Recent cyberattacks have highlighted a vulnerability in Signal's device linking feature, allowing hackers to gain unauthorized access to user accounts. These attacks, primarily attributed to Russian-aligned threat actors, exploit the app's legitimate functionality to eavesdrop on communications. Exploitation of Signal's Device Linking The attacks
Vault 33 | Cyber News & Intel
Vault 33 is your ultimate hub for cutting-edge cybersecurity insights, delivering expert analysis, detailed tutorials, research, and the latest updates in threat and vulnerability management.
Discover Our Featured Posts
Featured Posts
9 Posts
Recent cyberattacks have highlighted a vulnerability in Signal's device linking feature, allowing hackers to gain unauthorized access to user accounts. These attacks, primarily attributed to Russian-aligned threat actors, exploit the app's legitimate functionality to eavesdrop on communications. Exploitation of Signal's Device Linking The attacks
A novel malware named FinalDraft has been identified leveraging Outlook email drafts for command-and-control (C2) communications. This sophisticated attack has targeted a government ministry in a South American nation, as discovered by Elastic Security Labs. Malware Attack Overview The attack employs a comprehensive toolkit, including a custom malware loader called
A novel malware named FinalDraft has been identified leveraging Outlook email drafts for command-and-control (C2) communications. This sophisticated attack has targeted a government ministry in a South American nation, as discovered by Elastic Security Labs. Malware Attack Overview The attack employs a comprehensive toolkit, including a custom malware loader called
Intel
|
Feb 02, 2025
Recent alerts from the Cybersecurity Infrastructure & Security Agency (CISA) and the U.S. Food and Drug Administration (FDA) have raised concerns about potential vulnerabilities in the CONTEC CMS8000 patient monitors. These alerts suggest the presence of a backdoor communicating with a Chinese IP address. However, upon investigation, it appears
Recent alerts from the Cybersecurity Infrastructure & Security Agency (CISA) and the U.S. Food and Drug Administration (FDA) have raised concerns about potential vulnerabilities in the CONTEC CMS8000 patient monitors. These alerts suggest the presence of a backdoor communicating with a Chinese IP address. However, upon investigation, it appears
The emergence of GeoSpy, an AI-powered tool, underscores the growing need for caution in online photo sharing. This innovative software swiftly determines a location through image analysis, presenting notable privacy and security concerns. GeoSpy's Capabilities and Development GeoSpy, created by Graylark Technologies, employs artificial intelligence to identify locations
The emergence of GeoSpy, an AI-powered tool, underscores the growing need for caution in online photo sharing. This innovative software swiftly determines a location through image analysis, presenting notable privacy and security concerns. GeoSpy's Capabilities and Development GeoSpy, created by Graylark Technologies, employs artificial intelligence to identify locations
A significant breach of AT&T's network by the Chinese state-sponsored group, Salt Typhoon, has led to unauthorized access to sensitive U.S. telecommunications data. Active undetected for over 18 months until 2023, the breach exposed critical communications metadata of FBI informants, potentially creating a crisis for
A significant breach of AT&T's network by the Chinese state-sponsored group, Salt Typhoon, has led to unauthorized access to sensitive U.S. telecommunications data. Active undetected for over 18 months until 2023, the breach exposed critical communications metadata of FBI informants, potentially creating a crisis for
A Chinese cyber adversary known as UNC5337 has resumed its focus on uncovering vulnerabilities within Ivanti remote access devices, marking another chapter in a series of security challenges faced by the IT vendor. This latest threat leverages a critical remote code execution (RCE) vulnerability discovered in Ivanti’s products, reigniting
A Chinese cyber adversary known as UNC5337 has resumed its focus on uncovering vulnerabilities within Ivanti remote access devices, marking another chapter in a series of security challenges faced by the IT vendor. This latest threat leverages a critical remote code execution (RCE) vulnerability discovered in Ivanti’s products, reigniting
News
|
Dec 13, 2024
The United States has announced a reward of up to $5 million for information leading to the disruption of North Korean IT worker schemes. These operations involve illicit remote work practices that fuel the nation's prohibited missile programs. Involved Entities Two companies, Yanbian Silverstar based in China and
The United States has announced a reward of up to $5 million for information leading to the disruption of North Korean IT worker schemes. These operations involve illicit remote work practices that fuel the nation's prohibited missile programs. Involved Entities Two companies, Yanbian Silverstar based in China and
In a groundbreaking discovery, researchers have identified "the first UEFI bootkit specifically engineered to target Linux systems". This represents a significant evolution in bootkit threats, which have historically concentrated on Windows environments. Innovative Threat The UEFI bootkit is a sophisticated form of malware designed to integrate into the
In a groundbreaking discovery, researchers have identified "the first UEFI bootkit specifically engineered to target Linux systems". This represents a significant evolution in bootkit threats, which have historically concentrated on Windows environments. Innovative Threat The UEFI bootkit is a sophisticated form of malware designed to integrate into the
Russian APT28 Hackers Exploit US Company Wi-Fi from Afar In a remarkable demonstration of their capabilities, Russian cyber espionage group APT28, also known as Fancy Bear and linked to Russia's military intelligence agency GRU, successfully infiltrated a U.S. company's Wi-Fi network from a distant location.
Russian APT28 Hackers Exploit US Company Wi-Fi from Afar In a remarkable demonstration of their capabilities, Russian cyber espionage group APT28, also known as Fancy Bear and linked to Russia's military intelligence agency GRU, successfully infiltrated a U.S. company's Wi-Fi network from a distant location.
Read Our Latest Posts
Latest Posts
273 Posts
Recent leaks of internal communications have unveiled significant turmoil within Black Basta, a notorious ransomware-as-a-service (RaaS) group. Known for its prolific cyberattacks since its emergence in April 2022, Black Basta's operations have notably declined, with the last known activities occurring in December 2024. The leaked chats reveal internal
A significant data breach has unveiled the operations of TopSec, a leading Chinese cybersecurity firm, potentially involved in government-led internet censorship. This leak, analyzed by SentinelLABS, includes over 7,000 documents detailing work logs and DevOps code. Key Findings from the Data Leak The leaked data suggests that TopSec'
News
|
Feb 21, 2025
A significant security breach has hit Bybit, the world's second-largest cryptocurrency exchange, resulting in the theft of $1.4 billion in Ethereum from a cold wallet. Details of the Breach Bybit has confirmed a massive security incident where approximately $1.4 billion worth of Ethereum was stolen. The
News
|
Feb 21, 2025
A major healthcare provider, Health Net Federal Services (HNFS), along with its parent company Centene Corporation, has agreed to a settlement of $11,253,400. This resolution addresses accusations of falsely certifying compliance with cybersecurity mandates under a Defense Health Agency (DHA) TRICARE contract. Background of the Allegations HNFS was
A recent cyberattack has targeted the Supreme Administrative Court of Bulgaria, with the hacker group RansomHouse claiming responsibility. The group has allegedly breached the court's information systems, releasing documents that include employee names, personal data, and leave applications. This incident highlights the ongoing threat of ransomware attacks on
A recent cyberattack campaign is targeting freelance developers by using fraudulent job advertisements to distribute malware disguised as legitimate software tools. This operation primarily exploits GitHub repositories, capitalizing on the eagerness of freelancers to secure remote work opportunities. Deceptive Tactics and Malware Distribution The attackers impersonate reputable companies, offering enticing
News
|
Feb 20, 2025
A significant leak has revealed internal communications from the Black Basta ransomware group, exposing their operations and tactics. Details of the Leak An anonymous source has released what they claim to be internal chat logs of the Black Basta ransomware group. Initially shared on the MEGA platform, the logs have
Cybercriminals are once again exploiting Google Ads to distribute malware. This time, they are using a deceptive advertisement for Google Chrome, the world's most popular web browser, to lure unsuspecting users. The malicious campaign involves a fake Google Sites page that serves as an intermediary, similar to previous
Recent discoveries reveal that tools traditionally associated with Chinese Advanced Persistent Threat (APT) groups are now surfacing in corporate ransomware attacks. This development complicates the attribution of cyber threats and challenges security teams to reassess their strategies against state-backed hackers. Emergence of Espionage Tools in Ransomware Research from leading cybersecurity
Browse by Tags
3 Tags
