March 28, 2024

Web and Technology News

US, Norway say hackers have been exploiting Ivanti zero-day since April

Hackers exploited a zero-day flaw in Ivanti’s mobile endpoint management software undetected for at least three months, U.S. and Norwegian cybersecurity agencies have warned. It was confirmed last week that hackers had compromised multiple Norwegian government agencies by exploiting a previously undiscovered vulnerability in Ivanti Endpoint Manager Mobile (EPMM; formerly MobileIron Core), software that is […]

US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’

U.S. and Australian government cybersecurity agencies are warning that common and easily exploitable security vulnerabilities in websites and web apps can be abused to carry out large-scale data breaches. In a joint advisory published Thursday, U.S. cybersecurity agency CISA, the National Security Agency and the Australian Cyber Security Centre said that the vulnerabilities, known as […]

Scammers publish ads for hacking services on government websites

Scammers have published various advertisements for hacking services on the official websites of multiple U.S. state, county, and local governments, a federal agency, as well as numerous universities. The advertisements were contained in PDF files uploaded to official .gov websites belonging to the state governments of California, North Carolina, New Hampshire, Ohio, Washington, and Wyoming; […]

Scammers publish ads for hacking services on government websites by Lorenzo Franceschi-Bicchierai originally published on TechCrunch

Critical-rated security flaw in Illumina DNA sequencing tech exposes patient data

The U.S. government has sounded the alarm about a critical software vulnerability found in genomics giant Illumina’s DNA sequencing devices, which hackers can exploit to modify or steal patients’ sensitive medical data. In separate advisories released on Thursday, U.S. cybersecurity agency CISA and the U.S. Food and Drug Administration warned that the security flaw — […]

Critical-rated security flaw in Illumina DNA sequencing tech exposes patient data by Carly Page originally published on TechCrunch

Nation state hackers exploited years-old bug to breach a US federal agency

The U.S. government has warned that multiple cybercriminal gangs, including a nation state-backed hacking group, exploited a four-year-old software vulnerability in order to compromise a U.S. federal government agency. A joint alert released by the CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (known as MS-ISAC) on Wednesday revealed that hackers from […]

Nation state hackers exploited years-old bug to breach a US federal agency by Carly Page originally published on TechCrunch

US federal agencies hacked using legitimate remote desktop tools

The U.S. government’s cybersecurity agency has warned that criminal financially motivated hackers compromised federal agencies using legitimate remote desktop software. CISA said in a joint advisory with the National Security Agency on Wednesday that it had identified a “widespread cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software” that had […]

US federal agencies hacked using legitimate remote desktop tools by Carly Page originally published on TechCrunch

FBI, CISA say Cuba ransomware gang extorted $60M from victims this year

The Cuba ransomware gang extorted more than $60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow-up to a flash alert released by the FBI in December 2021, which revealed that the gang had earned close […]

FBI, CISA say Cuba ransomware gang extorted $60M from victims this year by Carly Page originally published on TechCrunch

Iran-backed hackers breached a US federal agency that failed to patch year-old bug

The U.S. government’s cybersecurity agency says hackers backed by the Iranian government compromised a federal agency that failed to patch against Log4Shell, a vulnerability fixed almost a year ago. In an alert published Thursday, the Cybersecurity and Infrastructure Security Agency said that a federal civilian executive branch organization (FCEB) was breached by Iranian government hackers […]

Iran-backed hackers breached a US federal agency that failed to patch year-old bug by Carly Page originally published on TechCrunch

US, UK and EU blame Russia for ‘unacceptable’ Viasat cyberattack

The U.S, U.K, and EU have formally blamed the Russian government for the February cyberattack against satellite communications provider Viasat, which triggered outages across central and eastern Europe hours before Russia launched its invasion of Ukraine. “The European Union and its member states, together with its international partners, strongly condemn the malicious cyber activity conducted […]

North Korean hackers are targeting blockchain companies with malicious crypto-stealing apps

The U.S. government has warned that North Korean state-backed hackers known as the Lazarus Group are targeting organizations in the blockchain industry using trojanized cryptocurrency applications. In a joint advisory issued on Monday, the FBI, CISA, and the U.S. Treasury said they had observed the North Korean-backed threat actors targeting a variety of organizations in […]

North Korean hackers are targeting blockchain companies with malicious crypto-stealing apps

The U.S. government has warned that North Korean state-backed hackers known as the Lazarus Group are targeting organizations in the blockchain industry using trojanized cryptocurrency applications. In a joint advisory issued on Monday, the FBI, CISA, and the U.S. Treasury said they had observed the North Korean-backed threat actors targeting a variety of organizations in […]

Shift5 raises $50M to defend transport networks from cyberattacks

You might not think much about the train or the airplane that gets you from one place to another, but behind any transportation link is a vast sprawling network of electronics, devices, and data that keep trains on the tracks and planes in the sky. Companies like Shift5, which today announced $50 million in Series […]