Owner of BreachForums Pleads Guilty to Cybercrime and Child Pornography Charges

Owner of BreachForums Pleads Guilty to Cybercrime and Child Pornography Charges,

Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images.
The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was formally charged in the U.S. with conspiracy to commit access device

,

Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images.
The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was formally charged in the U.S. with conspiracy to commit access device

, ,
https://thehackernews.com/2023/07/owner-of-breachforums-pleads-guilty-to.html

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites,

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign.
The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

,

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign.
The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

, ,
https://thehackernews.com/2023/07/cybercriminals-exploiting-woocommerce.html

JumpCloud Blames ‘Sophisticated Nation-State’ Actor for Security Breach

JumpCloud Blames ‘Sophisticated Nation-State’ Actor for Security Breach

,

A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor.
The adversary « gained unauthorized access to our systems to target a small and specific set of our customers, » Bob Phan, chief information security officer (CISO) at JumpCloud, said in a post-mortem report. « The

,

A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor.
The adversary « gained unauthorized access to our systems to target a small and specific set of our customers, » Bob Phan, chief information security officer (CISO) at JumpCloud, said in a post-mortem report. « The

, ,
https://thehackernews.com/2023/07/jumpcloud-blames-sophisticated-nation.html

Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps

Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps,

Threat actors are taking advantage of Android’s WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information.
« The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application, » researchers from CSIRT KNF said in an analysis released last week. « The

,

Threat actors are taking advantage of Android’s WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information.
« The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application, » researchers from CSIRT KNF said in an analysis released last week. « The

, ,
https://thehackernews.com/2023/07/hackers-exploit-webapk-to-deceive.html

These 6 Questions Will Help You Choose the Best Attack Surface Management Platform

These 6 Questions Will Help You Choose the Best Attack Surface Management Platform,

The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business?
For anyone ready to find an attack surface management (ASM) vendor, review these six questions before getting started to understand the key features to

,

The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business?
For anyone ready to find an attack surface management (ASM) vendor, review these six questions before getting started to understand the key features to

, ,
https://thehackernews.com/2023/07/these-6-questions-will-help-you-choose.html

Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware

Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware,

Cyber attacks using infected USB infection drives as an initial access vector have witnessed a three-fold increase in the first half of 2023, 
That’s according to new findings from Mandiant, which detailed two such campaigns – SOGU and SNOWYDRIVE – targeting both public and private sector entities across the world.
SOGU is the « most prevalent USB-based cyber espionage attack using USB flash

,

Cyber attacks using infected USB infection drives as an initial access vector have witnessed a three-fold increase in the first half of 2023, 
That’s according to new findings from Mandiant, which detailed two such campaigns – SOGU and SNOWYDRIVE – targeting both public and private sector entities across the world.
SOGU is the « most prevalent USB-based cyber espionage attack using USB flash

, ,
https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html

Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware,

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems.
« LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015, » Fortinet FortiGuard Labs researcher Cara Lin said. « It primarily targets Windows systems and aims to gather sensitive information from

,

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems.
« LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015, » Fortinet FortiGuard Labs researcher Cara Lin said. « It primarily targets Windows systems and aims to gather sensitive information from

, ,
https://thehackernews.com/2023/07/cybercriminals-exploit-microsoft-word.html

CERT-UA Uncovers Gamaredon’s Rapid Data Exfiltration Tactics Following Initial Compromise

CERT-UA Uncovers Gamaredon’s Rapid Data Exfiltration Tactics Following Initial Compromise

,

The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise.
« As a vector of primary compromise, for the most part, emails and messages in messengers (Telegram, WhatsApp, Signal) are used, in most cases, using previously compromised accounts, » the Computer Emergency Response Team of Ukraine (CERT-UA) said in

,

The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise.
« As a vector of primary compromise, for the most part, emails and messages in messengers (Telegram, WhatsApp, Signal) are used, in most cases, using previously compromised accounts, » the Computer Emergency Response Team of Ukraine (CERT-UA) said in

, ,
https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks,

With generative artificial intelligence (AI) becoming all the rage these days, it’s perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime.
According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to

,

With generative artificial intelligence (AI) becoming all the rage these days, it’s perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime.
According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to

, ,
https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html

Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens

Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens,

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations.
« Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA

,

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations.
« Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA

, ,
https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html