Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called...
Month: November 2023
An RFC on IoCs – playing our part in international standards
An RFC on IoCs – playing our part in international standards In August 2023, the IETF published the document Indicators...
British Library: Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several...
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs
Google's Threat Analysis Group (TAG) has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive...
Bloomberg Crypto X account snafu leads to Discord phishing attack
Image: Bloomberg Crypto The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive...
The Week in Ransomware – November 17th 2023 – Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt...
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues...
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak...
FBI Lifts the Lid on Notorious Scattered Spider Group
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a detailed cybersecurity advisory on the sophisticated Scattered...
British Library: Ransomware Recovery Could Take Months
One of the world’s largest libraries has confirmed it was hit by a ransomware attack on October 28, and that...
Royal Mail to Spend £10m on Ransomware Remediation
Royal Mail has revealed a multimillion-pound cost attached to a serious ransomware breach it suffered earlier this year.The British postal...
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
involving the spoofing of luxury brands, including Louis Vuitton, Rolex, and Ray-Ban.The hackers craft enticing emails promising heavy discounts on...
US-CERT Vulnerability Summary for the Week of November 6, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformThe 1E-Exchange-URLResponseTime instruction that is part of the Network product...
LTESniffer – An Open-source LTE Downlink/Uplink Eavesdropper
LTESniffer is An Open-source LTE Downlink/Uplink Eavesdropper It first decodes the Physical Downlink Control Channel (PDCCH) to obtain the Downlink...
HackerOne Bug Bounty Disclosure: b-full-account-takeover-of-any-user-through-reset-password-b-maskedpersian
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'maskedpersian'Link to Submitters Profile:https://hackerone.com/b'maskedpersian' Report Title:b'Full account takeover of...
HackerOne Bug Bounty Disclosure: b-xss-in-cisco-endpoint-b-r-tdaddy
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'r00tdaddy'Link to Submitters Profile:https://hackerone.com/b'r00tdaddy' Report Title:b'XSS in Cisco Endpoint'Report...
HackerOne Bug Bounty Disclosure: b-unathenticated-file-read-cve-b-r-tdaddy
Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'r00tdaddy'Link to Submitters Profile:https://hackerone.com/b'r00tdaddy' Report Title:b'Unathenticated file read (CVE-2020-3452)...
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV)...
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six...
U.S. Cybersecurity Agencies Warn of Scattered Spider’s Gen Z Cybercrime Ecosystem
U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known...
Discover 2023’s Cloud Security Strategies in Our Upcoming Webinar – Secure Your Spot
In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip...
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams...
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate...
Black Basta Ransomware Victim: edc[.]dk
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
