calcalistech.com
Hofit Cohen Azulay
12:55, 12.03.26
Cyberattack affects platform advertising screens; national cybersecurity authorities investigate.
A cyberattack targeted advertising signs in the passenger halls at Herzliya Station and Shalom Train Station in Tel Aviv on Wednesday. It is estimated that Iranian hackers took control of the signs and posted messages claiming that the stations were expected to be attacked by Iranian missiles and instructing the public to evacuate immediately.
Israel Railways clarified that these signs are not connected to the railway infrastructure and are located on platforms as part of a private provider’s advertising and information system. Shortly after the incident, the screens were taken offline. The National Cyber Directorate, in cooperation with Israel Railways, began investigating the source of the malfunction. Railways officials emphasized that the affected screens are part of an external network unrelated to essential railway infrastructure. Therefore, there was no risk to critical systems or the railway's passenger information system (PIS).
Earlier, Iran’s Fars News Agency falsely claimed that Israel’s entire railway system had been hacked and disabled. The agency stated:
"Israel’s railways have been hacked. As a result of a cyberattack, the enemy’s railway system has been disabled. All [Israeli railway] stations are not safe until further notice."
Following the incident, Israel Railways announced on Thursday that, in accordance with Home Front Command guidelines, it is continuing efforts to resume service on travel routes, increase train frequency, and reopen additional stations.
Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.
The ZDI team offers an analysis of how CVE-2025-0411, a zero-day vulnerability in 7-Zip was actively exploited to target Ukrainian organizations through spear-phishing and homoglyph attacks.
A cyber security expert warns the hack, uncovered by i, presents a 'terrible threat to public health safety'
The mysterious Quad7 botnet has evolved its tactics to compromise several brands of Wi-Fi routers and VPN appliances. It’s armed with new backdoors, multiple vulnerabilities, some of which were previously unknown, and new staging servers and clusters, according to a report by Sekoia, a cybersecurity firm.
Qualcomm has disclosed details about three high-severity security vulnerabilities that were exploited in limited, targeted attacks in October 2023.
Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware.
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
The attackers impersonate members of the cryptocurrency community on Discord channels to spread Python-based modules that trigger a multi-stage KandyKorn infection chain.
Elastic Security discovered and attributed the attacks to Lazarus based on overlaps with past campaigns concerning the employed techniques, network infrastructure, code-signing certificates, and custom Lazarus detection rules.
In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details.
#2023 #APT #Apple #EN #Malware-Descriptions #Spyware #Targeted-attacks #Triangulation #iOS #malware #securelist
In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.
