Categories
Featured

Ransomware attack hits top chipmaker Nexperia, huge hoard of data set to be leaked

[ad_1]

Top chipmaker Nexperia suffered a ransomware attack last month which saw threat actors get away with a terabyte of sensitive corporate data. 

“Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024,” the company said in a statement shared with BleepingComputer. “We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation.”

[ad_2]

Source Article Link

Categories
Featured

Hackers are loading SVG files with multi-stage malware in new phishing attack

[ad_1]

A sophisticated new phishing attack was spotted in the wild, leveraging a wide variety of tools to bypass antivirus protections and ultimately deliver different Remote Access Trojan (RAT) malware.

According to cybersecurity researchers at Fortinet, an unidentified threat actor was seen sending phishing emails, stating a shipment has been delivered, and attaching an invoice. This attachment, however, is a Scalable Vector Graphics (SVG) file which, when run, triggers the infection sequence. 

[ad_2]

Source Article Link

Categories
Featured

This new phishing attack targets iPhone and Android alike via RCS

[ad_1]

A new phishing service has been detected sporting a unique way of approaching iOS and Android users.

The Phishing-as-a-Service (PhaaS) tool, called “Darcula” and uncovered by researchers at Netcraft, stands out from the crowd as it reaches out to its victims via the Rich Communication Services (RCS) protocol for Google Messages and iMessage, instead of the usual Short Message System (SMS). 

[ad_2]

Source Article Link

Categories
News

Warning: Apple Users Targeted in Advanced Phishing Attack Involving Password Reset Requests

[ad_1]

Phishing attacks taking advantage of what appears to be a bug in Apple’s password reset feature have become increasingly common, according to a report from KrebsOnSecurity. Multiple Apple users users have been targeted in an attack that bombards them with an endless stream of notifications or multi-factor authentication (MFA) messages in an attempt to get them to approve an Apple ID password change.

reset password request iphone
An attacker is able to cause the target’s iPhone, Apple Watch, or Mac to display system-level password change approval texts over and over again, with the hope that the person being targeted will mistakenly approve the request or get tired of the notifications and click on the accept button. If the request is approved, the attacker is able to change the ‌Apple ID‌ password and lock the Apple user out of their account.

Because the password requests target the ‌Apple ID‌, they pop up on all of a user’s devices. The notifications render all linked Apple products unable to be used until the popups are dismissed one by one on each device. Twitter user Parth Patel recently shared his experience being targeted with the attack, and he says he could not use his devices until he clicked on “Don’t Allow” for more than 100 notifications.

When attackers are unable to get the person to click “Allow” on the password change notification, targets often get phone calls that seem to be coming from Apple. On these calls, the attacker claims to know that the victim is under attack, and attempts to get the one-time password that is sent to a user’s phone number when attempting a password change.

In Patel’s case, the attacker was using information leaked from a people search website, which included name, current address, past address, and phone number, giving the person attempting to access his account ample information to work from. The attacker happened to have his name wrong, and he also became suspicious because he was asked for a one-time code that Apple explicitly sends with a message confirming that Apple does not ask for those codes.

The attack seems to hinge on the perpetrator having access to the email address and phone number associated with an ‌Apple ID‌.

KrebsOnSecurity looked into the issue, and found that attackers appear to be using Apple’s page for a forgotten ‌Apple ID‌ password. This page requires a user’s ‌Apple ID‌ email or phone number, and it has a CAPTCHA. When an email address is put in, the page displays the last two digits of the phone number associated with the Apple account, and filing in the missing digits and hitting submit sends a system alert.

It is not clear how the attackers are abusing the system to send multiple messages to Apple users, but it appears to be a bug that is being exploited. It is unlikely that Apple’s system is meant to be able to be used to send more than 100 requests, so presumably the rate limit is being bypassed.

Apple device owners targeted by this kind of attack should be sure to tap “Don’t Allow” on all requests, and should be aware that Apple does not make phone calls requesting one-time password reset codes.



[ad_2]

Source Article Link

Categories
Featured

A new ZenHammer attack is targeting more AMD CPUs

[ad_1]

The infamous Rowhammer DRAM attack can now be pulled off on some AMD CPUs as well, academic researchers from ETH Zurich have proved.

As reported by BleepingComputer, the researchers dubbed the attack ZenHammer, after cracking the complex, non-linear DRAM addressing functions in AMD platforms.

[ad_2]

Source Article Link

Categories
Featured

This new attack uses the sound of your keystrokes to steal your passwords

[ad_1]

Two researchers from Augusta University, in Georgia, U.S., demonstrated a novel way to steal people’s passwords that would put even James Bond to shame.

Last week, researchers Alireza Taheritajar and Reza Rahaeimehr published a paper called “Acoustic Side Channel Attack on Keyboards Based on Typing Patterns” which is just as weird as it sounds.

[ad_2]

Source Article Link

Categories
Computers

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

[ad_1]

For years, Registered Agents Inc.—a secretive company whose business is setting up other businesses—has registered thousands of companies to people who appear to not exist. Multiple former employees tell WIRED that the company routinely incorporates businesses on behalf of its customers using what they claim are fake personas. An investigation found that incorporation paperwork for thousands of companies that listed these allegedly fake personas had links to Registered Agents.

State attorneys general from around the US sent a letter to Meta on Wednesday demanding the company take “immediate action” amid a record-breaking spike in complaints over hacked Facebook and Instagram accounts. Figures provided by the office of New York attorney general Letitia James, who spearheaded the effort, show that in 2023 her office received more than 780 complaints—10 times as many as in 2019. Many complaints cited in the letter say Meta did nothing to help them recover their stolen accounts. “We refuse to operate as the customer service representatives of your company,” the officials wrote in the letter. “Proper investment in response and mitigation is mandatory.”

Meanwhile, Meta suffered a major outage this week that took most of its platforms offline. When it came back, users were often forced to log back in to their accounts. Last year, however, the company changed how two-factor authentication works for Facebook and Instagram. Now, any devices you’ve frequently used with Meta services in recent years will be trusted by default. The move has made experts uneasy; this means that your devices may not need a two-factor authentication code to log in anymore. We updated our guide for how to turn off this setting.

A ransomware attack targeting medical firm Change Healthcare has caused chaos at pharmacies around the US, delaying delivery of prescription drugs nationwide. Last week, a Bitcoin address connected to AlphV, the group behind the attack, received $22 million in cryptocurrency—suggesting Change Healthcare has likely paid the ransom. A spokesperson for the firm declined to answer whether it was behind the payment.

And there’s more. Each week, we highlight the news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company’s senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.”

It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”

Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that compromised thousands of organizations including the major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.

[ad_2]

Source Article Link

Categories
News

Cyber attack trends for 2024 from the X-Force Threat Report

X-Force Threat Intelligence Index Report 2024

In the dynamic arena of cybersecurity, the stakes are high and the adversaries are relentless. The latest insights from IBM’s X-Force Threat Intelligence Index Report for 2024 provide a crucial glimpse into the cyber threats that dominated the previous year. For anyone with a stake in the digital world, these findings are not just informative; they are essential for the protection of your digital assets.

The report highlights a significant rise in the exploitation of legitimate user credentials, which saw a 71% increase in 2023, making it as prevalent as phishing in terms of methods used for initial access by cybercriminals. This alarming trend underscores the critical need for robust Identity and Access Management (IAM) protocols. Without strong IAM measures, your digital presence is at risk, as cybercriminals continue to refine their tactics to gain unauthorized access to systems and data.

Phishing attacks, a long-standing threat, remain a formidable challenge, with cybercriminals constantly updating their strategies to install malware or steal credentials. The malware that is particularly concerning is the kind that hijacks user accounts, potentially leading to significant data breaches. It is more important than ever to remain vigilant and to be able to recognize and respond to these deceptive tactics.

Cyber Attack Trends 2024

Here are some other articles you may find of interest on the subject of  artificial intelligence

Data security has become increasingly important, with incidents of data theft and leakage now accounting for 32% of the major impacts on organizations. This represents a significant increase from the 19% reported in 2022. The rise of info stealers has contributed to this trend, emphasizing the need to protect your data from theft and unauthorized disclosure.

Application security is another area that demands continuous attention. The most common vulnerabilities are due to misconfigurations, failures in identity and authentication, and issues with access control. These vulnerabilities are often linked to poor password practices and the use of default settings. Addressing these issues through rigorous security measures is essential to safeguard your applications from potential breaches.

The report also touches on the emergence of Generative AI, including advanced chatbots, which has been a hot topic in 2023. While the use of this technology in attacks has been minimal so far, the interest shown in dark web forums suggests that it could pose future threats. Keeping up with the developments in generative AI is therefore an important aspect of your cybersecurity strategy.

X-Force Threat Intelligence Index Report for 2024

A review of 2023 identifying major threat trends in cybersecurity, drawing on data from IBM’s global team across 17 countries, including ethical hackers, incident responders, researchers, and analysts.

  • Identity and Access Management:
    • Initial access factors highlighted, with valid accounts or improper use of a valid account and phishing tied for the top method at approximately 30%.
    • A significant increase in valid account misuse, up by 71% over the previous year.
  • Phishing Details:
    • Split into two main types: those involving attachments and those involving links, aiming to plant malware or steal credentials.
    • A considerable portion of malware is intended to steal credentials.
  • Data Security:
    • Data theft and leakage were the top impact on organizations, constituting 32%, up from 19% in 2022.
    • The rise of info stealers, malware designed to exfiltrate sensitive information and credentials, saw an increase of 266%.
  • Application Security:
    • Misconfiguration was the most frequent application security vulnerability, according to the OWASP Top 10 list.
    • Identity and authentication failures, along with related access control issues, were significant, collectively accounting for 36% of the vulnerabilities.
  • Zero-Day Attacks:
    • A significant decrease in 2023 compared to 2022, down by 72%, possibly due to easier attack methods being available.
  • Ransomware:
    • A slight decrease in real-world cases, down by 12%.
    • Early signs of better defense against ransomware attacks and a growing trend of organizations not paying the ransom.
  • Generative AI:
    • 2023 marked a significant year for the adoption and discussion of generative AI technologies.
    • Over 800,000 mentions of AI and generative AI in dark web forums, indicating both interest and experimentation by malicious actors.
    • Concerns raised about the potential misuse of generative AI in cyber attacks, with some alternative chatbots lacking restrictions on generating malicious content.
  • Preventive Measures and Recommendations:
    • Emphasis on the effectiveness of industry best practices in preventing 84% of attacks on critical infrastructure.
    • Recommendations include multi-factor authentication, use of passkeys, data encryption, immutable backups, patching applications, system hardening, and staying informed about generative AI developments.

However, it’s not all grim news. The report notes a significant 72% decline in zero-day attacks and a 12% reduction in ransomware incidents, indicating that cybersecurity efforts are making a difference. These positive trends highlight the effectiveness of proactive prevention measures and the benefits of staying ahead of cybercriminals.

Prevention is, and always has been, the best defense. The report suggests that adhering to industry best practices could have prevented 84% of the attacks on critical infrastructure that occurred. Among the recommended practices are the use of multi-factor authentication, passkeys, data encryption, immutable backups, regular patching, system hardening, and staying informed about the latest developments in generative AI.

The X-Force Threat Intelligence Index Report for 2024 is a wake-up call to learn from the previous year’s cybersecurity challenges and to strengthen our defenses. It is imperative that you review the full report for a comprehensive analysis and adopt the suggested security practices. By doing so, you can enhance the security of your digital ecosystem and be better prepared to face the emerging threats that lie ahead.

Filed Under: Technology News, Top News





Latest timeswonderful Deals

Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, timeswonderful may earn an affiliate commission. Learn about our Disclosure Policy.