Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on Wednesday. While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cybersecurity firm Proofpoint…
Hot on the heels of the U.S. bombing of Iranian nuclear facilities, a joint cybersecurity advisory has warned critical infrastructure organizations of cyber threats stemming from Iranian-backed malicious actors. “Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events,” it stated….
Microsoft, CrowdStrike, Palo Alto (PANW.O), opens new tab and Alphabet’s (GOOGL.O), opens new tab Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them. Microsoft (MSFT.O), opens new tab and CrowdStrike (CRWD.O), opens new tab said they hoped to potentially bring other industry…
Kaspersky’s Global Research and Analysis Team (GReAT) has identified a new cyber campaign led by the Lazarus Group targeting supply chains in South Korea through combined watering hole attacks and exploitation of vulnerabilities in third-party software. The campaign, dubbed “Operation SyncHole,” was observed targeting at least six organisations across the software, IT, financial, semiconductor, and…
A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. Although Crocodilus is a new banking malware, it features fully developed capabilities to take control of the device, harvest data, and remote control. Researchers at fraud prevention company…
A sophisticated cyberattack campaign is targeting organizations that still rely on Active Directory Federation Services (ADFS) for authentication across applications and services. The phishing campaign is exploiting Microsoft Active Directory Federation Services (ADFS) to bypass multifactor authentication (MFA) and take over user accounts, allowing threat actors to commit further malicious activities across networks that depend…
Hackers target Chrome browser extensions 16 extensions being compromised Exposed over 600,000 users to data exposure and credential theft The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign Hackers used their access permissions to insert malicious code into legitimate extensions in order to steal cookies and user access…
Junior Barros De Oliveira, a 29-year-old resident of Curitiba, Brazil, has been indicted in the United States for orchestrating an extortion scheme involving data stolen from the computer systems of a Brazilian subsidiary of a New Jersey-based company. U.S. Attorney Philip R. Sellinger announced the charges after the indictment was unsealed in Newark federal court. Allegations of…
The penalty adds to a series of GDPR fines against Meta, bringing the total to $3 billion. Meta has been fined $263.5 million (€251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally. The breach exploited a vulnerability in Facebook’s “view…
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit…
