Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32 https://firewall.firm.in/wp-content/uploads/2024/08/code.png Aug 29, 2024Ravie LakshmananCyber Espionage / Malware A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that’s ...

U.S. Agencies Warn of Iranian Hacking Group’s Ongoing Ransomware Attacks https://firewall.firm.in/wp-content/uploads/2024/08/iran-hackers.png U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), ...

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability https://firewall.firm.in/wp-content/uploads/2024/08/password.png Aug 28, 2024Ravie LakshmananVulnerability / Data Security Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to ...

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users https://firewall.firm.in/wp-content/uploads/2024/08/chinese-hacker.png Aug 27, 2024Ravie LakshmananCyber Espionage / Malware Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts “almost exactly replicate the functionality of the Windows version of the backdoor and differ only ...

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot https://firewall.firm.in/wp-content/uploads/2024/08/ms.png Aug 27, 2024Ravie LakshmananAI Security / Vulnerability Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. “ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ...

US lawsuit against TikTok to focus on childrens’ privacy – ET CISO https://etimg.etb2bimg.com/thumb/msid-111182270,imgsize-106928,width-1200,height=765,overlay-etciso/data-breaches/us-lawsuit-against-tiktok-to-focus-on-childrens-privacy.jpg The U.S. Department of Justice plans to focus an upcoming lawsuit against TikTok on allegations that the popular social media platform violated the privacy rights of children, rather than claims it misled adult users about its data privacy practices, according to a source familiar with the matter. ...

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S. https://firewall.firm.in/wp-content/uploads/2024/08/Uber.png Aug 26, 2024Ravie LakshmananGDPR / Data Protection The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. “The Dutch DPA ...

Microsoft informs customers that Russian hackers spied on emails – ET CISO https://etimg.etb2bimg.com/thumb/msid-111356087,imgsize-62402,width-1200,height=765,overlay-etciso/data-breaches/microsoft-informs-customers-that-russian-hackers-spied-on-emails.jpg Russian hackers who broke into Microsoft’s systems and spied on staff inboxes earlier this year also stole emails from its customers, the tech giant said on Thursday, around six months after it first disclosed the intrusion. The disclosure underscores the breadth of the breach as Microsoft faces ...

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access https://firewall.firm.in/wp-content/uploads/2024/08/sonic.jpg Aug 26, 2024Ravie LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control ...

EU vs Big Tech: the cases keep mounting – ET CISO https://etimg.etb2bimg.com/thumb/msid-111558319,imgsize-163662,width-1200,height=765,overlay-etciso/data-breaches/eu-vs-big-tech-the-cases-keep-mounting.jpg The European Union (EU) has launched multiple probes and complaints against Big Tech and their handling of user data and maintaining privacy. Let’s take a look at the latest tiffs: AmazonOn Friday, the European Commission (EC) asked Amazon to provide detailed information by July 26 on the measures ...