Author: Kirsten Doyle

In a surprising discovery, Aqua Nautilus researchers have identified an emerging attack vector that leverages misconfigured servers to hijack resources for streaming sports events. Using honeypots designed to mimic real-world development environments, researchers uncovered how attackers exploited JupyterLab and Jupyter Notebook applications to conduct illegal live streaming operations, exposing a new facet of cybercrime. A Novel Attack Strategy The investigation uncovered how attackers have exploited publicly exposed Jupyter servers, using weak or absent authentication to gain remote code execution capabilities. Once inside, they deployed the open-source tool ffmpeg to capture live sports broadcasts, redirecting the streams to their illegal platforms…

A cybersecurity breach has exposed sensitive information from over 1.1 million records associated with Conduitor Limited’s Forces Penpals, a dating and social networking service for members of the US and UK armed forces and their supporters. The exposed database, discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor, was left unprotected without encryption or password protection. Sensitive Military Records Left Exposed The database contained 1,187,296 documents, including user images and highly sensitive proof-of-service documents. These files revealed personally identifiable information (PII) such as full names, mailing addresses, Social Security Numbers (US), National Insurance Numbers (UK), military ranks, service branches,…

A recently disclosed flaw in Microsoft Active Directory Certificate Services (ADCS), identified as CVE-2024-49019, could allow attackers to escalate privileges and gain control of a domain. The vulnerability, rated with a CVSS score of 7.8, is classified as an elevation-of-privilege (EoP) issue. If exploited, attackers could potentially obtain domain administrator privileges, compromising the security of the entire network. Microsoft’s advisory shares several ways entities can mitigate the risks, including removing excessive enrollment rights for users or groups, eliminating unused certificate templates, and securing templates that allow users to specify a subject in the request. While no active attacks have been…

T-Mobile has confirmed its involvement in the recent wave of telecom network breaches, which have been attributed to a China-linked cyber threat group, Salt Typhoon. The malicious actor previously breached major telecom providers, including AT&T, Verizon, and Lumen Technologies, as part of a larger operation that targeted US telecom infrastructure. This included accessing sensitive systems such as the US court wiretap system and gathering phone data from top US officials, including President-elect Donald Trump, Vice President-elect JD Vance, key congressional figures, and Vice President Kamala Harris’s campaign. T-Mobile, in a statement to The Wall Street Journal, confirmed its systems were…

Google has launched a regular fraud and scams advisory to combat the growing volume and sophistication of online scams. Multinational crime entities are increasingly using advanced technology and complex schemes to target victims worldwide. To protect users and the broader digital ecosystem, Google’s Trust & Safety (T&S) teams are tracking emerging trends, developing new protective measures, and sharing vital information with the public. The first advisory outlines five major trends shaping today’s online scam landscape: Public Figure Impersonation Campaigns The accessibility of deepfake technology has fueled a surge in public figure impersonation scams, where criminals use AI to mimic well-known…

In a new and sophisticated cyber campaign dubbed the “Iranian Dream Job Campaign,” the Iranian threat group TA455 is using deceptive job offers to infiltrate the aerospace industry, ClearSky Cyber Security reported. The campaign relies on distributing SnailResin malware, which activates the SlugResin backdoor, a malware set ClearSky links to the well-known Iranian cyber actor subgroup Charming Kitten. The deceptive nature of the operation has led some cyber research companies to mistakenly attribute the malware files to North Korea’s Kimsuky/Lazarus Advanced Persistent Threat (APT) group. The overlapping “Dream Job” recruitment tactics, attack methods, and malware signatures suggest that Charming Kitten…

Volt Typhoon, a stealthy and resilient state-sponsored cyber-espionage group has re-emerged as a severe and silent threat to critical infrastructure worldwide, demonstrating increased sophistication and determination. In January this year, the US Department of Justice said it disrupted the People’s Republic of China-backed hacking group that attempted to target America’s critical infrastructure. The group infected “hundreds” of outdated Cisco and Netgear routers with malware so that they could be used to attack US critical infrastructure facilities. SecurityScorecard’s STRIKE Team has identified the group’s resurgence, exploiting unprotected and outdated edge devices across essential sectors and escalating the global threat landscape significantly.…

A newly discovered tool named “GoIssue,” marketed on a prominent cybercrime forum, is bringing fresh concerns to the cybersecurity community with its ability to mine email addresses from GitHub profiles and send bulk phishing emails to targeted inboxes. Discovered by SlashNext researchers, this tool, believed to be connected to the notorious GitLoker extortion campaign, highlights an alarming trend in phishing tactics that now threatens not only individual developers but entire organizations. Security researcher Daniel Kelley warns that GoIssue’s capabilities could lead to far more than standard phishing incidents. Its potential extends to source code theft, supply chain vulnerabilities, and corporate…

Check Point Research has uncovered a sophisticated phishing campaign that uses a newly updated version of the Rhadamanthys Stealer, a notorious malware that steals sensitive data from infected systems. The campaign, identified as “Rhadamanthys.07,” deceives victims through emails that appear to come from well-known companies, alleging copyright infringement on social media. New Phishing Tactics and AI-Enhanced Techniques In this campaign, attackers pose as legal representatives from respected brands, sending emails through fake Gmail accounts that accuse recipients of brand misuse on social platforms. These emails, personalized to each target, urge the recipient to download a file to remove the offending…

A new investigation by the consumer advocacy group Which? reveals a worrying trend: everyday smart devices, from air fryers to televisions, are collecting excessive amounts of user data, often with no clear explanation or transparency on how it will be used. The study found that some of these gadgets, including popular air fryer and smartwatch models, are asking for permissions that go beyond what is necessary for their primary functions—raising significant privacy concerns. Excessive Permissions and Data Sharing Among the more surprising revelations, Which? researchers found that certain air fryer models, including those from Xiaomi and Aigostar, request access to…