Cisco Fixes Firewall 0-Days After Likely Nation-State Hack
Source: Data Breach Today
Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday. The company released three patches - two of them rated critical - for devices running Adaptive Security Appliance and Cisco Firepower Threat Defense software.
State Hackers' New Frontier: Network Edge Devices
Source: Info Risk Today
Russian intelligence hackers as well as Russian-speaking cybercriminals have targeted devices including firewalls, virtual private networks and email filters. Chinese hackers with Beijing's backing have particularly demonstrated in-depth knowledge of edge device.
Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries
Source: Dark Reading
North of 1,000 samples of the Godfather mobile banking Trojan are circulating in dozens of countries worldwide, targeting hundreds of banking apps. First discovered in 2022, Godfather — which can record screens and keystrokes, intercepts two-factor authentication (2FA) calls and texts, initiates bank transfers, and more — has quickly become one of the most widespread malware-as-a-service offerings in cybercrime, especially mobile cybercrime.
LA County Health Services: Patients' data exposed in phishing attack
Source: Bleeping Computer
"Between February 19, 2024, and February 20, 2024, DHS experienced a phishing attack. Specifically, a hacker was able to gain log-in credentials of 23 DHS employees through a phishing e-mail," the notifications revealed. "In this case, the DHS employees clicked on the link located in the body of the e-mail, thinking that they were accessing a legitimate message from a trustworthy sender."
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
Source: The Hacker News
These initial access vectors trick targets into launching a malicious optical disc image (ISO) file bearing three files, one of which masquerades as an Amazon VNC client ("AmazonVNC.exe") that, in reality, is a renamed version of a legitimate Windows application called "choice.exe."