Latest Cybersecurity News and Articles


Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

30 September 2024
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

30 September 2024
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique – so

Storm-0501 Expands Ransomware Attacks to Hybrid Cloud Environments

30 September 2024
Microsoft has detected Storm-0501 using Cobalt Strike for lateral movement across networks and deploying Embargo ransomware on victim organizations in hybrid cloud setups.

Critical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and CVE-2024-6593

30 September 2024
Two critical vulnerabilities, CVE-2024-6592 and CVE-2024-6593, have been found in WatchGuard’s Authentication Gateway and Single Sign-On Client software by cybersecurity firm RedTeam Pentesting GmbH.

A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

30 September 2024
Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

30 September 2024
KLogEXE is a C++ keylogger while FPSpy is a backdoor designed to collect system information and exfiltrate data from compromised devices. Both malware strains are primarily being distributed through spear-phishing emails.

Unpatched SQLi Flaw in TI WooCommerce Wishlist Threatens 100,000+ Sites

30 September 2024
A critical security flaw, CVE-2024-43917, with a CVSS score of 9. 3, has been found in the popular WordPress plugin TI WooCommerce Wishlist, putting over 100,000 sites at risk of SQL injection attacks.

DCRat Targets Users with HTML Smuggling

30 September 2024
A new HTML smuggling campaign is targeting Russian-speaking users, distributing DCRat malware. This marks the first time the malware has been deployed using this method, unlike common delivery methods like compromised sites or phishing emails.

First Mobile Crypto Drainer Found on Google Play

30 September 2024
The malicious app, called WalletConnect, amassed over 10,000 downloads and stole around $70,000 in cryptocurrency from Android users before being removed from the Google Play Store.

NIST Proposes Barring Some of the Most Nonsensical Password Rules

30 September 2024
NIST is seeking public feedback on the draft guidelines, which can be submitted via email until October 7. The goal is to promote sensible password practices that enhance security without burdening users or compromising their online identity.

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

30 September 2024
A watering hole attack targeted Kurdish websites, distributing malicious APKs and spyware, compromising 25 sites for over a year. French cybersecurity firm Sekoia uncovered the campaign called SilentSelfie, delivering various info-stealers.

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

30 September 2024
The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's

In tackling Vladimir Putin’s web of troll farms and hackers, we have one advantage: democracy | Peter Pomarantsev

29 September 2024
In tackling Vladimir Putin’s web of troll farms and hackers, we have one advantage: democracy | Peter Pomarantsev By focusing on its strengths and pooling information, the west can disrupt Russia’s war machine – but there’s no time to loseRussia is a “mafia state” trying to expand into a “mafia empire”, the foreign secretary, David Lammy, told the UN, nailing the dual nature of Vladimir Putin’s political model. On one hand Russia represents something very old – a world of bullying empires that invade smaller countries, grab their resources and indoctrinate their people into thinking they are inferior. But it is also something very new, weaponising corruption, criminal networks, assassinations and tech-driven psy-ops to subvert open societies. And if democracies don’t act to stop it, this malign model will be imitated across the globe.Ukraine is resisting the older, zombie imperialism every day on the battlefield, and democracies will have to arm Ukraine and ourselves to constrain Russia properly. But how should we fight the more contemporary tools of political warfare that Russia pioneers? These are becoming ever more prevalent. Globalisation was meant to make us all so integrated that it would diminish the risk of wars. Instead, the free flow of information, money and people across borders also made subversion easier than ever. At the Labour party conference, Lammy indicated that democracies need to work together to stop Russia: “Exposing their agents, building joint capability and working with the global south to take on Putin’s lies.”Do you have an opinion on the issues raised in this article? If you would like to submit a letter of up to 250 words to be considered for publication, email it to us at observer.letters@observer.co.uk Continue reading...

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

28 September 2024
Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake

HPE Patches Three Critical Security Holes in Aruba PAPI

28 September 2024
HPE has released patches for three critical security vulnerabilities in Aruba's networking access points, which could allow attackers to run code on the systems by sending specially crafted packets to UDP port 8211.

BBTok Targeting Brazil Using the AppDomain Manager Injection Technique

28 September 2024
The Brazilian-targeted threat BBTok has a complex infection chain that starts with an email containing an ISO image. The malware compiles C# code directly on the infected machine and uses the AppDomain Manager Injection technique.

Critical RCE Vulnerability Found in OpenPLC

28 September 2024
The most severe issue is a stack-based buffer overflow vulnerability (CVE-2024-34026) that allows an attacker to execute remote code. Users are advised to update to the latest version of OpenPLC to protect against these security risks.

Kia Dealer Portal Flaw Could Let Attackers Hack Millions of Cars

28 September 2024
The vulnerabilities could be exploited to remotely control Kia vehicles equipped with remote hardware in under 30 seconds, exposing the sensitive personal information of car owners.

China-linked APT group Salt Typhoon compromised some US ISPs

28 September 2024
Experts are investigating whether the hackers gained access to Cisco Systems routers, a key component of ISP infrastructures, but Cisco has not found any indication of router involvement.

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

28 September 2024
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy