11 Aug 2021

Hackers take $600m in ‘biggest’ cryptocurrency theft

A hacker has allegedly leveraged a vulnerability to steal $600 million from a blockchain finance platform in an attack that is being called the largest cryptocurrency theft to date. On Tuesday, the victim, Poly Network, announced the attack. The platform targeted was DeFi, a decentralized finance platform that works across

Read More
10 Aug 2021

Chinese Espionage Group UNC215 Targeted Israeli Government Networks

Reports have emerged that the Chinese espionage group tracked as UNC215 leveraged remote desktop protocols to access an Israeli government network. This was made possible by leveraging stolen credentials from trusted third parties. New research from Mandiant revealed that data gathered from telemetry efforts and the information shared by Israeli

Read More
10 Aug 2021

Auth Bypass Bug Exploited, Affecting Millions of Routers

Just a few days after being disclosed, cyberattackers have sought to attack home routers from 20 different vendors and ISPs. The cybercriminals are attempting to drop the Mirai variant botnet that is frequently used for conducting DDoS attacks. The flaw, an authentication bypass vulnerability, was found to be affecting multiple

Read More
09 Aug 2021

Angry Affiliate Leaks Conti Ransomware Gang Playbook

An affiliate of the Conti Ransomware gang has allegedly leaked several pieces of sensitive information regarding the threat actor, such as IP addresses for Cobalt Strike C2 servers, training materials, and numerous tools. Together, the information reveals how the group conducts its malicious attacks. The individual released the information after

Read More
09 Aug 2021

Critical Cisco Bug in VPN Routers Allows Remote Takeover

Security researchers warned that a vulnerability that lies in a subset of Cisco Systems’ VPN routers typically used by small businesses could allow for remote and unauthenticated attackers to take control of a device. According to researchers, there are at least 8,800 systems that are vulnerable due to the security

Read More
06 Aug 2021

Researchers Find Significant Vulnerabilities in macOS Privacy Protections

Researchers have uncovered significant vulnerabilities in macOS privacy protection. According to researchers Csaba Fitzl and Wojciech Regula with Offensive Security and SecuRing respectively, applications that are allowed to run on Apple’s operating system can exceed the permissions granted to them by the user. This allows for potential privacy attacks, such

Read More
06 Aug 2021

Iran-Linked Hackers Expand Arsenal With New Android Backdoor

Charming Kitten, an Iran-backed advanced persistent threat group, has allegedly added a new Android backdoor to its repository. The group has also successfully compromised individuals associated with the Iran reformist movement as of late, according to security researchers at IBM. The group has been active since 2011 and frequently targets

Read More
06 Aug 2021

Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers at Black Hat Say

Researchers at the cybersecurity conference Black Hat have demonstrated how it is possible to circumvent Microsoft’s Windows Hello biometric authentication through utilizing a spoofed camera. Researchers found that Windows Hello is faulty and can easily be overcome with a single infrared image of a user’s face on a tampered copy

Read More
06 Aug 2021

MacOS Flaw in Telegram Retrieves Deleted Messages

According to new reports, Telegram failed to fix a flaw that allows for the retrieval of deleted messages. Instead, a Trustwave researcher declined a bug bounty reward and disclosed his findings instead. The vulnerability lies in a high-level privacy feature of Telegram on macOS that effectively deletes messages on both

Read More
04 Aug 2021

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

A new campaign using catfishing techniques with fake aerobics-instructor profiles has been discovered in a supply-chain attack attempt originating from an Iranian APT, TA456. The threat actors created convincing profiles of objectively attractive women to charm victims into downloading malware. According to a new report from Proofpoint, the campaign allegedly

Read More