UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released

By Waqas Ofcom, the UK communications regulator, is the latest victim of the infamous Cl0p extortion gang, who have been exploiting MOVEit vulnerabilities to target high-profile firms. This is a post from HackRead.com Read the original post: UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released

Beware: New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer

A novel multi-stage loader called DoubleFinger has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what’s an advanced attack targeting users in Europe, the U.S., and Latin America. “DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately executing the first of DoubleFinger’s loader stages,”

Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals

It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and impactful consequences for corporate safety.  A recent study by GitGuardian found […]

Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations

“Dozens” of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks. “Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee’s account and executed an ‘adversary-in-the-middle’ attack […]

BreachForums Returns Under the Control of ShinyHunters Hackers

By Waqas BreachForums is already online with a new domain, gaining attraction from members, authorities, and the cybersecurity community. This is a post from HackRead.com Read the original post: BreachForums Returns Under the Control of ShinyHunters Hackers

Webinar – Mastering API Security: Understanding Your True Attack Surface

Believe it or not, your attack surface is expanding faster than you realize. How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare. According to the “Quantifying […]

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack

The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox. According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000 bitcoins stolen from September 2011 through […]

Critical FortiOS and FortiProxy Vulnerability Likely Exploited – Patch Now!

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been “exploited in a limited number of cases” in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could