- Hacking group POLONIUM uses ‘Creepy’ malware against Israel
October 11, 2022
Security researchers reveal previously unknown malware used by the cyber espionage hacking group ‘POLONIUM,’ threat actors who appear to target Israeli organizations exclusively. According to ESET, POLONIUM uses a broad range of custom malware against engineering, IT, law, communications, marketing, and insurance firms in Israel. The group’s campaigns are still active at the time of writing. Microsoft’s ...
- Two Former eBay Employees Sentenced for Aggressive Cyberstalking Campaign
October 11, 2022
BOSTON – Two former employees of eBay, Inc. were sentenced today for their roles in a cyberstalking campaign targeting the editor and publisher of a newsletter that eBay executives viewed as critical of the company. Stephanie Popp, 34, of Louisville, Ky., eBay’s former Senior Manager of Global Intelligence, was sentenced to one year and one ...
- Hackers took down U.S. airport web sites, Department of Homeland Security confirms
October 10, 2022
Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY. The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series ...
- Intel Alder Lake BIOS code leak may contain vital secrets
October 10, 2022
Source code for the BIOS used with Intel’s 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers (MSRs) and even the private signing key for Intel’s Boot Guard security technology. The source code was apparently shared via 4chan and GitHub, in a file containing tools and code for generating and optimizing ...
- Criminal multitool LilithBot arrives on malware-as-a-service scene
October 10, 2022
A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency. That’s according to researchers at Zscaler’s ThreatLabz threat intelligence unit. It said the Eternity group – also known as ...
- Iranian state-run live TV hacked by protesters
October 9, 2022
Iran’s state-run broadcaster was apparently hacked on air Saturday, with a news bulletin interrupted by a protest against the country’s leader. A mask appeared on the screen, followed by an image of Supreme Leader Ali Khamenei with flames around him. The group called itself “Adalat Ali”, or Ali’s Justice. Read more… Source: BBC News
- Pro-Iranian hackers attack Israeli gas company website
October 9, 2022
Iraqi hacker group “al-Tahara” attacked the websites for two natural gas companies. The first, Energean, is an international company which has done extensive business with Israel, having acquired the Karish and Tanin natural gas fields from Delek Drilling and Avner Oil in 2016. The second, Israel Natural Gas Lines, is a corporation owned by the Israeli ...
- ADATA denies RansomHouse cyberattack, says leaked data from 2021 breach
October 8, 2022
Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the threat actors began posting stolen files on their data leak site. The RansomHouse gang added ADATA files to their data leak site on Tuesday, claiming they stole 1TB worth of documents in a 2022 cyberattack.The threat actors also leaked samples of allegedly stolen files, ...
- Lloyd’s of London reboots after dodgy network activity detected
October 7, 2022
Lloyd’s of London has reset its IT systems and is probing a possible cyberattack against it after detecting worrisome network behavior this week. “Lloyd’s has detected unusual activity on its network and we are investigating the issue,” a spokesperson told The Register on Thursday. “As a precautionary measure, we are resetting the Lloyd’s network and systems. ...
- TOP 10 unattributed APT mysteries
October 7, 2022
Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90% of cases it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead ...
- Initial access broker repurposing techniques in targeted attacks against Ukraine
October 7, 2022
As the war in Ukraine continues, TAG is tracking an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers. This post provides details on five different campaigns conducted from April to August 2022 by a threat actor whose activities overlap with a group CERT-UA tracks as ...