Local government cybersecurity: 5 best practices
It seems like not a day goes by where we don’t hear about a local government cyberattack. Indeed, from 911 call centers to public schools, cyberattacks on local governments are as common as they are devastating. Just how often do threat actors attack local governments? A survey of 14 mainly larger US local governments found…
NSA Cyber Specialist, Army Doctor Charged in US Spying Cases
In one case, cybersecurity expert Jareh Sebastian Dalke, 30, spent less than four weeks working at the NSA, the government’s huge and powerful signals intelligence agency, before he suddenly quit, citing family problems at the end of June. In the few weeks he was at the NSA, he printed out top secret documents, and after…
MS SQL servers are getting hacked to deliver ransomware to orgs
Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned. They haven’t pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords…
Ukraine Cracks Down on Group Selling Hacked Accounts to Pro-Russia Propagandists
Ukrainian authorities say they have taken down a pro-Russia hacking group that compromised user accounts and then sold them for profit on dark web portals. According to the cyber department of Ukraine’s Security Service (SSU), the hackers targeted user accounts of individuals in Ukraine and across Europe. Leveraging the unauthorized access, the hackers harvested the…
UK Teen Arrested Over Rockstar Games, Uber Hacks
Both companies have confirmed being breached. Uber admitted that a hacker used compromised employee credentials to access internal tools, but downplayed impact, insisting that development systems, user accounts, and sensitive information were not accessed. In the case of Rockstar, the hacker leaked videos recorded during the development of the upcoming Grand Theft Auto (GTA) 6…
Trojan-stealer discovered in spam mailouts to businesses
We’re witnessing a new malicious mass-mailing campaign aimed at company employees using Agent Tesla spyware attachments. This time, when creating their e-mail messages, the attackers pay special attention to detail — so that their messages can really be mistaken for regular business e-mails with attached documents. Their final goal is to trick the recipient into…
How does identity crime affect victims?
The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. The report goes beyond the known financial implications of identity crimes and explores the lost opportunities as well as the emotional, physical and psychological…
15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected
The vulnerability in question is CVE-2007-4559, initially described as a directory traversal vulnerability in Python’s ‘tarfile’ module that could allow an attacker to remotely overwrite arbitrary files by convincing users to process specially crafted tar archives. The flaw was never properly patched and instead users were warned not to open archive files from untrusted sources….
Oracle Cloud Infrastructure Vulnerability Exposed Sensitive Data
Referred to as #AttachMe and mentioned in Oracle’s July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim’s Oracle Cloud Identifier (OCID). “OCI customers could have been targeted by an attacker with knowledge of #AttachMe. Any unattached storage volume, or attached storage volumes allowing multi-attachment, could have been…
VMware Warns of ‘ChromeLoader’ Delivering Ransomware, Destructive Malware
ChromeLoader was initially observed targeting Windows users in January 2022 – a macOS variant was spotted in March – when it was being dropped as an ISO file and could leak users’ browser credentials, collect data on their online activities, and display ads by hijacking browser searches. The threat is being distributed as pirated or…
