Month: October 2024
Windows 11 24H2 is unavailable for thousands of users due to safeguard or compatibility holds Microsoft has placed on specific device and software configurations. Microsoft places compatibility holds on specific devices using hardware or applications that may conflict with Windows 11 24H2, causing crashes, performance issues, freezes, or other unusual behavior. These holds will prevent…
Read More
A threat actor claimed that they have and are selling 280 million U.S. citizens’ personal data on dark web. According to the post of the threat actor, the data includes; First_Name、Last_Name Address、City、State、ZIP Ind_Date_Of_Birth_Year、Ind_Age Home_Value_Code、Home_Median_Value_Code、Median_Income_Code Email、Phone They are also claiming that they can provide sample data to the prospects. Meanwhile, they did not mention the source…
Read More
Cisco has added new security features that significantly mitigate brute-force and password spray attacks on Cisco ASA and Firepower Threat Defense (FTD), helping protect the network from breaches and reducing resource utilization on devices. Password spray and brute force attacks are similar in that they both attempt to gain unauthorized access to an online account by guessing…
Read More
Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems. This is possible by taking control of the Windows Update process to introduce outdated, vulnerable software components on an up-to-date machine without the operating system changing the fully patched status. Downgrading Windows SafeBreach…
Read More
The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices. The hacking contest pits security researchers against various software and hardware products, in an attempt earn the “Master of Pwn” title by compromising targets in eight categories…
Read More
Oct 26, 2024Ravie LakshmananCybercrime / Malware Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg…
Read More
Oct 26, 2024Ravie LakshmananCloud Security / Cryptocurrency The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. “The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised…
Read More
Oct 26, 2024Ravie LakshmananCyber Attack / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. “The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture,” CERT-UA said. “These emails contain attachments in…
Read More
The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. Black Basta is a ransomware operation active since April 2022 and responsible for hundreds of attacks against corporations worldwide. After the Conti cybercrime syndicate shut down in…
Read More
Russia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment. REvil ransomware (aka Sodin and Sodinokibi) was launched in April 2019 as a direct successor of the GandCrab operation. In less than a year, the gang became the most prolific ransomware group, asking…
Read More