US treasury breach – Chinese hackers breach Janet Yellen’s computer, accessed about 50 files – ET CISO https://etimg.etb2bimg.com/thumb/msid-117320088,imgsize-87808,width-1200,height=765,overlay-etciso/data-breaches/us-treasury-breach-chinese-hackers-breach-janet-yellens-computer-accessed-about-50-files.jpg Hackers backed by the Chinese government accessed US Treasury Secretary Janet Yellen’s computer and files, Bloomberg News has reported . The breach, discovered in December, also impacted the computers of Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. The hackers ...
Read More »Vulnerabilities & Exploits
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation https://firewall.firm.in/wp-content/uploads/2025/01/root.png Jan 17, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. “These switches are widely used in building and home automation systems for a variety of networking ...
Read More »Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action https://firewall.firm.in/wp-content/uploads/2025/01/digi.png Jan 16, 2025The Hacker NewsCertificate Management / Compliance The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying ...
Read More »The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024 https://firewall.firm.in/wp-content/uploads/2025/01/push.png You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost ...
Read More »Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool https://firewall.firm.in/wp-content/uploads/2025/01/rsync.png Jan 15, 2025Ravie LakshmananVulnerability / Software Update As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. “Attackers can take control of a malicious server and read/write arbitrary ...
Read More »Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 https://firewall.firm.in/wp-content/uploads/2025/01/web3.png Jan 15, 2025Ravie LakshmananCryptocurrency / Malware The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. “The campaign begins with fake recruiters, posing on platforms like ...
Read More »Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes https://firewall.firm.in/wp-content/uploads/2025/01/google-ads.png Jan 15, 2025Ravie LakshmananMalvertising / Malware Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. “The scheme consists of stealing as many advertiser accounts as possible ...
Read More »North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains https://firewall.firm.in/wp-content/uploads/2025/01/korea.png Jan 15, 2025Ravie LakshmananBlockchain / Cryptocurrency Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate ...
Read More »FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation https://firewall.firm.in/wp-content/uploads/2025/01/fbi.png Jan 15, 2025Ravie LakshmananMalware / Threat Intelligence The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a “multi-month law enforcement operation.” PlugX, also known as ...
Read More »Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation https://firewall.firm.in/wp-content/uploads/2025/01/apple.png Jan 14, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The ...
Read More »