Search Results for: cybersecurity
Halliburton cyberattack linked to RansomHub ransomware gang
The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company’s IT systems and business operations. The attack caused widespread disruption, and GeekFeed was told that customers couldn’t generate invoices or purchase orders because the required systems were down. Halliburton disclosed the attack last Friday in an SEC […]
Malware exploits 5-year-old zero-day to infect end-of-life IP cameras
The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. The flaw, discovered by Akamai’s Aline Eliovich, is tracked as CVE-2024-7029 and is a high-severity (CVSS v4 score: 8.7) issue in the “brightness” function […]
Versa fixes Director zero-day vulnerability exploited in attacks
Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. Versa Director is a platform designed to help managed service providers simplify the design, automation, and delivery of SASE services, offering essential management, monitoring, and […]
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware named NGate can steal money from payment cards by relaying to an attacker’s device the data read by the near-field communication (NFC) chip. Specifically, NGate enables attackers to emulate victims’ cards and make unauthorized payments or withdrawal cash from ATMs.. The campaign has been active since November 2023 and is linked to a recent report […]
US oil giant Halliburton confirms cyberattack behind systems shutdown
Halliburton, one of the world’s largest providers of services to the energy industry, has confirmed a cyberattack that forced it to shut down some of its systems earlier this week. “On August 21, 2024, Halliburton Company (the “Company”) became aware that an unauthorized third party gained access to certain of its systems,” the oil services […]
Phrack hacker zine publishes new edition after three years
Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine’s history. Phrack is an underground online magazine first launched in 1985 as a text file distributed through Bulletin Board Systems (BBS) and later […]
Hackers steal banking creds from iOS, Android users via PWA apps
Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. Progressive web apps (PWA) are cross-platform applications that can be installed directly from the browser and offer a native-like experience through features like push notifications, access to device hardware, and background data syncing. Using this type of […]
Microchip Technology discloses cyberattack impacting operations
American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. Headquartered in Chandler, Arizona, the company has roughly 123,000 customers across multiple industry sectors, including industrial, automotive, consumer, aerospace and defense, communications, and computing markets. Due to an incident, some Microchip Technology manufacturing […]
US warns of Iranian hackers escalating influence operations
The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. In a joint statement from the Office of the Director of National Intelligence (ODNI), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. says that Iran carried out cyberattacks […]
CISA warns of Jenkins RCE bug exploited in ransomware attacks
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it’s actively exploited in attacks. Jenkins is a widely used open-source automation server that helps developers automate the process of building, testing, and deploying software through continuous integration (CI) and continuous delivery […]