System hacked
Blackout: Madrid subway evacuated
Spain and Portugal experienced a widespread power outage that affected large parts of both countries. The Spanish grid operator Red Eléctrica reported the disruption and announced that “all resources have been deployed to resolve” the problem.
New social engineering weapon in cyber warfare
What began as a ploy by commercial cybercriminals is now becoming a method used by state-supported hacker groups: The ClickFix technique. Originally used by financially motivated attackers to circumvent security mechanisms, it is now being used specifically by actors from North Korea, Iran and Russia for espionage purposes.
Ad
Old gaps, new access
Despite security updates being installed, cyber criminals have managed to gain permanent access to FortiGate devices. The attackers exploit known vulnerabilities that have long since been closed – but they go one better: they leave behind a so-called backdoor through which they retain access even after the patch.
Ad
An old trick with a new twist
Despite its age, the ClickFix method remains a popular tool in the arsenal of cybercriminals. Security researchers from Sophos X-Ops came across the sophisticated attack tactic again in their latest analysis.
Ad
Car rental company is being blackmailed
The Europcar Mobility Group has been the victim of a targeted cyber attack. Unknown persons gained access to the international car rental company’s GitLab repositories and captured both the source code of the mobile applications and customer data.
Questionable crisis communication
The US software company Oracle has admitted to selected customers that attackers have stolen customer access data after compromising a “legacy environment”. This was reported by Bloomberg.
Session tokens are also recorded
Security researchers from Sophos X-Ops have investigated the workings of Evilginx. The malware, which is based on the widely used open source web server nginx, poses a significant threat to IT security by enabling targeted adversary-in-the-middle attacks and can even bypass multi-factor authentication (MFA).
Ad