Chinese hackers breach US treasury; third-party alert triggers cybersecurity probe – ET CISO https://etimg.etb2bimg.com/thumb/msid-116817644,imgsize-886682,width-1200,height=765,overlay-etciso/data-breaches/chinese-hackers-breach-us-treasury-third-party-alert-triggers-cybersecurity-probe.jpg The US treasury department revealed on Monday that Chinese hackers managed to access several workstations and unclassified documents by breaching a third-party software service provider. The attack occurred earlier this month and is now being investigated as a major cybersecurity incident. The Treasury did not reveal ...

New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy https://firewall.firm.in/wp-content/uploads/2024/12/data.png Dec 31, 2024Ravie LakshmananData Security / Privacy The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, ...

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials https://firewall.firm.in/wp-content/uploads/2024/12/router.png Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting ...

Data-loss prevention company cyberhaven hit by breach, statement says – ET CISO https://etimg.etb2bimg.com/thumb/msid-116731150,imgsize-79476,width-1200,height=765,overlay-etciso/data-breaches/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says.jpg FILE PHOTO: Miniatures of people with computers are seen in front of binary codes and words ‘Cyber attack’ in this illustration taken July 19, 2023. REUTERS/Dado Ruvic/Illustration/File Photo Hackers compromised an employee of the data-protection company Cyberhaven and used the worker’s access to potentially steal sensitive information ...

North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign https://firewall.firm.in/wp-content/uploads/2024/12/hacking.png Dec 27, 2024Ravie LakshmananCryptocurrency / Cyber Espionage North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as ...

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately https://firewall.firm.in/wp-content/uploads/2024/12/palo.png Dec 27, 2024Ravie LakshmananFirewall Security / Vulnerability Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running ...

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts https://firewall.firm.in/wp-content/uploads/2024/12/brazil.png Dec 26, 2024Ravie LakshmananCybercrime / Ransomware A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company’s network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of ...

Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware https://firewall.firm.in/wp-content/uploads/2024/12/malware.png Dec 25, 2024Ravie LakshmananCyber Attack / Malware The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of ...

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation https://firewall.firm.in/wp-content/uploads/2024/12/software.png Dec 24, 2024Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is ...

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts https://firewall.firm.in/wp-content/uploads/2024/12/python.png Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and ...