Tag: hacking news

US Health Dept warns hospitals of hackers targeting IT help desks
News

US Health Dept warns hospitals of hackers targeting IT help desks

Hackers are increasingly employing social engineering techniques to target IT help desks in the Healthcare and Public Health (HPH) industry, according to a warning from the U.S. Department of Health and Human Services (HHS). This week, the Health Sector Cybersecurity Coordination Center (HC3) released a sector alert stating that attackers have been able to enroll their own multi-factor authentication (MFA) devices in order to access the systems of the targeted institutions. The threat actors in these operations call businesses posing as financial department officials using a local area code and divulge stolen ID verification information, such as social security numbers and corporate IDs. By saying that their smartphone is broken and using this sensitive information, they persuade...
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
News

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

It has been discovered that malicious actors are using a serious weakness in Magento to introduce a persistent backdoor into e-commerce websites.According to Adobe, the attack makes use of CVE-2024-20720 (CVSS score: 9.1), a case of "improper neutralization of special elements" that may allow for arbitrary code execution. The company addressed it in security patches that were made available on February 13, 2024.According to Sansec, it found a deftly constructed layout template in the database that is automatically injected with malicious code to carry out arbitrary commands. According to the firm, to execute system commands, attackers combine the Magento layout parser with the beberlei/assert package, which is installed by default read more Hackers Exploit Magento Bug to Steal Payme...
CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability
News

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

Based on proof of active exploitation in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security hole affecting Microsoft Sharepoint Server to its list of known exploited vulnerabilities (KEV). This significant remote code execution vulnerability, identified as CVE-2023-24955 (CVSS score: 7.2), enables arbitrary code execution by an authorized attacker with Site Owner capabilities. An authorized attacker might remotely execute code on the SharePoint Server as a Site Owner through a network-based attack, according to a warning from Microsoft. Microsoft fixed the vulnerability in its May 2023 Patch Tuesday patches. The update was made more than two months after CISA included CVE-2023-29357, a SharePoint Server privilege escalation vulnerabili...
Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks
News

Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks

Once again demonstrating how threat actors are repurposing legitimate services for malicious ends, threat actors are using digital document publishing (DDP) sites hosted on platforms such as FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for phishing, credential harvesting, and session token theft. According to Cisco Talos researcher Craig Jackson, hosting phishing lures on DDP sites increases the chance of a successful phishing attack because these sites frequently have a positive reputation, are unlikely to show up on web filter blocklists, and may give users a false sense of security if they recognize them as reputable or familiar. Although adversaries have previously hosted phishing documents using well-known cloud-based services like Google Drive, OneDrive, Dropbox,...
Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade
News

Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade

The state-sponsored hacker group Volt Typhoon, based in China, has been operating within parts of the nation's vital infrastructure networks for at least five years, according to a statement released by the U.S. government on Wednesday. In the United States and Guam, the threat actor targets the water and wastewater infrastructure, energy, communications, and transportation sectors. The U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions. Volt Typhoon's choice of targets and pattern of behavior is inconsistent with traditional cyber espionage read more Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade. Get up to...
France says Russian state hackers breached numerous critical networks
News

France says Russian state hackers breached numerous critical networks

Since the second part of 2021, the Russian hacking group APT28 (also known as "Strontium" or "Fancy Bear") has been focusing on French government agencies, corporations, academic institutions, research centers, and think tanks. The attack group was recently connected to the exploitation of two vulnerabilities: CVE-2023-23397, a zero-day privilege elevation weakness in Microsoft Outlook, and CVE-2023-38831, a remote code execution vulnerability in WinRAR. The threat group is thought to be a part of Russia's military intelligence service GRU. Russian hackers are no longer using backdoors to avoid detection; instead, they are infiltrating peripheral devices on vital networks belonging to French organizations read more France says Russian state hackers breached numerous critical network...
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
News

Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto

In Toronto, Canada, on the first day of the consumer-focused Pwn2Own 2023 hacking competition, security researchers successfully compromised the Samsung Galaxy S23 twice. In addition, they demonstrated exploits and vulnerability chains aimed at zero-days in the Xiaomi 13 Pro smartphone, along with Network Attached Storage (NAS) devices, printers, smart speakers, and security cameras from QNAP, Synology, Western Digital, Canon, Lexmark, and Sonos. By using an incorrect input validation flaw to obtain code execution, Pentest Limited was the first to demonstrate a zero-day on Samsung's flagship Galaxy S23 smartphone, winning $50,000 and five Master of Pwn points in the process read more Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto. Stay informed with the best cybe...