Iranian hackers, linked to groups like Cotton Sandstorm, are using a sophisticated malware called WezRat to target Israeli organizations. Distributed through phishing emails masquerading as urgent security updates, WezRat executes remote commands, keylogs, and steals sensitive data. The malware evolves through modular updates from its command-and-control server, making detection harder. Its deployment highlights the ongoing cyber espionage threats, focusing on politically motivated targets across various regions.
China-linked threat actors, identified as the Salt Typhoon group, have breached multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, in a large-scale cyber-espionage campaign. The attackers accessed private communications, including call records, of a limited number of U.S. government and political figures, potentially compromising sensitive data subject to law enforcement requests. The breach raises national security concerns, as the hackers gained access to systems used for lawful wiretapping and surveillance. The FBI and CISA are investigating the attack, with experts suspecting the threat actors may have gathered extensive intelligence and potentially compromised critical infrastructure, signaling a broader strategy of Chinese cyber espionage.
In The News – Nokia investigates breach after hacker claims to steal source code.
Brief Summary: Nokia investigated claims made by the advanced persistent threat (APT) group IntelBroker. The group asserted that it exploited vulnerabilities in the servers of one of the company’s third-party vendors around November 4, 2024. This breach purportedly enabled the APT group to steal intellectual property, proprietary data, and communication infrastructure successfully.
Following the APT group’s attempt to sell the stolen data—including SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials associated with Nokia—the company issued a statement refuting that the attack impacted its systems or data. Additionally, Nokia’s investigation confirmed that the breach was explicitly related to a single customized software application belonging to the third-party vendor.
Key Points of the Attack:
-Target: Nokia, a major telecommunications company.
-APT Actor: IntelBroker, allegedly linked to Chinese state-sponsored hacking groups.
-Attack Type: Cyber espionage, stealing data, and possible sabotage.
-Focus of Attack: Theft of intellectual property, proprietary information, and communications infrastructure.
Known IntelBroker Tactics:
-Reconnaissance and Network Mapping: After gaining access, IntelBroker maps the internal network. They identify valuable assets like source code, design documents, and communication logs and locate key personnel.
-Credential Dumping: The attackers gather login details with tools like Mimikatz to dig deeper into the network. They use these credentials to gain higher access and compromise more systems.
-Data Exfiltration: IntelBroker aims to steal proprietary information related to mobile technology, such as 5G components and software. To avoid detection, they send this data out through encrypted channels or disguise it in regular traffic. When targeting sensitive data, they might transmit it in small batches over time to reduce the chance of being caught.
-Use of Custom Malware: IntelBroker uses unique malware and tools to maintain control and extract data. This includes remote access Trojans (RATs) and keyloggers, used after initial access to ensure they remain undetected even if the initial entry point is discovered.
-Goals and Motives: Espionage, Disruption, and Strategic Advancement.
-Impact: Reputation and Trust, and Financial Losses.
North Korean Hackers Target macOS Using Flutter-Embedded Malware | Ravie Lakshmanan | Nov 12, 2024
Threat actors tied to North Korea (DPRK) have been found embedding malware in Flutter applications, marking the first known use of this tactic to target Apple macOS devices. Jamf Threat Labs uncovered the activity based on artifacts uploaded to VirusTotal, revealing that these Flutter-built applications are part of a broader operation involving malware written in Golang and Python. The exact method of distribution, potential targets, or the possibility of this being a new delivery test remains unclear. Historically, DPRK threat actors have extensively used social engineering techniques to target cryptocurrency and decentralized finance businesses.
Jamf has not attributed this activity to a specific North Korea-linked hacking group but noted that it could involve BlueNoroff, a Lazarus sub-group. This assessment stems from overlaps with infrastructure linked to other malware, such as KANDYKORN and the Hidden Risk campaign identified by SentinelOne. The malware uniquely employs Flutter, embedding its payload in Dart while masquerading as a Minesweeper game called “New Updates in Crypto Exchange (2024-08-28).” The game appears to clone a publicly available Flutter game on GitHub, consistent with game-themed lures used by other DPRK groups like Moonstone Sleet.
A notable aspect of these malicious apps is their use of Apple developer IDs, including “BALTIMORE JEWISH COUNCIL, INC.” and “FAIRBANKS CURLING CLUB INC.,” to bypass Apple’s notarization process. These IDs have since been revoked by Apple. Once activated, the malware sends network requests to a remote server, executes AppleScript code from the server, and obscures its payload by writing the code backward.
Jamf also identified variants of the malware written in Go and Python, packaged using Py2App. These apps—such as “NewEra for Stablecoins and DeFi,” “CeFi (Protected).app,” and “Runner.app”—possess similar capabilities to execute AppleScript payloads delivered via server responses. The discovery highlights North Korea’s active development of malware across multiple programming languages to target cryptocurrency companies. According to Jaron Bradley of Jamf, the attackers frequently update malware variants to evade detection, leveraging Flutter’s architecture for added obscurity.
They found a sprawling campaign that used some 70,000 hijacked domains in an ongoing phishing campaign targeting business credentials. “The attackers are using the compromised websites to host spoofed login pages designed to impersonate Microsoft 365 and Google Workspace, among other services,” the researchers said. “But they’ve also gotten creative with their methods: each target is assigned a unique URL. This reveals the developing problem the world of cybersecurity faces, and the central argument is that proactive organizational security is required. This is interesting, as it proves that cybercriminals are getting smarter and that organizations must constantly change their security configurations.
Fake AI video generators infect Windows, macOS with infostealers
Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices.
Lumma Stealer is a Windows malware and AMOS is for macOS, but both steal cryptocurrency wallets and cookies, credentials, passwords, credit cards, and browsing history from Google Chrome, Microsoft Edge, Mozilla Firefox, and other Chromium browsers.
This data is collected into an archive and sent back to the attacker, where they can use the information in further attacks or sell it on cybercrime marketplaces.
Over the past month, threat actors have created fake websites that impersonate an AI video and image editor called EditPro. Clicking the images brings you to fake websites for the EditProAI application, with editproai[.]pro created to push Windows malware and editproai[.]org to push macOS malware. The sites are professional-looking and even contain the ubiquitous cookie banner, making them look and feel legitimate.
Palo Alto Networks has issued a security patch for a critical vulnerability within its management web interfaces for firewalls. The vulnerability affects the PAN-OS management web interface, which is used to handle Palo Alto’s next-generation firewalls (NGFWs), because of an authentication bypass issue initially identified as PAN-SA-2024-0015. Software impacted involves PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2. This vulnerability has a common vulnerability severity score of 9.3, making the vulnerability critical. It is also available in PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, and PAN-OS 11.2.4-h1 and later releases.
Ransomware Groups Use Cloud Services For Data Exfiltration
According to SentinelOne cloud ransomware attacks have become a common approach for malicious attackers to compromise IT systems. There has been an increase in attackers targeting cloud-based services to directly compromise their victims or exfiltrate data. They target cloud-based storage services to compromise and extort victims while using cloud services to exfiltrate the data they intend to ransom. Amazon’s Simple Storage Service and Microsoft Azure Blob Storage have been prime targets, with S3 buckets being one of the most referenced targets of malicious activity. These attackers usually take advantage of S3 buckets where they have write-level access, which often results from misconfiguration. To mitigate cloud-focused ransomware attacks, there are two essential security measures that organizations can take. The first measure includes using a cloud security posture management (CSPM) solution to discover and assess cloud environments which will alert of issues such as misconfiguration and overly permissive storage buckets. The second measure is to enforce good identity management practices, such as multifactor authentication (MFA).
North Korean-Linked Hackers Were Caught Experimenting With New macOS Malware (2 minute read)
Researchers at Jamf discovered North Korean-linked hackers experimenting with a new type of malware targeting macOS applications. The malware was found embedded in apps built with an open-source development kit and was sophisticated enough to bypass Apple’s security mechanisms. However, there is uncertainty about whether this malware was part of an active campaign or caught before it could be deployed. The malware samples were connected to North Korea’s Lazarus Group, known for financially motivated cyberattacks, especially in the cryptocurrency sector. The malware was similar to a campaign targeting blockchain engineers and used previously identified tactics linked to North Korean operations.
Apple has released urgent security updates for macOS and iOS to address two critical vulnerabilities that are actively being exploited by hackers. These vulnerabilities, affecting Intel-based Macs, could potentially allow attackers to execute malicious code or launch cross-site scripting attacks. Apple has not provided specific details about the attacks or how to identify compromised systems. Users are strongly advised to install the latest updates as soon as possible. https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/
“Suspected pro-Ukraine cyberattack knocks out parking enforcement in Russian city”
Residents of the Russian city of Tver were able to park for free for nearly two days. Local authorities have labeled the incident as a “technical failure”. However, a Ukrainian hacker group known as the “Ukrainian Cyber Alliance” may be responsible. On October 29th, the group’s spokesperson put out a post on X stating, “We took down the Tver administration’s network. Dozens of virtual machines, backup storage, websites, email, hundreds of workstations – all wiped out. They have nothing left. The internet is down, phones aren’t working, even the parking system is dead”. Local city officials have still not confirmed whether a cyberattack has occurred. By October 31st, the parking payment system had been restored. This is not the first time a Ukrainian cyber group has targeted Russian services. In early October, hackers from the BO Team stated they had breached a system used by Russian courts. Following the attack, the websites of Russian general jurisdiction courts remained down for weeks. As the Russian-Ukrainian conflict continues, more large-scale cyber attacks are to be expected from both sides as a new means of warfare in this modern war.
Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign
U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information.
The adversaries, tracked as Salt Typhoon, breached the company as part of a “monthslong campaign” designed to harvest cellphone communications of “high-value intelligence targets.” It’s not clear what information was taken, if any, during the malicious activity.
PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” it said.
Akamai’s 2024 API Security Impact Study found that 83% of UK organizations faced API security incidents in the past year, with each incident costing over $532,000 on average. Sectors like public services (94%), financial services (92%), and healthcare (90%) were most impacted, while retail/e-commerce had fewer incidents at 68%. Despite this, only 21% of the retail sector prioritize API security. The study highlights issues like poor real-time testing, lack of visibility into sensitive data, and risks such as misconfigurations and weak authentication.
A Facebook malvertising campaign, uncovered by Bitdefender, spread malware disguised as a Bitwarden password manager update. The ads, appearing as legitimate security updates, trick users into installing a malicious Chrome extension by redirecting them through phishing pages. Once installed, the extension gathers sensitive data, including Facebook cookies and personal information, by exploiting permissions such as access to websites and storage. The attack primarily targets Facebook business accounts, with the campaign impacting thousands of users, mainly in Europe. Users are advised to avoid suspicious ads and verify updates through official channels.
Apple has released critical security patches for its operating systems and browser, including iOS, iPadOS, macOS, visionOS, and Safari. The new updates patch two zero-day vulnerabilities that are being actively exploited in the wild. The weaknesses, which have been identified as CVE-2024-44308 and CVE-2024-44309, revolve around JavaScriptCore and how WebKit handles cookies. If successfully exploited, the bugs would allow attackers to execute arbitrary code or launch cross-site scripting attacks, eventually gaining unauthorized access to users’ data and system security.
These vulnerabilities were the findings of Google’s Threat Analysis Group, which said that attackers are already using the said flaws in targeted campaigns. Additionally, Intel-based Mac systems have been identified as a serious target for the exploitation, something that raises eyebrows among users relying on these gadgets. The vulnerabilities pose major risks, such as successfully bypassing key security mechanisms, accessing sensitive data, or disrupting system functionality.
In fact, it was this critical nature of the issue that pushed Apple to act so swiftly in releasing these updates. The company strongly recommends that users update their devices immediately to avoid any exploitation. These updates intend to patch these vulnerabilities and further harden these systems against such attacks. Users are also advised to make sure their devices are running the very latest versions of their operating systems and browsers. https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html
Sara Sawant says
Iranian hackers, linked to groups like Cotton Sandstorm, are using a sophisticated malware called WezRat to target Israeli organizations. Distributed through phishing emails masquerading as urgent security updates, WezRat executes remote commands, keylogs, and steals sensitive data. The malware evolves through modular updates from its command-and-control server, making detection harder. Its deployment highlights the ongoing cyber espionage threats, focusing on politically motivated targets across various regions.
https://thehackernews.com/2024/11/iranian-hackers-deploy-wezrat-malware.html
Yash Mane says
China-linked threat actors, identified as the Salt Typhoon group, have breached multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, in a large-scale cyber-espionage campaign. The attackers accessed private communications, including call records, of a limited number of U.S. government and political figures, potentially compromising sensitive data subject to law enforcement requests. The breach raises national security concerns, as the hackers gained access to systems used for lawful wiretapping and surveillance. The FBI and CISA are investigating the attack, with experts suspecting the threat actors may have gathered extensive intelligence and potentially compromised critical infrastructure, signaling a broader strategy of Chinese cyber espionage.
https://securityaffairs.com/170981/intelligence/china-linked-threat-actors-spied-on-u-s-gov-officials.html
Jocque Sims says
In The News – Nokia investigates breach after hacker claims to steal source code.
Brief Summary: Nokia investigated claims made by the advanced persistent threat (APT) group IntelBroker. The group asserted that it exploited vulnerabilities in the servers of one of the company’s third-party vendors around November 4, 2024. This breach purportedly enabled the APT group to steal intellectual property, proprietary data, and communication infrastructure successfully.
Following the APT group’s attempt to sell the stolen data—including SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials associated with Nokia—the company issued a statement refuting that the attack impacted its systems or data. Additionally, Nokia’s investigation confirmed that the breach was explicitly related to a single customized software application belonging to the third-party vendor.
Key Points of the Attack:
-Target: Nokia, a major telecommunications company.
-APT Actor: IntelBroker, allegedly linked to Chinese state-sponsored hacking groups.
-Attack Type: Cyber espionage, stealing data, and possible sabotage.
-Focus of Attack: Theft of intellectual property, proprietary information, and communications infrastructure.
Known IntelBroker Tactics:
-Reconnaissance and Network Mapping: After gaining access, IntelBroker maps the internal network. They identify valuable assets like source code, design documents, and communication logs and locate key personnel.
-Credential Dumping: The attackers gather login details with tools like Mimikatz to dig deeper into the network. They use these credentials to gain higher access and compromise more systems.
-Data Exfiltration: IntelBroker aims to steal proprietary information related to mobile technology, such as 5G components and software. To avoid detection, they send this data out through encrypted channels or disguise it in regular traffic. When targeting sensitive data, they might transmit it in small batches over time to reduce the chance of being caught.
-Use of Custom Malware: IntelBroker uses unique malware and tools to maintain control and extract data. This includes remote access Trojans (RATs) and keyloggers, used after initial access to ensure they remain undetected even if the initial entry point is discovered.
-Goals and Motives: Espionage, Disruption, and Strategic Advancement.
-Impact: Reputation and Trust, and Financial Losses.
Works Cited
Abrams, L. (2024, November 4). Nokia investigates breach after hacker claims to steal
source code. Retrieved from Bleeping Computer: https://www.bleepingcomputer.com/news/security/nokia-investigates-breach-after-hacker-claims-to-steal-source-code/
tut34684 says
North Korean Hackers Target macOS Using Flutter-Embedded Malware | Ravie Lakshmanan | Nov 12, 2024
Threat actors tied to North Korea (DPRK) have been found embedding malware in Flutter applications, marking the first known use of this tactic to target Apple macOS devices. Jamf Threat Labs uncovered the activity based on artifacts uploaded to VirusTotal, revealing that these Flutter-built applications are part of a broader operation involving malware written in Golang and Python. The exact method of distribution, potential targets, or the possibility of this being a new delivery test remains unclear. Historically, DPRK threat actors have extensively used social engineering techniques to target cryptocurrency and decentralized finance businesses.
Jamf has not attributed this activity to a specific North Korea-linked hacking group but noted that it could involve BlueNoroff, a Lazarus sub-group. This assessment stems from overlaps with infrastructure linked to other malware, such as KANDYKORN and the Hidden Risk campaign identified by SentinelOne. The malware uniquely employs Flutter, embedding its payload in Dart while masquerading as a Minesweeper game called “New Updates in Crypto Exchange (2024-08-28).” The game appears to clone a publicly available Flutter game on GitHub, consistent with game-themed lures used by other DPRK groups like Moonstone Sleet.
A notable aspect of these malicious apps is their use of Apple developer IDs, including “BALTIMORE JEWISH COUNCIL, INC.” and “FAIRBANKS CURLING CLUB INC.,” to bypass Apple’s notarization process. These IDs have since been revoked by Apple. Once activated, the malware sends network requests to a remote server, executes AppleScript code from the server, and obscures its payload by writing the code backward.
Jamf also identified variants of the malware written in Go and Python, packaged using Py2App. These apps—such as “NewEra for Stablecoins and DeFi,” “CeFi (Protected).app,” and “Runner.app”—possess similar capabilities to execute AppleScript payloads delivered via server responses. The discovery highlights North Korea’s active development of malware across multiple programming languages to target cryptocurrency companies. According to Jaron Bradley of Jamf, the attackers frequently update malware variants to evade detection, leveraging Flutter’s architecture for added obscurity.
https://thehackernews.com/2024/11/north-korean-hackers-target-macos-using.html
Steven Lin says
Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme
They found a sprawling campaign that used some 70,000 hijacked domains in an ongoing phishing campaign targeting business credentials. “The attackers are using the compromised websites to host spoofed login pages designed to impersonate Microsoft 365 and Google Workspace, among other services,” the researchers said. “But they’ve also gotten creative with their methods: each target is assigned a unique URL. This reveals the developing problem the world of cybersecurity faces, and the central argument is that proactive organizational security is required. This is interesting, as it proves that cybercriminals are getting smarter and that organizations must constantly change their security configurations.
https://thehackernews.com/2024/11/experts-uncover-70000-hijacked-domains.html
Justin Chen says
Fake AI video generators infect Windows, macOS with infostealers
Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices.
Lumma Stealer is a Windows malware and AMOS is for macOS, but both steal cryptocurrency wallets and cookies, credentials, passwords, credit cards, and browsing history from Google Chrome, Microsoft Edge, Mozilla Firefox, and other Chromium browsers.
This data is collected into an archive and sent back to the attacker, where they can use the information in further attacks or sell it on cybercrime marketplaces.
Over the past month, threat actors have created fake websites that impersonate an AI video and image editor called EditPro. Clicking the images brings you to fake websites for the EditProAI application, with editproai[.]pro created to push Windows malware and editproai[.]org to push macOS malware. The sites are professional-looking and even contain the ubiquitous cookie banner, making them look and feel legitimate.
https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-infect-windows-macos-with-infostealers/
Daniel Akoto-Bamfo says
Palo Alto Networks Patches Critical Firewall Vulnerability
Palo Alto Networks has issued a security patch for a critical vulnerability within its management web interfaces for firewalls. The vulnerability affects the PAN-OS management web interface, which is used to handle Palo Alto’s next-generation firewalls (NGFWs), because of an authentication bypass issue initially identified as PAN-SA-2024-0015. Software impacted involves PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2. This vulnerability has a common vulnerability severity score of 9.3, making the vulnerability critical. It is also available in PAN-OS 10.2.12-h2, PAN-OS 11.0.6-h1, PAN-OS 11.1.5-h1, and PAN-OS 11.2.4-h1 and later releases.
https://www.infosecurity-magazine.com/news/palo-alto-patches-critical/
Lily Li says
Ransomware Groups Use Cloud Services For Data Exfiltration
According to SentinelOne cloud ransomware attacks have become a common approach for malicious attackers to compromise IT systems. There has been an increase in attackers targeting cloud-based services to directly compromise their victims or exfiltrate data. They target cloud-based storage services to compromise and extort victims while using cloud services to exfiltrate the data they intend to ransom. Amazon’s Simple Storage Service and Microsoft Azure Blob Storage have been prime targets, with S3 buckets being one of the most referenced targets of malicious activity. These attackers usually take advantage of S3 buckets where they have write-level access, which often results from misconfiguration. To mitigate cloud-focused ransomware attacks, there are two essential security measures that organizations can take. The first measure includes using a cloud security posture management (CSPM) solution to discover and assess cloud environments which will alert of issues such as misconfiguration and overly permissive storage buckets. The second measure is to enforce good identity management practices, such as multifactor authentication (MFA).
https://www.infosecurity-magazine.com/news/ransomware-groups-cloud-services/
Aaroush Bhanot says
North Korean-Linked Hackers Were Caught Experimenting With New macOS Malware (2 minute read)
Researchers at Jamf discovered North Korean-linked hackers experimenting with a new type of malware targeting macOS applications. The malware was found embedded in apps built with an open-source development kit and was sophisticated enough to bypass Apple’s security mechanisms. However, there is uncertainty about whether this malware was part of an active campaign or caught before it could be deployed. The malware samples were connected to North Korea’s Lazarus Group, known for financially motivated cyberattacks, especially in the cryptocurrency sector. The malware was similar to a campaign targeting blockchain engineers and used previously identified tactics linked to North Korean operations.
https://cyberscoop.com/north-korea-macos-malware-flutter-jamf/?utm_source=tldrinfosec
Rohith says
Apple has released urgent security updates for macOS and iOS to address two critical vulnerabilities that are actively being exploited by hackers. These vulnerabilities, affecting Intel-based Macs, could potentially allow attackers to execute malicious code or launch cross-site scripting attacks. Apple has not provided specific details about the attacks or how to identify compromised systems. Users are strongly advised to install the latest updates as soon as possible.
https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/
Charles Lemon says
“Suspected pro-Ukraine cyberattack knocks out parking enforcement in Russian city”
Residents of the Russian city of Tver were able to park for free for nearly two days. Local authorities have labeled the incident as a “technical failure”. However, a Ukrainian hacker group known as the “Ukrainian Cyber Alliance” may be responsible. On October 29th, the group’s spokesperson put out a post on X stating, “We took down the Tver administration’s network. Dozens of virtual machines, backup storage, websites, email, hundreds of workstations – all wiped out. They have nothing left. The internet is down, phones aren’t working, even the parking system is dead”. Local city officials have still not confirmed whether a cyberattack has occurred. By October 31st, the parking payment system had been restored. This is not the first time a Ukrainian cyber group has targeted Russian services. In early October, hackers from the BO Team stated they had breached a system used by Russian courts. Following the attack, the websites of Russian general jurisdiction courts remained down for weeks. As the Russian-Ukrainian conflict continues, more large-scale cyber attacks are to be expected from both sides as a new means of warfare in this modern war.
https://social.cyware.com/category/breaches-and-incidents-news
Parth Tyagi says
Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign
U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information.
The adversaries, tracked as Salt Typhoon, breached the company as part of a “monthslong campaign” designed to harvest cellphone communications of “high-value intelligence targets.” It’s not clear what information was taken, if any, during the malicious activity.
PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” it said.
Read in detail at https://thehackernews.com/2024/11/chinese-hackers-exploit-t-mobile-and.html
Elias Johnston says
Akamai’s 2024 API Security Impact Study found that 83% of UK organizations faced API security incidents in the past year, with each incident costing over $532,000 on average. Sectors like public services (94%), financial services (92%), and healthcare (90%) were most impacted, while retail/e-commerce had fewer incidents at 68%. Despite this, only 21% of the retail sector prioritize API security. The study highlights issues like poor real-time testing, lack of visibility into sensitive data, and risks such as misconfigurations and weak authentication.
https://www.infosecurity-magazine.com/news/api-security-83-firms-suffer/
Lili Zhang says
A Facebook malvertising campaign, uncovered by Bitdefender, spread malware disguised as a Bitwarden password manager update. The ads, appearing as legitimate security updates, trick users into installing a malicious Chrome extension by redirecting them through phishing pages. Once installed, the extension gathers sensitive data, including Facebook cookies and personal information, by exploiting permissions such as access to websites and storage. The attack primarily targets Facebook business accounts, with the campaign impacting thousands of users, mainly in Europe. Users are advised to avoid suspicious ads and verify updates through official channels.
https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/
Haozhe Zhang says
Apple has released critical security patches for its operating systems and browser, including iOS, iPadOS, macOS, visionOS, and Safari. The new updates patch two zero-day vulnerabilities that are being actively exploited in the wild. The weaknesses, which have been identified as CVE-2024-44308 and CVE-2024-44309, revolve around JavaScriptCore and how WebKit handles cookies. If successfully exploited, the bugs would allow attackers to execute arbitrary code or launch cross-site scripting attacks, eventually gaining unauthorized access to users’ data and system security.
These vulnerabilities were the findings of Google’s Threat Analysis Group, which said that attackers are already using the said flaws in targeted campaigns. Additionally, Intel-based Mac systems have been identified as a serious target for the exploitation, something that raises eyebrows among users relying on these gadgets. The vulnerabilities pose major risks, such as successfully bypassing key security mechanisms, accessing sensitive data, or disrupting system functionality.
In fact, it was this critical nature of the issue that pushed Apple to act so swiftly in releasing these updates. The company strongly recommends that users update their devices immediately to avoid any exploitation. These updates intend to patch these vulnerabilities and further harden these systems against such attacks. Users are also advised to make sure their devices are running the very latest versions of their operating systems and browsers.
https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html