Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4
Source: Dark Reading
A security firm recently hired a software engineer for its internal AI team that turned out to be a North Korean threat actor, who immediately began loading malware to his company-issued workstation.
Critical ServiceNow RCE flaws actively exploited to steal credentials
Source: Bleeping Computer
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government agencies, data centers, energy providers, and software development firms.
Cybercrooks Continue to Capitalize on CrowdStrike Outage
Source: Data Breach Today
Self-proclaimed hacktivist group USDoD appears the latest to mount a claim, posting Wednesday on a criminal forum a spreadsheet containing an "entire threat actor list" and promising to later publish "their entire IOC list," referring to indicators of compromise.
Breach Roundup: ICANN Warns .top Domain About Phishing
Source: Info Risk Today
The Chinese company managing the .top top-level domain has until mid-August to implement systems for handling phishing reports and suspending abusive domains, or it will lose its license, warned the Internet Corporation for Assigned Names and Numbers. The warning follows findings that .top was the second-most-common suffix in phishing websites last year, after .com.
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Source: The Hacker News
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.