Saudi Aramco CEO Warns of New Threat of Generative AI
The world’s largest oil company issued a warning this week that the energy sector is vulnerable to attacks, particularly with the advent of new technologies such as generative AI. Amin H. Nasser, CEO of Saudi Aramco, told the Global Cybersecurity Forum that the energy sector is an attractive target to those who want to do…
SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures
The charges stem from alleged fraud and internal control failures related to known cybersecurity weaknesses that took place between the company’s October 2018 initial public offering (IPO) and its December 2020 revelation of a sophisticated cyberattack dubbed “SUNBURST.” The software supply chain cyberattack involved Russia-linked threat actors breaching SolarWinds systems in 2019, or possibly even…
Microsoft: 0ktapus Cyberattackers Evolve to ‘Most Dangerous’ Status
“One of the most dangerous financial criminal groups” — and growing in sophistication. That is Microsoft’s assessment of the 0ktapus cyberattack collective, which was most recently in the news for carrying out the strikingly disruptive MGM and Caesars Entertainment ransomware hits. The English-speaking group (aka Scatter Swine, UNC3944 or, as Microsoft calls it, “Octo Tempest”)…
Known Ransomware Attack Volume Breaks Monthly Record, Again
The volume of known ransomware attacks surged last month to record-breaking levels, security researchers report. Ransomware groups collectively listed 514 victims on their data-leak sites in September, breaking the previous record in July of 502 victims, said U.K. cybersecurity firm NCC Group. The firm reports that “major drivers of this activity” include newer groups such…
Is the Ragnar Locker Ransomware Group Headed for Oblivion?
The data leak and negotiation sites for the Ragnar Locker ransomware group went offline Thursday after an international law enforcement operation seized its infrastructure. Law enforcement agencies participating in the crackdown include the FBI, as well as authorities in France, Germany, Italy, Spain and the Netherlands, backed by Europol’s European Cybercrime Center as well as…
North Korean Hackers Exploiting Critical Flaw in DevOps Tool
North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool – a high-risk development, especially in light of Pyongyang hackers’ recent track record of supply chain hacks. Researchers at Microsoft said Wednesday that North Korean nation-state threat actors tracked as Diamond Sleet and Onyx Sleet…
Cisco warns of active exploitation of IOS XE zero-day
Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases. The vulnerability can be exploited by an attacker to gain administrator privileges and take…
Chinese APT group ToddyCat launches new cyber-espionage campaigns
Researchers warn of renewed attacks against high-profile organizations launched by a Chinese APT actor known in the industry as ToddyCat. The group has been refining its tactics as well as malware toolset since 2020 when it was originally discovered. In a new report this week, researchers from security firm Check Point Software Technologies documented a…
DarkGate Operator Uses Skype, Teams Messages to Distribute Malware
A threat actor is using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a troublesome loader associated with multiple malicious activities, including information theft, keylogging, cryptocurrency miners, and ransomware such as Black Basta. Forty-one percent of the targets of the campaign — which appears to have begun in August — are organizations in the…
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
Threat actors are using messages sent from Dropbox to steal Microsoft user credentials in a fast-growing business email compromise (BEC) campaign. The effort evades natural language processing (NLP)-based security scans, and demonstrates the rapid evolution of these types of attacks. Researchers at Check Point Harmony observed more than 5,000 of the attacks — in which…
