In June 2024, cybersecurity researchers from Kaspersky identified a new macOS version of the HZ Rat backdoor, marking the first time this malware has been observed targeting macOS users. The backdoor was found attacking users of the enterprise messaging platform DingTalk and the popular social network WeChat. This development follows previous discoveries of the HZ Rat backdoor targeting Windows systems. First detected in late 2022 by DCSO researchers, the HZ Rat backdoor is known for receiving commands from attackers, initially via PowerShell scripts on Windows. The newly discovered macOS variant behaves similarly but receives payloads as shell scripts from a…
Author: ISB Staff Reporter
The number of successful cyber attacks on UK law firms has soared by 77% over the past year, rising from 538 incidents to 954, according to a recent study. The increase is attributed to the lucrative nature of law firms as targets for cybercriminals, particularly for ransomware attacks and blackmail attempts. Malefactors will often demand a blackmail payment from law firms or threaten to post that sensitive data on the internet. In some instances, bad actors also lock firms out of their data until a ransom is paid Lubbock Fine partner Mark Turner emphasized the appeal of law firms to…
Nearly 32 million documents, including invoices, contracts, and agreements, were exposed online by ServiceBridge, a global field service management provider. Cybersecurity researcher Jeremiah Fowler made the discovery, reporting the unprotected database to WebsitePlanet. The database contained 31.5 million records, including sensitive business and personal information from companies around the world. The exposed database, which was not password-protected, contained 31,524,107 files with a total size of 2.68 terabytes. The files, primarily in PDF and HTML formats, were organized by year and month, dating back to 2012. The documents included contracts, work orders, invoices, proposals, and other business-related records from a diverse…
Seattle-Tacoma International Airport (SEA-TAC) appears to have been targeted by a cyberattack, with critical systems experiencing widespread internet outages for the third consecutive day, according to officials from the Port of Seattle. The disruptions, which began early on Saturday, have affected several systems, including the Port of Seattle’s websites, email, and phone services. In a social media post on Saturday, the airport stated: “Earlier [Saturday] morning, the Port of Seattle experienced certain system outages indicating a possible cyberattack. By Sunday, airport officials confirmed their belief that a cyberattack is responsible for the ongoing disruption, prompting efforts to restore operations while…
Stroz Friedberg, a risk management firm under Aon, has identified a sophisticated malware strain targeting Linux systems. Dubbed “sedexp,” the malware exploits udev rules to maintain persistence and evade detection. According to researchers Zachary Reichert, Daniel Stein, and Joshua Pivirotto, “This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.” Discovery and Background The stealthy malware leverages a little-known Linux persistence technique involving udev rules. Despite being in operation for at least a couple of years, it has remained undetected, with multiple instances found in online sandboxes showing zero…
Prism Infosec, an independent cybersecurity consultancy,has introduced PULSE testing service. The service aims to help entities that may not have the resources to dedicate to a full-scale red team exercise and assess their defense capabilities against real-world threats. The company says PULSE fills the gap between penetration testing and red teaming, offering a fast and thorough testing approach to help organizations better understand their security posture. Penetration Tests are contained evaluations that assess security boundaries and controls of distinct systems that excel at the analysis of specific vulnerabilities contained to specific control planes of individual systems. In contrast, red teaming…
In Q2 2024, new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, BlackSuit and some additional lesser-known factions, led a series of attacks that eclipsed the first quarter of this year by 16% and the second quarter of 2023 by 8%. These new threat actors emerged following the takedown of LockBit and BlackCat by international law enforcement. This was revealed by Corvus Insurance’s Q2 2024 Cyber Threat Report, called Ransomware Season Arrives Early. The report features data collected from ransomware leak sites, the report identified 1,248 ransomware victims in Q2, the second most the company has recorded in a single…
The FIDO Alliance has announced its agenda today for Authenticate 2024, the only industry conference dedicated to all aspects of user authentication. The event will be held from 14 to 16 October 2024 at the Omni La Costa Resort and Spa in Carlsbad, Calif., with virtual participation options also available. Now in its fifth year, Authenticate has become a ‘must-attend’ cybersecurity event. This year’s edition features over 100 sessions and 125 speakers from around the world, providing the latest innovations, expertise, and critical conversations for the digital identity industry, with a focus on passwordless authentication with passkeys. Authenticate is ideal for CISOs, security…
Researchers from Quarkslab have uncovered critical vulnerabilities in the latest variant of MIFARE Classic compatible cards. Despite being touted as a secure alternative, the FM11RF08S card, developed by Shanghai Fudan Microelectronics, has been found to contain a hardware backdoor, among other weaknesses. The implications of these discoveries are far-reaching. The FM11RF08S card is not limited to the Chinese market; it has been found in numerous hotels and businesses across the US, Europe, and India. Many consumers may be unaware that the MIFARE Classic cards they are using are, in fact, Fudan FM11RF08 or FM11RF08S variants. This discovery raises serious concerns…
The Qilin ransomware group, already infamous for its devastating attacks, has now been caught stealing credentials stored in Google Chrome browsers. This new tactic could amplify the chaos typically associated with ransomware breaches, spreading the impact far beyond the initial victim. This was uncovered in a recent investigation by the Sophos X-Ops team, who called it “a concerning development in the cybercrime landscape.” A New Dimension to Ransomware Attacks The Qilin ransomware group has been active for over two years, gaining notoriety for its double-extortion tactics, which involve stealing data, encrypting systems, and threatening to release or sell the stolen…
