Aug 02, 2024Ravie LakshmananCyber Attack / Windows Security Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Labs, which made the discovery on June 25, 2024, in…
Read More
Aug 02, 2024The Hacker NewsVulnerability / Network Security Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities keep affecting these systems and…
Read More
Project Memoria and flaws in embedded TCP/IP stacks Many consumer IoT devices nowadays, such as routers, modems, network-attached storage (NAS) boxes, and network video recorders (NVRs) use firmware based on the Linux kernel. But industrial and medical embedded devices still rely on proprietary real-time operating systems (RTOSes) such as VxWorks for their firmware. Even though…
Read More
Aug 02, 2024Ravie LakshmananCyber Crime / Hacking News In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country. This includes Roman Valerevich Seleznev and Vladislav Klyushin, who are part of a group of eight people…
Read More
Aug 02, 2024Ravie LakshmananMalware / Network Security Cybersecurity companies are warning about an uptick in the abuse of Clouflare’s TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a one-time tunnel that acts as a conduit to relay traffic from an attacker-controlled server…
Read More
DNS hacks usually fall into obvious types, such as DNS poisoning (manipulating DNS records to redirect users), domain shadowing (adding malicious sub-domains to a DNS record), or CNAME attacks (hijacking lapsed sub-domains). Sitting Ducks turned out to be different, and had to do with weaknesses in the way domains are administered, or not administered. In…
Read More
Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were several convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan. Among the more notable Russian hackers released in the prisoner swap…
Read MoreTwenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were five convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan. Among the more notable Russian hackers released in the prisoner swap…
Read More
Business Security Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide 31 Jul 2024 • , 4 min. read If we were to stop people on the street and ask for words to describe the…
Read More
Humans still have something to say in the age of AI Beyond the failure of CrowdStrike and the systemic problems affecting the technology industry, the global computer blackout made it clear that, in the era of artificial intelligence (AI) everywhere, human beings are not expendable, and that the world is not ready to leave big…
Read More