Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […]
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.
“Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring
“Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring
Coinbase was primary target of recent GitHub Actions breaches
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. […]
Oracle denies breach after hacker claims theft of 6 million data records
Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company’s Oracle Cloud federated SSO login servers […]
Fake Semrush ads used to steal SEO professionals’ Google accounts
A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. […]
Microsoft: Exchange Online bug mistakenly quarantines user emails
Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users’ emails. […]
In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw
Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat flaw.
The post In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw appeared first on SecurityWeek.
US removes sanctions against Tornado Cash crypto mixer
The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions stolen in multiple crypto heists. […]
Ransomware Group Claims Attack on Virginia Attorney General’s Office
The Cloak ransomware group has claimed responsibility for a February cyberattack on Virginia Attorney General’s Office.
The post Ransomware Group Claims Attack on Virginia Attorney General’s Office appeared first on SecurityWeek.
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023.
“UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim
“UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim