Blog – Page 1075 – Cyber Mike

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities.
“The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture,” CERT-UA said. “These emails contain attachments in the form of Remote Desktop Protocol (‘.rdp’

Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. […]

Russia sentences REvil ransomware members to over 4 years in prison

Russia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment. […]

Amazon seizes domains used in rogue Remote Desktop campaign to steal data

Amazon has seized domains used by the Russian APT29 hacking group in targeted attacks against government and military organizations to steal Windows credentials and data using malicious Remote Desktop Protocol connection files. […]

In Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat Hackers

Noteworthy stories that might have slipped under the radar: CVE Program celebrates 25th anniversary, one year after ransomware attack Henry Schein says 160,000 are impacted, US offering rewards for Shahid Hemmat hackers.

The post In Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat Hackers appeared first on SecurityWeek.

Concentric AI Secures $45M Series B Funding to Expand DSPM Tech

Concentric AI banks capital to compete in the data security governance market that includes DSPM and Data Access Governance technologies.

The post Concentric AI Secures $45M Series B Funding to Expand DSPM Tech appeared first on SecurityWeek.

LinkedIn Hit With 310 Million Euro Fine for Data Privacy Violations From Irish Watchdog

LinkedIn has received a 310 million euro fine from Ireland’s Data Protection Commission for data privacy violations.

The post LinkedIn Hit With 310 Million Euro Fine for Data Privacy Violations From Irish Watchdog appeared first on SecurityWeek.

Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite

A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges.
The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers.
“This flaw allows an unauthenticated local attacker to

Over $1 Million Paid Out at Pwn2Own Ireland 2024

Pwn2Own Ireland 2024 participants have earned over $1 million for camera, printer, NAS device, smart speaker and smartphone exploits.

The post Over $1 Million Paid Out at Pwn2Own Ireland 2024 appeared first on SecurityWeek.

US, Australia Release New Security Guide for Software Makers

CISA, FBI, and ACSC have published guidance to help software manufacturers establish secure deployment processes.

The post US, Australia Release New Security Guide for Software Makers appeared first on SecurityWeek.

Cyber News