Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick in malicious activities that are "just the tip of the iceberg." "The group tried to access some internal documents (such as flight schedules and documents … [Read more...] about Tropic Trooper Cyber Espionage Hackers Targeting Transportation Sector
hacking news
New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G
Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The "vulnerabilities in the handover procedure are not limited to one handover case only but they impact all … [Read more...] about New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G
Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability
The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of the tool from 2.0-beta9 … [Read more...] about Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability
Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the … [Read more...] about New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability
Facebook Bans 7 ‘Cyber Mercenary’ Companies for Spying on 50,000 Users
Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out "indiscriminate" targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies. To that end, the company said it alerted … [Read more...] about Facebook Bans 7 ‘Cyber Mercenary’ Companies for Spying on 50,000 Users
Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips
Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device's Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip. The novel attacks work against the so-called "combo chips," which are specialized chips that are equipped to handle different types of radio wave-based wireless … [Read more...] about Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips
Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets
Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated activity designed to scrape people's public and private data targets every website or … [Read more...] about Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to download an additional payload, a … [Read more...] about Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack
Threat actors are actively weaponizing unpatched servers affected by the newly identified "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo … [Read more...] about Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack
Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk
The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of … [Read more...] about Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk