Taiwan: Defense ministry confirms basic data leak

The Ministry of National Defense today confirmed a data leak of basic personal information about certain high-ranking officials in response to a report from Chinese-language media, but said it did not include any information about personal asset holdings. The China Read More …

Code Injection in Spring Cloud: CVE-2024-37084

The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. CVE-2024-37084 is a critical vulnerability affecting Spring Cloud Data Flow versions 2.11.0 through 2.11.3. A malicious user Read More …

Finland’s NBI probes wave of bank cyber attacks

Finland’s National Bureau of Investigation has opened a preliminary probe on a series of cyber attacks on the country’s financial sector. Finnish banks have been targeted in cyber attacks in recent months. In particular, Nordea Bank has been hit by Read More …

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

Last December, Kaspersky researchers discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. Kaspersky researchers have seen overlaps not only in indicators Read More …

Greek police data leak exposes details of elite crime-fighting unit members

A Greek police officers association says it is planning legal action after names and details of hundreds of officers from a new elite crime-fighting agency were published on the internet. The Directorate for Combating Organised Crime, DAOE, was launched Thursday Read More …

New macOS vulnerability, “HM Surf”, could lead to unauthorized data access

Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability, which we refer to as Read More …

Europol: Charges unveiled in ongoing effort to de-anonymise DDoS group Anonymous Sudan

US authorities have unveiled this week charges against two Sudanese nationals involved in a significant Distributed-Denial-of-Service (DDoS) cybercrime network, following an international investigation that spanned multiple countries. The investigation exposed the activities of Anonymous Sudan, a prolific cybercrime group conducting Read More …

Cyber Security Association of China calls for cybersecurity review of Intel products sold in China

The Cyber Security Association of China on Wednesday called for the launch of a systematic review of potential cybersecurity risks in Intel products due to frequent vulnerabilities and high failure rates, in order to effectively safeguard China’s national security and Read More …

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat Read More …