Tech News
General news about the tech industry, trends, and major events.
Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41
Interpol announced it arrested 41 individuals and taken down 1,037 servers and infrastructure running on 22,000 IP addresses facilitating cybercrime in an international law enforcement action titled Operation Synergia II. The operation took place between April and August 2024, spanning 95 countries and resulting in 41 arrests of those linked to various crimes, including ransomware, […]
Windows infected with backdoored Linux VMs in new phishing attacks
A new phishing campaign dubbed ‘CRON#TRAP’ infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. Using virtual machines to conduct attacks is nothing new, with ransomware gangs and cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they breach a network. A […]
Windows Server 2025 released—here are the new features
Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st. In January 2024, the company released the first Windows Server 2025 build for admins enrolled in the Windows Insider program. This new version introduced hotpatching, next-gen Active Directory, and SMB over QUIC alternative ports (allows […]
Custom “Pygmy Goat” malware used in Sophos Firewall hack on govt network
UK’s National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named “Pigmy Goat” created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. Last week, Sophos published a series of reports dubbed “Pacific Rim” that detailed five-year attacks by Chinese threat actors on edge networking devices. One […]
Nokia investigates breach after hacker claims to steal source code
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company’s stolen source code. “Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia,” the company told GeekFeed. “Nokia takes this allegation seriously […]
Google fixes two Android zero-days used in targeted attacks
Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks. “There are indications that the following may be under limited, targeted exploitation,” says Google’s advisory. The CVE-2024-43047 flaw is […]
Suspect behind Snowflake data-theft attacks arrested in Canada
Canadian authorities have arrested a man suspected of having stolen the data of hundreds of millions after targeting over 165 organizations, all of them customers of cloud storage company Snowflake. According to Canada’s Department of Justice, Alexander “Connor” Moucka (aka “Waifu” and “Judische”) was taken into custody on Wednesday at the request of the United States […]
LastPass warns of fake support centers trying to steal customer data
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by GeekFeed. LastPass is a popular password […]
Synology hurries out patches for zero-days exploited at Pwn2Own
Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week’s Pwn2Own hacking competition within days. Midnight Blue security researcher Rick de Jager found the critical zero-click vulnerabilities (tracked together as CVE-2024-10443 and dubbed RISK:STATION) in the company’s Synology Photos and BeePhotos for BeeStation software. As Synology explains in security advisories published two days after the […]
DDoS site Dstat.cc seized and two suspects arrested in Germany
The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years. The seizure and arrests were conducted as part of “Operation PowerOFF,” an ongoing international law enforcement operation that targets DDoS-for-hire platforms, aka “booters” or “stressers,” to seize infrastructure and […]