The Breach News

Lazarus Group Leverages Google Chrome Vulnerability to Take Control of Compromised Devices

Oct 24, 2024
Vulnerability / Cyber Attack

The Lazarus Group, a North Korean cyber threat actor, has been linked to the exploitation of a zero-day vulnerability in Google Chrome, allowing them to control infected devices. Cybersecurity firm Kaspersky reported this discovery, which stemmed from a new attack chain identified in May 2024. The attack targeted the personal computer of an unnamed Russian individual using the Manuscrypt backdoor. This involved triggering the zero-day exploit simply by visiting a counterfeit gaming website, “detankzone[.]com,” which aimed at cryptocurrency users. It is believed this campaign began in February 2024. Kaspersky researchers Boris Larin and Vasily Berdnikov noted that the website masqueraded as a professionally designed page for a decentralized finance (DeFi) NFT-based multiplayer online battle arena (MOBA) tank game, enticing users to download a trial version. However, this was merely a façade.

Lazarus Group Exploits Google Chrome Vulnerability to Compromise Targeted Devices On October 24, 2024, cybersecurity experts revealed that the Lazarus Group, a notorious North Korean cyber threat actor, has exploited a recently patched zero-day vulnerability in Google Chrome to gain control over infected devices. The findings were reported by Kaspersky,…

Read More

Lazarus Group Leverages Google Chrome Vulnerability to Take Control of Compromised Devices

Oct 24, 2024
Vulnerability / Cyber Attack

The Lazarus Group, a North Korean cyber threat actor, has been linked to the exploitation of a zero-day vulnerability in Google Chrome, allowing them to control infected devices. Cybersecurity firm Kaspersky reported this discovery, which stemmed from a new attack chain identified in May 2024. The attack targeted the personal computer of an unnamed Russian individual using the Manuscrypt backdoor. This involved triggering the zero-day exploit simply by visiting a counterfeit gaming website, “detankzone[.]com,” which aimed at cryptocurrency users. It is believed this campaign began in February 2024. Kaspersky researchers Boris Larin and Vasily Berdnikov noted that the website masqueraded as a professionally designed page for a decentralized finance (DeFi) NFT-based multiplayer online battle arena (MOBA) tank game, enticing users to download a trial version. However, this was merely a façade.

Data Breach at Dutch Cancer Screening Lab Impacts 485,000 Individuals

Cybercrime, Data Breach Notification, Data Security Hacking Incident at Clinical Diagnostics Lab Represents Shifting Landscape of Cyber Threats in the Netherlands Marianne Kolbasuk McGee (HealthInfoSec) • August 12, 2025 Image: Getty Images A significant data breach has occurred at a Dutch clinical diagnostics laboratory, impacting 485,000 participants in a cervical…

Read MoreData Breach at Dutch Cancer Screening Lab Impacts 485,000 Individuals

Utilizing Credentials for Unique Identification: A Practical Strategy for Managing Non-Human Identities

In recent years, identity-based attacks have surged, with malicious actors increasingly masquerading as legitimate entities to access sensitive resources and data. Recent studies indicate that approximately 83% of these attacks involve compromised credentials. According to the Verizon DBIR, attackers are now more likely to leverage stolen credentials as their entry point, rather than exploiting vulnerabilities or misconfigurations. Moreover, the focus isn’t just on human identities; Non-Human Identities (NHIs) vastly outnumber their human counterparts in enterprises—by at least a factor of 50. Unlike humans, machines lack reliable multi-factor authentication methods, leading us to depend predominantly on credentials like API keys, bearer tokens, and JWTs. Traditionally, identity and access management (IAM) has been founded on…

Utilizing Credentials as Distinct Identifiers: A Practical Strategy for NHI Management In recent years, the prevalence of identity-based attacks has surged, marking a notable concern for cybersecurity professionals. Malicious actors increasingly exploit the identities of individuals or entities to facilitate access to resources and sensitive data. Recent reports indicate that…

Read More

Utilizing Credentials for Unique Identification: A Practical Strategy for Managing Non-Human Identities

In recent years, identity-based attacks have surged, with malicious actors increasingly masquerading as legitimate entities to access sensitive resources and data. Recent studies indicate that approximately 83% of these attacks involve compromised credentials. According to the Verizon DBIR, attackers are now more likely to leverage stolen credentials as their entry point, rather than exploiting vulnerabilities or misconfigurations. Moreover, the focus isn’t just on human identities; Non-Human Identities (NHIs) vastly outnumber their human counterparts in enterprises—by at least a factor of 50. Unlike humans, machines lack reliable multi-factor authentication methods, leading us to depend predominantly on credentials like API keys, bearer tokens, and JWTs. Traditionally, identity and access management (IAM) has been founded on…

The Most Overlooked Data Breach in America: It’s Happening at Your Mailbox

Theft of paper checks and their use in identity theft constitute a major blind spot in the private sector’s fraud detection networks. Banks and regulators need to come together to find solutions, writes David Maimon, of SentiLink.Douglas Sacha/Adobe Stock In early 2023, a significant discovery in the United States highlighted…

Read MoreThe Most Overlooked Data Breach in America: It’s Happening at Your Mailbox

Severe Sudo Vulnerabilities Allow Local Users to Escalate to Root Access on Major Linux Distributions

July 4, 2025
By Cybersecurity Insights

Cybersecurity researchers have identified two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems, enabling local attackers to elevate their privileges to root on affected machines. Here’s a summary of the vulnerabilities:

  • CVE-2025-32462 (CVSS Score: 2.8): In versions prior to 1.9.17p1, Sudo, when configured with a sudoers file specifying a host that is neither the current host nor ALL, permits listed users to execute commands on unintended machines.

  • CVE-2025-32463 (CVSS Score: 9.3): In Sudo versions before 1.9.17p1, local users can gain root access as a result of the /etc/nsswitch.conf file being utilized from a user-controlled directory in conjunction with the –chroot option.

Sudo is a command-line tool designed to allow low-privileged users to execute commands as another user, typically the superuser, thereby implementing the principle of least privilege for administrative tasks.

Critical Sudo Vulnerabilities Expose Linux Systems to Root Access Risks On July 4, 2025, cybersecurity experts identified two significant vulnerabilities in the Sudo command-line utility widely used across Linux and Unix-like operating systems. These issues pose a serious threat, allowing local attackers to gain root access on affected systems, heightening…

Read More

Severe Sudo Vulnerabilities Allow Local Users to Escalate to Root Access on Major Linux Distributions

July 4, 2025
By Cybersecurity Insights

Cybersecurity researchers have identified two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems, enabling local attackers to elevate their privileges to root on affected machines. Here’s a summary of the vulnerabilities:

  • CVE-2025-32462 (CVSS Score: 2.8): In versions prior to 1.9.17p1, Sudo, when configured with a sudoers file specifying a host that is neither the current host nor ALL, permits listed users to execute commands on unintended machines.

  • CVE-2025-32463 (CVSS Score: 9.3): In Sudo versions before 1.9.17p1, local users can gain root access as a result of the /etc/nsswitch.conf file being utilized from a user-controlled directory in conjunction with the –chroot option.

Sudo is a command-line tool designed to allow low-privileged users to execute commands as another user, typically the superuser, thereby implementing the principle of least privilege for administrative tasks.

CERT-UA Discovers Malicious RDP Files in Recent Attack on Ukrainian Entities

Oct 26, 2024
Cyber Attack / Threat Intelligence

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…

CERT-UA Uncovers Malicious RDP Files Targeting Ukrainian Entities October 26, 2024 Cyber Attack / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a newly identified malicious email campaign directed at various governmental agencies, private enterprises, and military organizations within the country. This campaign seeks to exploit…

Read More

CERT-UA Discovers Malicious RDP Files in Recent Attack on Ukrainian Entities

Oct 26, 2024
Cyber Attack / Threat Intelligence

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…