New York AG Warns 17 Firms of Credential Attacks

Sponsored: Password security is highlighted in attorney general warning to New York state businesses. New York Attorney General Letitia James reported 1.1 million credentials tied to 17 “well known” state…

State-sponsored Threat Actors Steal Airline Data Using the Slack API

Reports show that a recently found backdoor dubbed ‘Aclip’ that exploits the Slack API for covert communications is being used by an alleged Iranian state-sponsored cybercriminal. The malicious actor began…

Suspected Iranian hackers target airline with new backdoor

A suspected, state-sponsored Iranian threat group has attacked an airline with a never-before-seen backdoor.  On Wednesday, cybersecurity researchers from IBM Security X-Force said an Asian airline was the subject of…

Irani and Chinese State Hackers Exploiting Log4j Vulnerability

According to John Hultquist, VP of Intelligence Analysis, Mandiant, Iranian state hackers are specifically aggressive with this Log4j vulnerability. Cybersecurity firms Mandiant and CrowdStrike have confirmed that Iranian and Chinese…

Espionage Hacking Campaign Is Targeting Telecom Operators

A fresh espionage hacking effort targeting Middle Eastern and Asian telecommunications and IT service companies was recently discovered. The operation has been running for six months, and it may have…

Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft.    As predicted by…

Khonsari ransomware, Iranian group Nemesis Kitten seen exploiting Log4j vulnerability

Security researchers have found evidence that the group behind the Khonsari ransomware is exploiting the Log4j vulnerability to deliver it. Other state-sponsored groups are also looking into the vulnerability, according…

Suspected espionage campaign targets telecoms, IT service firms in Middle East

Written by AJ Vicens Dec 14, 2021 | CYBERSCOOP Hackers targeted a string of telecommunication operators and IT service organizations in the Middle East and Asia over the last six…

Microsoft December 2021 Patch Tuesday: Zero-day exploited to spread Emotet malware

Microsoft has released 67 security fixes for software including seven critical issues and a zero-day flaw being actively exploited by cybercriminals.  In the Redmond giant’s latest round of patches, usually released…

What the Log4Shell Bug Means for SMBs: Experts Weigh In

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to remediate. News of…