Sergiu Gatlan

Qilin ransomware abuses WSL to run Linux encryptors in Windows The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.

The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.

Fake LastPass, Bitwarden breach alerts lead to PC hijacks An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.

An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.

On CISA media call just now to discuss the F5 hack and source code breach, CISA staffer interrupted the discussion to blame the Democrats for the government shutdown and forcing workers to work without pay

F5 says hackers stole undisclosed BIG-IP flaws, source code U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.

U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.

Hackers claim Discord breach exposed data of 5.5 million users Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people.

Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people.

ShinyHunters launches Salesforce data leak site to extort 39 victims The ShinyHunters extortion group has leaked samples of data belonging to dozens of companies, which were stolen in a wave of Salesforce breaches that have affected numerous companies worldwide.

The ShinyHunters extortion group has leaked samples of data belonging to dozens of companies, which were stolen in a wave of Salesforce breaches that have affected numerous companies worldwide.

A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.

They also refer to Trump as "my king."

Astonishingly Pathetic Threat

CISA orders agencies to patch Cisco flaws exploited in zero-day attacks CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks.

CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks.

SonicWall warns customers to reset credentials after breach SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts.

SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts.

Screenshot with quote from article: "How Android's new risk-based update process works Instead of bundling all available security patches into the next ASB, Google now prioritizes shipping only "high-risk" vulnerabilities in its monthly releases. The majority of security fixes, meanwhile, will be shipped in quarterly ASBs. Google defines "high-risk" vulnerabilities as issues that are crucial to address immediately, such as those under active exploitation or that are part of a known exploit chain. This designation is based on real-world threat level and is distinct from a vulnerability's formal "critical" or "high" severity rating."

Google has switched to a risk-based Android update process, with “high-risk” vulnerabilities patched on a monthly basis and the rest fixed on a quarterly schedule.

www.androidauthority.com/android-risk...

Appeal court orders release of convicted psychotherapy centre database hacker If the court reduces his sentence, there's a risk that Aleksanteri Kivimäki will have spent too much time in prison — and then be able to demand compensation from the state.

Finnish hacker Aleksanteri Kivimäki has been released from prison following an appeal.

Kivimäki hacked Finnish psychotherapy centre Vastaamo in 2020 and released highly sensitive patient files.

yle.fi/a/74-20182408

Hackers left empty-handed after massive NPM supply-chain attack The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it.

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it.

NPM has begun removing the malicious packages.

bsky.app/profile/bad-...

Phishing email sent to NPM package maintainers:

Orange Belgium discloses data breach impacting 850,000 customers Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers.

Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers.

HR giant Workday discloses data breach after Salesforce attack Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.

HR giant Workday breached in Salesforce data-theft attacks

www.bleepingcomputer.com/news/securit...

Colt Telecom attack claimed by WarLock ransomware, data up for sale UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online and Voice API platforms.

UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online and Voice API platforms.

New downgrade attack can bypass FIDO auth in Microsoft Entra ID Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.

Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole Thieves have been stealing cars with a Game Boy-like device

some Hyundai IONIQ 5 models can be hacked to open the doors and start the car with a Game Boy-like device. Now, Hyundai is asking customers in the UK to pay £49 to fix this huge security flaw. Details here 👇 www.theverge.com/news/757205/...

Inside the Multimillion-Dollar Gray Market for Video Game Cheats Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge.

Eighty cheat websites generate between $12.8 million and $73.2 million annually, according to academics at the University of Birmingham.

Up to 174,000 people may be buying cheats every month across North America and Europe.

www.wired.com/story/inside...

Research: github.com/SamCollins13...

Microsoft warns of high-severity flaw in hybrid Exchange deployments Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environm...

Microsoft warns customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that can let attackers escalate privileges in Exchange Online cloud environments undetected.

www.bleepingcomputer.com/news/microso...

Air France and KLM disclose data breaches impacting customers Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.

Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.

Google suffers data breach in ongoing Salesforce data theft attacks Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.

Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.

Although not yet confirmed by Cisco, this is likely part of a wave of Salesforce data theft attacks linked to the ShinyHunters extortion group.

Other companies affected by Salesforce data breaches: Adidas, Qantas, Allianz Life, Chanel, and LVMH brands Louis Vuitton, Dior, and Tiffany & Co.

Ransomware gangs join attacks targeting Microsoft SharePoint servers Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.

Minnesota activates National Guard after St. Paul cyberattack Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday.

Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday.

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data.

Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data.

Millions of cars at risk from Flipper Zero key fob hack, experts warn Hackers are using a custom Flipper Zero firmware to bypass security protections in automotive key fobs, putting millions of vehicles at risk.

NEW: A custom firmware for the Flipper Zero, being sold by a Russian hacker for up to $1,000, can bypass modern security protections on key fobs.



The hack defeats rolling codes & lets you clone every key fob button—lock, unlock, trunk—by capturing just a single command.

san.com/cc/millions-...

Ukraine arrests suspected admin of XSS Russian hacking forum The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office.

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office.