Cyberattackers Hoop NBA Fan Data via Third-Party Vendor
As it moves into the final stretch of its regular season, the National Basketball Association said over the weekend that “an unauthorized third party” netted a database filled with the names and email addresses of fans. The data was housed by a newsletter service that it partners with, the NBA noted in a letter to…
Chinese Hackers Targeting Security and Network Appliances
Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch. Researchers from Mandiant say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes. The group, it said in a Thursday blog post, exploited a now-patched…
Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying
The vulnerabilities were discovered by researchers at industrial and IoT cybersecurity firm Claroty. The company — along with CISA and CERT/CC — has attempted to report the findings to the vendor over the past year, but without success, and the security holes remain unpatched. Claroty this week disclosed technical details of its findings and CISA…
Latest version of Xenomorph Android malware targets 400 banks
The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information…
China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware
A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. “The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades,” cybersecurity company Mandiant said in a technical report published this week. The Google-owned incident response…
Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor
One of the largest carriers in the US, AT&T has roughly 200 million wireless customers, but only a small percentage of the total has been impacted by the incident. “Approximately 9 million wireless accounts had their Customer Proprietary Network Information accessed,” AT&T said in an emailed statement. “We recently determined that an unauthorized person breached…
40% of Global ICS Systems Attacked With Malware in 2022
More than 40% of the total number of global industrial control systems (ICS) computers saw some kind of malicious attack during the course of 2022. This volume of cyberattacks against industrial systems was led by growth in Russia, which, as a region, saw a full 9 percentage-point increase in malicious activity in 2022, according to…
Russian Influence Duo Targets Politicians, CEOs for Embarrassing Video Calls
A Russian duo notorious for pranking numerous high-profile individuals, including Canadian Prime Minister Trudeau, is at it again — this time seeking to embarrass public figures that have expressed support for Ukraine in its war with Russia. Over the past year, the two individuals — known publicly as Vovan and Lexus — have targeted high-ranking…
AI-Powered ‘BlackMamba’ Keylogging Attack Evades Modern EDR Security
A proof-of-concept, artificial intelligence (AI)-driven cyberattack that changes its code on the fly can slip past the latest automated security-detection technology, demonstrating the potential for creating undetectable malware. Researchers from HYAS Labs demonstrated the proof-of-concept attack, which they call BlackMamba, which exploits a large language model (LLM) — the technology on which ChatGPT is based…
Pre-Deepfake Campaign Targets Putin Critics
Russia is continuing its campaign of disinformation around the Ukraine war through advanced social engineering delivered by a threat group tracked as TA499. According to a report from Proofpoint, TA499 targets US and European politicians, and leading businessmen and celebrities who have spoken out against Putin’s invasion. The primary purpose is to persuade the victims…
