Month: September 2023

The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners, has conducted a cybersecurity tabletop exercise this week in preparation for Super Bowl LVIII. The exercise aimed to assess and enhance cybersecurity response capabilities, plans and procedures for the upcoming event. The Super
DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a Hypertext Transfer Protocol Secure encrypted session. DoH seeks to improve online privacy by hiding DNS queries from view. DoH works similarly to DNS, but HTTPS sessions keep the requests and minimize the information exchanged
Sep 21, 2023THNTelecom Security / Cyber Attack A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as
An eye-opening 74% of breaches include the human element, according to Verizon’s “2023 Data Breach Investigations Report,” be it from negligence, stolen credentials or falling victim to phishing scams. With IBM reporting the average total cost of a ransomware breach at $5.13 million, it is critical that organizations conduct ransomware-specific training to help employees recognize
Sep 20, 2023THNCyber Crime / Dark Web Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. “The site operated as a hidden service in the encrypted TOR network,” the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. “The
Africa’s agricultural sector has a significant social and economic impact, per McKinsey. The percentage of smallholder farmers in sub-Saharan Africa exceeds 60%, while agriculture accounts for approximately 23% of the region’s gross domestic product. But despite the apparent opportunity in the agricultural sector, it is difficult for Africa to successfully participate in global supply chains
Sep 19, 2023THNMalware / Cyber Threat Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. “HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming
Malicious actors have stolen more than $1m in a ‘pig butchering’ cryptocurrency scam in just three months, researchers from Sophos have found. The highly sophisticated operation used a total of 14 domains and dozens of nearly identical fraud sites, according to the investigation. The attackers utilized fake trading pools of cryptocurrency from decentralized finance (DeFi)
Cloud security vendor Wiz discovered 38 TB of private Microsoft data that was accidentally exposed by AI researchers employed by the tech giant. Wiz’s research was published in a blog post Monday as part of coordinated disclosure with Microsoft. According to Wiz security researchers Hillai Ben-Sasson and Ronny Greenberg, who authored the research, Microsoft’s AI
Sep 18, 2023THNCloud Security / Cryptocurrecy A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig. “The AMBERSQUID operation was able
Earlier this year, the U.S. government indicted Russian hacker Mikhail Matveev, also known by his online monikers “Wazawaka” and “Boriselcin,” accusing him of being “a prolific ransomware affiliate” who carried out “significant attacks” against companies and critical infrastructure in the U.S. and elsewhere. The feds also accused him of being a “central figure” in the
A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant said it has launched an investigation into the incident. “As a major high-tech and industrial player, Airbus is also a target for malicious actors,”
Sep 17, 2023THNCryptocurrency / Cyber Attack The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets
Hey, friendly people, and welcome to Week in Review (WiR), TechCrunch’s regular newsletter that aggregates the top tech news over the past few days. It’s our humble opinion that there’s no better place to get caught up on the industry’s happenings, whether you’re a news junkie or simply among the tech-curious. In this edition of
China’s malicious cyber activity informs its preparations for a potential military conflict with the US, a new report from the Department of Defense (DoD) has claimed. The agency’s 2023 Cyber Strategy highlighted the People’s Republic of China (PRC) and Russia’s embrace of malicious cyber activity “as a means to counter US conventional military power and