.
  • North Korea used laundering techniques and covert exchanges to convert 57% of the stolen funds into Bitcoin.

Read Full Article

like

7 Likes

share

1 Share

source image

Hackingblogs

4w

read

142

img
dot

Image Credit: Hackingblogs

Advanced Ransomware Group SafePay Appears Out Of Nowhere Exploiting Multiple Government And MNCs

  • SafePay ransomware group has emerged and is exploiting numerous government organizations and well-known businesses.
  • The ransomware group is relatively unknown and not widely discussed on illegal forums.
  • Triton Sourcing & Distribution, a New Zealand importer, confirms being a victim of the SafePay ransomware attack.
  • Researchers discovered flaws in the SafePay ransomware group's server, leading to the identification of 22 victims.

Read Full Article

like

8 Likes

share

2 Shares

source image

Securityaffairs

4w

read

344

img
dot

Image Credit: Securityaffairs

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

  • Threat actors have hacked thousands of Palo Alto Networks firewalls using recently patched zero-day vulnerabilities.
  • The vulnerabilities exploited are CVE-2024-0012 and CVE-2024-9474 in PAN-OS.
  • The first vulnerability allows unauthenticated attackers with access to the management web interface to bypass authentication and gain admin privileges, while the second vulnerability allows privilege escalation for PAN-OS administrators.
  • Approximately 2,000 firewalls have been compromised, with countries like the US and India most affected.

Read Full Article

like

20 Likes

share

4 Shares

source image

Securityaffairs

4w

read

196

img
dot

Image Credit: Securityaffairs

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

  • Mexico is investigating a ransomware attack targeting its legal affairs office.
  • The ransomware gang Ransomhub claimed responsibility for the attack.
  • Stolen files include contracts, insurance, and financial documents.
  • This is not the first time Mexico's government has been targeted in a hack involving sensitive information.

Read Full Article

like

11 Likes

share

2 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app