Multiple federal agencies, including two Department of Energy entities, were victims of a cyberattack that resulted from a widespread vulnerability in MOVEit file transfer software, federal officials said Thursday.
The joint guidance emphasizes the importance of taking proactive measures to secure and maintain BMCs effectively, adding that many organizations fail to implement even minimum security practices.
Deploying Cayosin botnet, an off-the-shelf Mirai-based botnet agent to target routers running the Linux-based OS OpenWRT is a newly adopted tactic, indicating that the group changes its attack style after examining its targets.
The zero-day leveraged in the campaign, tracked as CVE-2023-2868, impacts Barracuda Email Security Gateway (ESG), specifically a module designed for the initial screening of email attachments.
The Federal Communications Commission will launch its first-ever privacy and data protection task force to crack down on SIM swapping and address broader data privacy concerns, Chairwoman Jessica Rosenworcel announced on Wednesday.
Shell confirmed on Thursday it had been impacted by the Clop ransomware gang’s breach of the MOVEit file transfer tool after the group listed the British oil and gas multinational on its extortion site.
Researchers came across the Shampoo malware campaign that uses a malicious browser extension from the ChromeLoader family to gather sensitive personal information and inject advertisements into victims’ browsing sessions. The new version of the ChromeLoader extension includes many anti-debugging and anti-analysis techniques to make detection challenging.
In a significant development for IP crime, a court has granted a confiscation order against a hacker who was previously jailed for stealing unreleased music owned by Ed Sheeran and Lil Uzi Vert and selling it on the dark web.
A bipartisan pair of lawmakers Monday suggested the model Ukraine is employing to combat Russian hacking may be useful for U.S. industry and government agencies if laid out properly.
“Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a totally clean on-chain original source,” blockchain analytics firm Chainalysis said.