Tag: communications
-
Iran-Nexus Hackers Exploit Omani Mailbox to Target Governments
Tags: authentication, communications, cyber, exploit, government, group, hacker, intelligence, iran, mfa, phishing, spear-phishingA sophisticated spear-phishing campaign that exploited a compromised mailbox belonging to the Ministry of Foreign Affairs of Oman. The operation, attributed to an Iranian-aligned group known as Homeland Justice and linked to Iran’s Ministry of Intelligence and Security (MOIS), masqueraded as legitimate multi-factor authentication (MFA) communications to infiltrate governments and diplomatic missions around the world.…
-
Security Affairs newsletter Round 539 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships New zero-click exploit allegedly used…
-
Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships
Lab Dookhtegan hacking group allegedly disrupted communications of 60 Iranian ships run by sanctioned firms NITC and IRISL. The hacking group Lab Dookhtegan allegedly disrupted the communications of 60 Iranian ships. The attack hit at least 39 tankers and 25 cargo ships operated by Iranian maritime companies National Iranian Oil Tanker Company and Iran Shipping Lines, which…
-
DOGE Put Everyone’s Social Security Data at Risk, Whistleblower Claims
Plus: China’s Salt Typhoon hackers target 600 companies in 80 countries, Tulsi Gabbard purges CIA agents, hackers knock out Iranian ship communications, and more. First seen on wired.com Jump to article: www.wired.com/story/doge-social-security-data-at-risk-whistleblower/
-
Chinese hacking group Salt Typhoon expansion prompts multinational advisory
Tags: advisory, attack, authentication, breach, china, cisco, communications, container, corporate, country, cyber, data, exploit, firmware, flaw, government, group, hacking, infrastructure, intelligence, Internet, ivanti, malware, military, monitoring, network, password, router, service, software, technology, threat, update, vulnerability, zero-dayIvanti, Palo Alto Networks, Cisco flaws exploited: Salt Typhoon has been active since at least 2021, targeting critical infrastructure in telecom, transportation, government, and military bodies around the globe. Notably, a “cluster of activity” has been observed in the UK, according to the country’s National Cyber Security Centre.The group has had “considerable success” with “n-days,”…
-
BSidesSF 2025: Decentralized Communications: Deep-Dive Into APRS And Meshtastic
Creators, Authors and Presenters: Ankur Tyagi, Mayuresh Dani Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the…
-
Home Office ‘backdoor’ seeks worldwide access to Apple iCloud users’ data, court documents confirm
A court filing states that a government order against Apple would give it the capability to access communications and metadata of customers using the iCloud service anywhere in the world First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630023/Home-Office-back-door-seeks-world-wide-access-to-Apple-iCloud-users-data-court-documents-confirm
-
Home Office ‘back door’ seeks world-wide access to Apple iCloud users’ data, court documents confirm
A court filing sates a government order against Apple would give it the capability to access communications and ‘metadata’ of customers using Apple’s iCloud service anywhere in the world First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630023/Home-Office-back-door-seeks-world-wide-access-to-Apple-iCloud-users-data-court-documents-confirm
-
Versteckte Risiken Mitarbeiter als Cybersicherheitsrisiko
Cyberangriffe werden immer raffinierter, insbesondere durch neue Technologien und die Notwendigkeit ständig verbunden zu sein. Daher ist es für Unternehmen entscheidend, ihre Mitarbeiter so zu schulen, dass sie diese komplexen Angriffe effektiv erkennen und darauf reagieren können. Amit Kapoor, Vizepräsident und Head of Continental Europe bei Tata Communications, spricht darüber, wie Mitarbeiter sowohl Schwachstelle als…
-
Broadcom Extends Reach and Scope of Cybersecurity Portfolio
Tags: ai, communications, compliance, conference, cybersecurity, framework, intelligence, technology, update, vmware, zero-trustBroadcom today added a slew of cybersecurity updates, including a technology preview of an update to VMware vDefend that secures communications between artificial intelligence (AI) agents, promising to improve overall resiliency and automate compliance workflows. Announced at the VMware Explore 2025 conference, the update to vDefend introduces a zero-trust framework for AI agents. Additionally, Broadcom..…
-
Hackers Exploit SendGrid to Steal User Login Credentials in Latest Attack
Tags: attack, cloud, communications, credentials, cyber, cybersecurity, defense, email, exploit, hacker, login, phishing, serviceCybersecurity researchers at the Cofense Phishing Defense Center (PDC) have uncovered a fresh surge in credential harvesting attacks that leverage the reputable cloud-based email service SendGrid to distribute phishing emails. Attackers are exploiting SendGrid’s trusted status, commonly used for transactional and marketing communications, to craft messages that evade standard email security gateways. By spoofing sender…
-
Why satellite cybersecurity threats matter to everyone
Satellites play a huge role in our daily lives, supporting everything from global communications to navigation, business, and national security. As space becomes more crowded … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/brett-loubert-deloitte-satellite-cybersecurity-threats/
-
Nuance Agrees to Pay $8.5M to Settle MOVEit Hack Litigation
Tags: communications, data, exploit, flaw, hacker, healthcare, microsoft, moveIT, software, zero-daySettlement Is Latest Among Scores of Other MOVEit Lawsuits Still Pending. Nuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software’s MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance’s healthcare clients.…
-
System Shocks? EV Smart Charging Tech Poses Cyber-Risks
Trend Micro’s Salvatore Gariuolo talks with the Black Hat USA 2025 News Desk about how the new ISO 15118 standard for electric vehicle smart charging and vehicle-to-grid communications can be weaponized by threat actors. First seen on darkreading.com Jump to article: www.darkreading.com/iot/ev-smart-charging-cyber-risks
-
New Research Reveals Security Vulnerabilities Linked to Popular VPN Apps
Researchers have uncovered deceptive practices among major VPN providers, linking seemingly independent entities into three distinct >>families
-
New Sni5Gect Attack Targets 5G to Steal Messages and Inject Payloads
Tags: 5G, attack, communications, cyber, cybersecurity, framework, infrastructure, malicious, technology, vulnerabilityCybersecurity researchers at Singapore University of Technology and Design have unveiled a sophisticated new attack framework calledSNI5GECTthat can intercept 5G communications and inject malicious payloads without requiring a rogue base station. The research demonstrates significant vulnerabilities in the current 5G infrastructure that could allow attackers to crash devices, downgrade connections, and steal user identities from…
-
UK’s Colt hit by cyberattack, support systems offline amid ransom threat
Tags: api, attack, china, communications, cve, cyberattack, data, data-breach, exploit, finance, flaw, group, infrastructure, Internet, microsoft, network, programming, ransom, rce, remote-code-execution, russia, service, software, threat, update, vulnerabilitywith samples on a Russian Tor site.”We’ve seen already this year that telecom is particularly vulnerable to attacks, and I think this WarLock attack highlights some recurring issues that telecom and large-scale network service providers are starting to see,” said Gabrielle Hempel, Security Operations Strategist at Exabeam. “There’s this operational ripple effect when you’re a…
-
ShinyHunters Claims BreachForums Seized by Law Enforcement, Now a Honeypot
Tags: authentication, breach, communications, cyber, data, hacking, infrastructure, law, privacy, threatThe threat actor known as ShinyHunters has publicly disclosed what they claim is a covert seizure of BreachForums, a notorious online platform used for trading stolen data and discussing illicit hacking activities. According to ShinyHunters’ announcement, the forum’s core infrastructure, including its official Pretty Good Privacy (PGP) key used for cryptographic authentication and secure communications,…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
New TETRA Radio Encryption Flaws Expose Law Enforcement Communications
Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic.Details of the vulnerabilities dubbed 2TETRA:2BURST were presented at the Black Hat USA First seen on…
-
Finland charges captain of suspected Russian ‘shadow fleet’ tanker for subsea cable damage
In a statement on Monday, Finland’s National Prosecution Authority said they had brought aggravated criminal mischief and aggravated interference with communications charges against the three senior officers aboard the Eagle S, a tanker registered in the Cook Islands. First seen on therecord.media Jump to article: therecord.media/finland-charges-captain-russia-ghost-fleet-undersea-cable
-
Wikipedia’s operator loses challenge to UK Online Safety Act rules
Although the U.K.’s High Court of Justice dismissed the foundation’s challenge, it said it would revisit the case if the organization was classified as category 1 by Ofcom, the country’s communications regulator, later this year. First seen on therecord.media Jump to article: therecord.media/wikipedia-loses-challenge-online-safety-act-uk
-
Schwachstellen in Überwachungssystemen von Axis erlaubt Angreifern Kamera-Feeds einzusehen und über den Netzwerkzugang Code auszuführen
Die Sicherheitsforscher von Team82, der Forschungsabteilung des Spezialisten für die Sicherheit von cyberphysischen Systemen (CPS) Claroty, haben vier Schwachstellen in Videoüberwachungsprodukten von Axis Communications entdeckt. Werden diese kombiniert, erhalten Angreifer Zugriff auf Systemebene im internen Netzwerk und sind in der Lage, Kameras zu kontrollieren: Feeds können gekapert, beobachtet und/oder abgeschaltet sowie Remote-Code auf den Geräten…
-
Windows RPC Protocol Exploited to Launch Server Spoofing Attacks
A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server spoofing attacks. The flaw, designated CVE-2025-49760, enables unprivileged users to masquerade as legitimate system services and potentially escalate privileges or steal sensitive credentials. Security researcher SafeBreach uncovered the vulnerability through…
-
Windows RPC Protocol Exploited to Launch Server Spoofing Attacks
A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server spoofing attacks. The flaw, designated CVE-2025-49760, enables unprivileged users to masquerade as legitimate system services and potentially escalate privileges or steal sensitive credentials. Security researcher SafeBreach uncovered the vulnerability through…
-
Axis Camera Server Vulnerabilities Expose Thousands of Organizations to Attack
Claroty’s Team82 research unit has unveiled four vulnerabilities affecting Axis Communications’ widely deployed video surveillance ecosystem, potentially endangering thousands of organizations worldwide. These flaws, centered on the proprietary Axis.Remoting communication protocol, enable pre-authentication remote code execution (RCE) on key components such as Axis Device Manager (ADM) and Axis Camera Station. Axis, a leading Swedish provider…
-
Axis Security Camera Flaws Enable Remote Takeover
4 Bugs Affecting at Least 6,500 Camera Servers Enable Pre-Auth Attacks on Devices. Researchers who uncovered four severe flaws in Axis Communications’ video management and camera software say thousands of internet-connected surveillance systems are vulnerable to remote attacks. Attackers can execute arbitrary code without authentication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/axis-security-camera-flaws-enable-remote-takeover-a-29149
-
Germany’s top court holds that police can only use spyware to investigate serious crimes
The plaintiffs argued that a 2017 rules change enabling law enforcement to use spyware to eavesdrop on encrypted chats and messaging platforms could unfairly expose communications belonging to people who are not criminal suspects. First seen on therecord.media Jump to article: therecord.media/germany-spyware-limitations-court-rules