China-linked hackers target Taiwan’s chip industry with increasing attacks, researchers say

Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on Wednesday. While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cybersecurity firm Proofpoint…

Read More

CISA, Security and Intel Agencies Warn of Pro-Iranian Cyber Threats Targeting Critical Infrastructure

Hot on the heels of the U.S. bombing of Iranian nuclear facilities, a joint cybersecurity advisory has warned critical infrastructure organizations of cyber threats stemming from Iranian-backed malicious actors. “Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events,” it stated….

Read More

Forest Blizzard’ vs ‘Fancy Bear’ – cyber companies hope to untangle weird hacker nicknames

Microsoft, CrowdStrike, Palo Alto (PANW.O), opens new tab and Alphabet’s (GOOGL.O), opens new tab Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them. Microsoft (MSFT.O), opens new tab and CrowdStrike (CRWD.O), opens new tab said they hoped to potentially bring other industry…

Read More

Lazarus Group targets South Korean supply chains via software flaws

Kaspersky’s Global Research and Analysis Team (GReAT) has identified a new cyber campaign led by the Lazarus Group targeting supply chains in South Korea through combined watering hole attacks and exploitation of vulnerabilities in third-party software. The campaign, dubbed “Operation SyncHole,” was observed targeting at least six organisations across the software, IT, financial, semiconductor, and…

Read More

New Crocodilus Malware steals Android users’ crypto wallet keys

A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. Although Crocodilus is a new banking malware, it features fully developed capabilities to take control of the device, harvest data, and remote control. Researchers at fraud prevention company…

Read More

Cyberattackers now targeting the Education Sector, Hijack Microsoft Accounts

A sophisticated cyberattack campaign is targeting organizations that still rely on Active Directory Federation Services (ADFS) for authentication across applications and services. The  phishing campaign is exploiting Microsoft Active Directory Federation Services (ADFS) to bypass multifactor authentication (MFA) and take over user accounts, allowing threat actors to commit further malicious activities across networks that depend…

Read More

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Hackers target Chrome browser extensions 16 extensions being compromised Exposed over 600,000 users to data exposure and credential theft The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign Hackers used their access permissions to insert malicious code into legitimate extensions in order to steal cookies and user access…

Read More

Brazilian Hacker Charged for Selling Data Stolen From Hacked Computers

Junior Barros De Oliveira, a 29-year-old resident of Curitiba, Brazil, has been indicted in the United States for orchestrating an extortion scheme involving data stolen from the computer systems of a Brazilian subsidiary of a New Jersey-based company. U.S. Attorney Philip R. Sellinger announced the charges after the indictment was unsealed in Newark federal court. Allegations of…

Read More

Meta hit with $263 million fine in Europe over 2018 Data breach

The penalty adds to a series of GDPR fines against Meta, bringing the total to $3 billion. Meta has been fined $263.5 million (€251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally. The breach exploited a vulnerability in Facebook’s “view…

Read More

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit…

Read More