August, 2022
August 31, 2022 – Vulnerabilities
Apple backports fix for actively exploited iOS zero-day to older iPhones Full Text
Abstract
Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.BleepingComputer
August 31, 2022 – Hacker
Microsoft Excel attacks fall out of fashion with hackers Full Text
Abstract
Security vendor Hornetsecurity said its researchers logged a significant drop over July in the volume of malware-laden emails that relied on malicious Microsoft Excel documents.Tech Target
August 31, 2022 – Education
A Lawfare Hacking and Cybersecurity Course Full Text
Abstract
On Tuesday evenings starting on Sept. 20, you can take a live hacking class on Lawfare. Join us!Lawfare
August 31, 2022 – Vulnerabilities
A flaw in TikTok Android app could have allowed the hijacking of users’ accounts Full Text
Abstract
Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw (CVE-2022-28799) in the TikTok Android app, which could have allowed attackers...Security Affairs
August 31, 2022 – Privacy
AdGuard’s new ad blocker struggles with Google’s Manifest v3 rules Full Text
Abstract
AdGuard has published the first ad blocker extension for Chrome that is compatible with Manifest V3, Google's newest extension platform protocol for the world's most popular web browser.BleepingComputer
August 31, 2022 – Criminals
Cybercriminals Released Mini Stealer’s Builder & Panel for Free Full Text
Abstract
There is a lot of stuff that MiniStealer targets, but it mostly targets FTP applications and browsers that are based on Chromium. Threat actors claim that their stealer can target different OS, including Windows 7, Windows 10, and Windows 11.GB Hackers
August 31, 2022 – Malware
Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users Full Text
Abstract
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole said . "The latter borrows several phrases from another popular extension called GoFullPage." The browser add-ons in question – available via the Chrome Web Store and downloaded 1.4 million times – are as follows - Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) - 800,000 downloads Netflix Party (flijfnhifgdcbhglkneplegafminjnhn) - 300,000 downloads FlipShope – Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) - 80,000 downloads Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) - 200,000 downloads AutoBuy Flash Sales (gbnaThe Hacker News
August 31, 2022 – Education
Lawfare Hacking and Cybersecurity Course: Instructions and Materials Full Text
Abstract
The class will make use of Virtual Machines and VirtualBox. Please see this page for instructions and required files.Lawfare
August 31, 2022 – Breach
Threat actors breached the network of the Italian oil company ENI Full Text
Abstract
Italian oil giant Eni was hit by a cyber attack, attackers compromised its computer networks, but the consequences appear to be minor. Italian oil giant company Eni disclosed a security breach, threat actors gained access to its network, but according...Security Affairs
August 31, 2022 – Vulnerabilities
Google Chrome bug lets sites write to clipboard without asking Full Text
Abstract
Chrome version 104 accidentally introduced a bug that removes the user requirement to approve clipboard writing events from websites they visit.BleepingComputer
August 31, 2022 – Vulnerabilities
Command injection vulnerability in GitHub Pages nets bug hunter $4k Full Text
Abstract
According to researcher Joren Vrancken, the security issue existed in GitHub Pages, a static hosting service able to pull data from repositories, run code through a build process, and then publish websites.The Daily Swig
August 31, 2022 – Malware
Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope Full Text
Abstract
A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix , points to the growing adoption of Go among threat actors, given the programming language's cross-platform support, effectively allowing the operators to leverage a common codebase to target different operating systems. Go binaries also have the added benefit of rendering reverse engineering a lot more challenging as opposed to malware written in other languages like C++ or C#, not to mention prolong analysis and detection attempts. Phishing emails containing a Microsoft Office attachment act as the entry point for the attack chain that, when opened, retrieves an obfuscated VBA macro, which, in turn, is auto-executed should the recipient enable macros. The execution of the macro results in the download of an image file &quoThe Hacker News
August 31, 2022 – Malware
GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image Full Text
Abstract
A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA's James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged...Security Affairs
August 31, 2022 – Attack
Ragnar Locker ransomware claims attack on Portugal’s flag airline Full Text
Abstract
The Ragnar Locker ransomware gang has claimed an attack on the flag carrier of Portugal, TAP Air Portugal, disclosed by the airline last Friday.BleepingComputer
August 31, 2022 – Vulnerabilities
WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites Full Text
Abstract
The WordPress team this week announced the release of version 6.0.2 of the content management system (CMS), with patches for three security bugs, including a high-severity SQL injection vulnerability.Security Week
August 31, 2022 – Education
Interested in Reducing Your Risk Profile? Jamf Has a Solution for That Full Text
Abstract
The threat landscape has changed dramatically over the past decade. While cybercriminals continue to look for new ways to gain access to networks and steal sensitive information, the mobile attack surface is also expanding. Mobile devices are not only becoming more powerful but also more vulnerable to cyberattacks, making mobile security an increasingly important concern for enterprises. This means that anyone accessing the Internet via their cell phone or logging into their home or work network at any time is putting both their own personal data and that of their company at risk. No matter how big or small your business is, you should always take steps to ensure the security of your employees and customers. Recent global attacks have shown us just how vulnerable businesses are to cyberattacks. There are several ways hackers can attack mobile devices. To protect their data, businesses should take a comprehensive approach that addresses both internal and external threats. Jamf ThrThe Hacker News
August 31, 2022 – Malware
Experts spotted five malicious Google Chrome extensions used by 1.4M users Full Text
Abstract
Researchers spotted 5 malicious Google Chrome extensions used to track users' browsing activity and profit of retail affiliate programs. McAfee researchers discovered five malicious Google Chrome extensions with a total install base of over 1,400,000....Security Affairs
August 31, 2022 – Vulnerabilities
Microsoft found TikTok Android flaw that let hackers hijack accounts Full Text
Abstract
Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link.BleepingComputer
August 31, 2022 – Attack
Update: Cuba Ransomware Apparently Involved in Russia-Linked Attack on Montenegro Government Full Text
Abstract
The Cuba ransomware gang claimed to have stolen files on August 19, including financial documents and source code. They allegedly obtained correspondence with bank employees, balance sheets, account activity, compensation data, and tax documents.Security Week
August 31, 2022 – Vulnerabilities
Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks Full Text
Abstract
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet ) to secure the ecosystem from supply chain attacks . Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs. With the tech giant the maintainer of major projects such as Angular, Bazel, Golang, Protocol Buffers, and Fuchsia, the program aims to reward vulnerability discoveries that could otherwise have a significant impact on the larger open source landscape. Other projects managed by Google and hosted on public repositories such as GitHub as well as the third-party dependencies that are included in those projects are also eligible. Submissions from bug hunters are expected to meet the following criteria - Vulnerabilities that lead to supply chain compromise Design issues that cause product vulnerabilities Other securityThe Hacker News
August 31, 2022 – APT
China-linked APT40 used ScanBox Framework in a long-running espionage campaign Full Text
Abstract
Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South China Sea. Proofpoint’s Threat Research Team uncovered a cyber espionage campaign targeting entities across the world that...Security Affairs
August 31, 2022 – General
3 Ways No-Code Developers Can Shoot Themselves in the Foot Full Text
Abstract
Low/no-code tools allow citizen developers to design creative solutions to address immediate problems, but without sufficient training and oversight, the technology can make it easy to make security mistakes.Dark Reading
August 31, 2022 – Attack
Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks Full Text
Abstract
A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a published in partnership with PwC. Targets encompass local and federal Australian Governmental agencies, Australian news media companies, and global heavy industry manufacturers which conduct maintenance of fleets of wind turbines in the South China Sea. Proofpoint and PwC attributed the intrusions with moderate confidence to a threat actor tracked by the two companies under the names TA423 and Red Ladon respectively, which is also known as APT40 and Leviathan. APT40 is the name designated to a China-based, espionage-motivated threat actor that's known to be active since 2013 andThe Hacker News
August 31, 2022 – Breach
Russian streaming platform Start discloses a data breach impacting 7.5M users Full Text
Abstract
The Russian subscription-based streaming service Start discloses a data breach affecting 7.5 million users. The Russian media streaming platform START disclosed a data breach that impacted 7.5 millions of its users. According to the company, the attackers...Security Affairs
August 30, 2022 – Criminals
Ukraine takes down cybercrime group hitting crypto fraud victims Full Text
Abstract
The National Police of Ukraine (NPU) took down a network of call centers used by a cybercrime group focused on financial scams and targeting victims of cryptocurrency scams under the guise of helping them recover their stolen funds.BleepingComputer
August 30, 2022 – Business
Cerberus Sentinel Announces Acquisition of CUATROi Full Text
Abstract
Cerberus Cyber Sentinel Corporation announced that it has completed the acquisition of CUATROi, a cloud-based managed services provider and cybersecurity company with headquarters in Santiago, Chile, and offices in Bogotá, Colombia, and Lima, Peru.Dark Reading
August 30, 2022 – Hacker
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers Full Text
Abstract
As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRat , to enable various stages of their operations," Cisco Talos researcher Vanja Svajcer said in a report shared with The Hacker News. The malicious implant in question, ModernLoader , is designed to provide attackers with remote control over the victim's machine, which enables the adversaries to deploy additional malware, steal sensitive information, or even ensnare the computer in a botnet. Cisco Talos attributed the infections to a previously undocumented but Russian-speaking threat actor, citing the use of off-the-shelf tools. Potential targets included Eastern EurThe Hacker News
August 30, 2022 – Policy and Law
‘Cyclops Blink’ Shows Why the SEC’s Proposed Cybersecurity Disclosure Rule Could Undermine the Nation’s Cybersecurity Full Text
Abstract
Well-timed public notification is a critical component of proper incident response. But mandating premature disclosure is irresponsible and would imperil public-private coordination focused on protecting the nation.Lawfare
August 30, 2022 – Vulnerabilities
A new Google bug bounty program now covers Open Source projects Full Text
Abstract
Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source...Security Affairs
August 30, 2022 – Malware
Hackers hide malware in James Webb telescope images Full Text
Abstract
Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.BleepingComputer
August 30, 2022 – Solution
Galois Open Sources Tools for Finding Vulnerabilities in C, C++ Code Full Text
Abstract
Now available under the BSD 3-clause license, MATE relies on code property graphs (CPGs) for static program analysis, and can identify application-specific bugs that depend on implementation details and high-level semantics.Security Week
August 30, 2022 – Solution
Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs Full Text
Abstract
As threat complexity increases and the boundaries of an organization have all but disappeared, security teams are more challenged than ever to deliver consistent security outcomes. One company aiming to help security teams meet this challenge is Stellar Cyber . Stellar Cyber claims to address the needs of MSSPs by providing capabilities typically found in NG-SIEM, NDR, and SOAR products in their Open XDR platform, managed with a single license. According to Stellar Cyber, this consolidation means faster security analyst ramp time and customer onboarding with far less manually intensive tasks required. Stellar Cyber currently counts 20+ of the top MSSP providers as customers, providing security for over 3 million assets. In addition, stellar Cyber claims after deployment, users see up to 20x faster mean time to respond (MTTR), a bold claim. We recently took a closer look at the Stellar Cyber Security Operations Platform. Before we begin Before digging into the platform, here areThe Hacker News
August 30, 2022 – Attack
Three campaigns delivering multiple malware, including ModernLoader and XMRig miner Full Text
Abstract
Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering...Security Affairs
August 30, 2022 – Breach
Russian streaming platform confirms data breach affecting 7.5M users Full Text
Abstract
Russian media streaming platform 'START' (start.ru) has confirmed rumors of a data breach impacting millions of users.BleepingComputer
August 30, 2022 – APT
Chinese APT40 Hackers Targeted Australian Manufacturers, Wind Turbine Operators Using ScanBox Malware Full Text
Abstract
In this latest campaign that took place between April and June, the hacking group appeared to focus on global heavy industry manufacturers that conduct maintenance of fleets of wind turbines in the South China Sea.CyberScoop
August 30, 2022 – Breach
India’s Newest Airline Akasa Air Found Leaking Passengers’ Personal Information Full Text
Abstract
Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot , the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug was identified on August 7, 2022, the same day the low-cost airline commenced its operations in the country. "I found an HTTP request which gave my name, email, phone number, gender, etc. in JSON format," Barot said in a write-up. "I immediately changed some parameters in [the] request and I was able to see other user's PII. It took around ~30 minutes to find this issue." Upon receiving the report, the company said it temporarily shut down parts of its system to incorporate additional security guardrails. It has also reported the incident to the Indian Computer Emergency Response Team (The Hacker News
August 30, 2022 – Malware
A study on malicious plugins in WordPress Marketplaces Full Text
Abstract
A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites. A team of researchers from the Georgia Institute of Technology has analyzed the backups of more than 400,000 unique...Security Affairs
August 30, 2022 – Hacker
Chinese hackers target Australian govt with ScanBox malware Full Text
Abstract
China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet.BleepingComputer
August 30, 2022 – Vulnerabilities
Google Launches Bug Bounty Program for Open Source Projects Full Text
Abstract
As part of the new Open Source Software Vulnerability Rewards Program (OSS VRP), Google is offering bug bounty payouts of up to $31,337. The lowest vulnerability reward will be $100.Security Week
August 30, 2022 – Government
FBI Warns Investors to Take Precautions with Decentralized Financial Platforms Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency said in a notification. Attackers are said to have used different methods to hack and steal cryptocurrency from DeFi platforms, including initiating flash loans that trigger exploits in the platforms' smart contracts and exploiting signature verification flaws in their token bridge to withdraw all investments. The agency has also observed criminals defrauding the platforms by manipulating cryptocurrency price pairs – assets that can be traded for each other on an exchange – by exploiting a series of vulnerabilities to bypass slippage checks and steal roughly $35 million in digital funds. It further said that the threat acThe Hacker News
August 30, 2022 – Attack
World’s largest distributors of books Baker & Taylor hit by ransomware Full Text
Abstract
Baker & Taylor, one of the world's largest distributors of books, revealed that it was hit by a ransomware attack. Baker & Taylor, one of the world's largest distributors of books worldwide, suffered a ransomware attack on August 23. The incident...Security Affairs
August 30, 2022 – Malware
Chrome extensions with 1.4 million installs steal browsing data Full Text
Abstract
Threat analysts at McAfee found five Google Chrome extensions that steal track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times.BleepingComputer
August 30, 2022 – Government
Australia Invests AU$9.9 Billion in Cybersecurity Full Text
Abstract
According to the REDSPICE Blueprint, the purpose of the initiative is to build on Australia’s strong cybersecurity foundation by expanding the range and sophistication of the country’s intelligence and offensive and defensive cyber capabilities.Security Intelligence
August 30, 2022 – Policy and Law
FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones Full Text
Abstract
The U.S. Federal Trade Commission (FTC) on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users by purchasing data from other data brokers to sell to its own clients. "Kochava then sells customized data feeds to its clients to, among other purposes, assist in advertising and analyzing foot traffic at stores or other locations," the FTC said . "Among other categories, Kochava sells timestamped latitude and longitude coordinates showing the location of mobile devices." The company advertises itself as a "real-time data solutions company" and the "largest independent data marketplace for connected devices." It also claims its Kochava Collective data marketplace provides "premium data feeds, audience targeting, and audienceThe Hacker News
August 30, 2022 – Criminals
Crooks are increasingly targeting DeFi platforms to steal cryptocurrency Full Text
Abstract
The U.S. FBI warns investors that crooks are increasingly exploiting security issues in Decentralized Finance (DeFi) platforms to steal cryptocurrency. The U.S. Federal Bureau of Investigation (FBI) published a Public Service Announcement (PSA) to warn...Security Affairs
August 30, 2022 – Vulnerabilities
Google launches open-source software bug bounty program Full Text
Abstract
Google will now pay security researchers to find and report bugs in the latest versions of Google-released open-source software (Google OSS).BleepingComputer
August 30, 2022 – Phishing
First Known Phishing Campaign Against PyPI Full Text
Abstract
The attackers send security-themed emails creating a false sense of urgency. The lure included informing targets that Google is executing a mandatory validation process on all packages.Cyware Alerts - Hacker News
August 29, 2022 – Outage
Pirate sites ban in Austria took down Cloudflare CDNs by mistake Full Text
Abstract
Excessive and indiscriminate blocking is underway in Austria, with internet service providers (ISPs) complying to a court order to block pirate sites causing significant collateral damage.BleepingComputer
August 29, 2022 – Government
FBI: Hackers increasingly exploit DeFi bugs to steal cryptocurrency Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) is warning investors that cyber criminals increasingly exploiting security vulnerabilities in Decentralized Finance (DeFi) platforms to steal cryptocurrency.BleepingComputer
August 29, 2022 – Government
U.S. and Israel Strengthen Cybersecurity Partnership Full Text
Abstract
Treasury and Israel’s Ministry of Finance have maintained a partnership in cybersecurity matters since 2021 through a bilateral task force to help protect the financial sector.Nextgov
August 29, 2022 – Ransomware
New Golang-based ‘Agenda Ransomware’ Can Be Customized For Each Victim Full Text
Abstract
A new ransomware strain written in Golang dubbed " Agenda " has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand. "Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and has multiple modes to run," Trend Micro researchers said in an analysis last week. Qilin, the threat actor advertising the ransomware on the dark web, is said to provide affiliates with options to tailor the binary payloads for each victim, enabling the operators to decide the ransom note, encryption extension, as well as the list of processes and services to terminate before commencing the encryption process. Additionally, the ransomware incorporates techniques for detection evasion by taking advantage of the 'safe mode' feature of a device to proceed with its file encryption routine unnoticed, but not before changing the default user's password and enablThe Hacker News
August 29, 2022 – Policy and Law
US FTC sued US data broker Kochava for selling sensitive and geolocation data Full Text
Abstract
The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. The U.S. Federal Trade Commission (FTC) filed a lawsuit against the US-based data broker Kochava for selling...Security Affairs
August 29, 2022 – Breach
Nelnet Servicing breach exposes data of 2.5M student loan accounts Full Text
Abstract
Nelnet Serving, a Nebraska-based student loan technology services provider, has been breached by unauthorized network intruders who exploited a vulnerability in its systems.BleepingComputer
August 29, 2022 – Vulnerabilities
Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition Full Text
Abstract
Software development and security solutions provider JFrog has disclosed the details of several vulnerabilities affecting the OPC UA protocol, including flaws exploited by its employees at a hacking competition earlier this year.Security Week
August 29, 2022 – Cryptocurrency
Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software Full Text
Abstract
A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz, vice president of research at Check Point, said in a statement shared with The Hacker News. "They can be found by a simple web search, downloaded from a link, and installation is a simple double-click." The list of countries with victims includes the U.K., the U.S., Sri Lanka, Greece, Israel, Germany, Turkey, Cyprus, Australia, Mongolia, and Poland. The campaign entails serving malware through free software hosted on popular sites such as Softpedia and Uptodown. But in an interesting tactic, the malware puts off its execution for weeks and separates its malicious activity from the downloaded fake software to avoid detection. The installation of the infected programThe Hacker News
August 29, 2022 – Breach
Twilio breach let attackers access Authy two-factor accounts of 93 users Full Text
Abstract
Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach, threat actors had access...Security Affairs
August 29, 2022 – Attack
Leading library services firm Baker & Taylor hit by ransomware Full Text
Abstract
Baker & Taylor, which describes itself as the world's largest distributor of books to libraries worldwide, today confirmed it's still working on restoring systems after being hit by ransomware more than a week ago.BleepingComputer
August 29, 2022 – Denial Of Service
Kiwi Farms Goes Offline amid DDoS Attack and Hosting Issues Full Text
Abstract
Kiwi Farms is a website that hosts user-generated content and discussion forums. The site has been accused of doxing, harassment, and cyberbullying. Kiwi Farms has been banned from several social media platforms and domain providers.Hackread
August 29, 2022 – General
A CISO’s Ultimate Security Validation Checklist Full Text
Abstract
If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you're away? More importantly – do you have the right action plan in place for a seamless return? Whether you're on the way out of – or back to – the office, our Security Validation Checklist can help make sure your security posture is in good shape. 1. Check the logs and security events of your key critical systems . Stay up-to-date on recent activities. Check for changes – and attempted changes – and any potential indicators of compromise. Planning to be gone for longer than a week? Designate a team member to perform a weekly review in your absence, reducing the chances of a critical event going undetected. 2. Check for any new security vulnerabilities that were identified on your vacation . Use your preferred scanning tool or check one of the regularly updated databases, such as CVE Details . 3. Investigate failures oThe Hacker News
August 29, 2022 – Malware
Nitrokod crypto miner infected systems across 11 countries since 2019 Full Text
Abstract
Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines...Security Affairs
August 29, 2022 – Malware
Windows malware delays coinminer install by a month to evade detection Full Text
Abstract
A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries.BleepingComputer
August 29, 2022 – Breach
Personal Data of Thai Citizens with COVID Symptoms Exposed Full Text
Abstract
Based on the acquired samples and additional insights related to the security incident, the bad actors were able to gain unauthorized access to the government portal allowing them to manage users and records illegally.Security Affairs
August 29, 2022 – Breach
Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users Full Text
Abstract
Twilio, which earlier this month became a sophisticated phishing attack , disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts. It has since identified and removed the illegitimately added devices from the impacted accounts. Authy, acquired by Twilio in February 2015, allows safeguarding online accounts with a second security layer to prevent account takeover attacks. It's estimated to have nearly 75 million users. Twilio further noted its investigation as of August 24, 2022, turned up 163 affected customers, up from 125 it reported on August 10, whose accounts it said were hacked for a limited period of time. Besides Twilio, the sprawling campaign, dubbed 0ktapus by Group-IB, is believed to have struck 136 companies,The Hacker News
August 29, 2022 – Government
CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited...Security Affairs
August 29, 2022 – Policy and Law
Cloudflare CDN clients caught in Austrian fight against pirate sites Full Text
Abstract
Excessive and indiscriminate blocking is underway in Austria, with internet service providers (ISPs) complying to a court order to block pirate sites causing significant collateral damage.BleepingComputer
August 29, 2022 – Malware
Malware Found In India Supreme Court Snooping Investigation Full Text
Abstract
An investigation into the alleged use of Pegasus spyware on Indian citizens identified malware on five of the 29 volunteers who submitted their devices for forensic examination.Bank Info Security
August 29, 2022 – Government
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful exploitation of the flaw may lead to arbitrary code execution. "Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution," CISA said in an alert. It's worth noting that CVE-2021-38406 was originally disclosed as part of an industrial control systems (ICS) advisory published in September 2021. However, there are no patches that address the vulnerability, with CISA noting that the "impacted product is end-of-life and shoulThe Hacker News
August 29, 2022 – Phishing
Scammers used a deepfake AI hologram of Binance executive to scam crypto projects Full Text
Abstract
Scammers used a deepfake AI hologram of the Binance chief communications officer for fraudulent activities. Patrick Hillmann, chief communications officer of Binance, confirmed that scammers used his Deepfake AI hologram to trick users into online...Security Affairs
August 29, 2022 – Policy and Law
US govt sues Kochava for selling sensitive geolocation data Full Text
Abstract
The U.S. Federal Trade Commission (FTC) announced today that it filed a lawsuit against Idaho-based location data broker Kochava for selling sensitive and precise geolocation data (in meters) collected from hundreds of millions of mobile devices.BleepingComputer
August 29, 2022 – Outage
New Hampshire Lottery Website Experiences Disruptive Cyberattack Full Text
Abstract
Lottery officials announced this cyberattack around 9:30 a.m., though it is unclear when the attack first began. Officials said people visiting the site should not click on any pop-up messages.WMUR
August 29, 2022 – Breach
COVID-19 data put for sale on Dark Web Full Text
Abstract
Researchers discovered leaked PII stolen from Thailand’s Department of Medical Sciences containing information about citizens with COVID-19. Resecurity, a California-based cybersecurity company protecting Fortune 500, has identified leaked PII stolen...Security Affairs
August 29, 2022 – General
Montenegro says Russian cyberattacks threaten key state functions Full Text
Abstract
Members of the government in Montenegro are stating that the country is being hit with sophisticated and persistent cyberattacks that threaten the country's essential infrastructure.BleepingComputer
August 29, 2022 – Attack
Update: U.K. NHS cyberattack causing ‘total chaos’ in hospitals could take a year to recover Full Text
Abstract
It has been 22 days since the outage and Carenotes is yet to be restored. Staff at a Birmingham hospital were told on 17 August that restoration could take a further five weeks.Independent
August 28, 2022 – Breach
Okta one-time MFA passcodes exposed in Twilio cyberattack Full Text
Abstract
The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS to from customers of Okta identity and access management company.BleepingComputer
August 28, 2022 – Ransomware
LockBit ransomware gang gets aggressive with triple-extortion tactic Full Text
Abstract
LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level.BleepingComputer
August 28, 2022 – Privacy
Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit Full Text
Abstract
Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement...Security Affairs
August 28, 2022 – Breach
Twilio breach let hackers see Okta’s one-time MFA passwords Full Text
Abstract
The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS to from customers of Okta identity and access management company.BleepingComputer
August 28, 2022 – Phishing
Experts warn of the first known phishing attack against PyPI Full Text
Abstract
The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates. The Python Package Index, PyPI, this week warned of an ongoing phishing campaign that aims to steal developer credentials...Security Affairs
August 28, 2022 – Solution
DuckDuckGo opens its privacy-focused email service to everyone Full Text
Abstract
DuckDuckGo has opened its 'Email Protection' service to anyone wishing to get their own '@duck.com' email address.BleepingComputer
August 28, 2022 – General
Security Affairs newsletter Round 381 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Twilio...Security Affairs
August 28, 2022 – Ransomware
New Agenda Ransomware appears in the threat landscape Full Text
Abstract
Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that...Security Affairs
August 27, 2022 – Malware
Fake ‘Cthulhu World’ P2E project used to push info-stealing malware Full Text
Abstract
Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.BleepingComputer
August 27, 2022 – Government
CISA: Prepare now for quantum computers, not when hackers use them Full Text
Abstract
Although quantum computing is not commercially available, CISA (Cybersecurity and Infrastructure Security Agency) urges organizations to prepare for the dawn of this new age, which is expected to bring groundbreaking changes in cryptography, and how we protect our secrets.BleepingComputer
August 27, 2022 – Breach
Twilio hackers also breached the food delivery firm DoorDash Full Text
Abstract
Twilio hackers also compromised the food delivery firm DoorDash, the attackers had access to company data, including customer and employee info. On-demand food delivery service DoorDash disclosed a data breach, the threat actors behind the Twilio...Security Affairs
August 27, 2022 – Breach
The number of companies caught up in the Twilio hack keeps growing Full Text
Abstract
Three new companies—authentication service Authy, password manager LastPass, and food delivery service DoorDash—said in recent days that the Twilio compromise led to them being hacked.ARS Technica
August 27, 2022 – Hacker
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations Full Text
Abstract
Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian intelligence apparatus, the Ministry of Intelligence and Security (MOIS). The attacks are notable for using SysAid Server instances unsecured against the Log4Shell flaw as a vector for initial access, marking a departure from the actors' pattern of leveraging VMware applications for breaching target environments. "After gaining access, Mercury establishes persistence, dumps credentials, and moves laterally within the targeted organization using both custom and well-known hacking tools, as well as built-in operating system tools for its hands-on-keyboard attack," Microsoft said . The tech giaThe Hacker News
August 27, 2022 – Attack
Unprecedented cyber attack hit State Infrastructure of Montenegro Full Text
Abstract
The state Infrastructure of Montenegro was hit by a massive and "unprecedented" cyber attack, authorities announced. An unprecedented cyber attack hit the Government digital infrastructure in Montenegro, the government has timely adopted measures...Security Affairs
August 27, 2022 – Vulnerabilities
Atlassian Ships Urgent Patch for Critical Bitbucket Vulnerability Full Text
Abstract
Atlassian’s security response team has issued an urgent advisory to warn of a critical command injection flaw in its Bitbucket Server and Data Center product. The vulnerability carries a CVSS severity score of 9.9 out of 10.Security Week
August 27, 2022 – Vulnerabilities
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center Full Text
Abstract
Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. "An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request," Atlassian said in an advisory. The shortcoming, discovered and reported by security researcher @TheGrandPew impacts all versions of Bitbucket Server and Datacenter released after 6.10.17, inclusive of 7.0.0 and newer - Bitbucket Server and Datacenter 7.6 Bitbucket Server and Datacenter 7.17 Bitbucket Server and Datacenter 7.21 Bitbucket Server and Datacenter 8.0 Bitbucket Server and Datacenter 8.1 Bitbucket Server and Datacenter 8.2, andThe Hacker News
August 27, 2022 – Hacker
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus Full Text
Abstract
Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. Threat actors abused a vulnerable anti-cheat driver, named mhyprot2.sys, for the Genshin Impact video game to disable antivirus software....Security Affairs
August 26, 2022 – Ransomware
The Week in Ransomware - August 26th 2022 - Fighting back Full Text
Abstract
We saw a bit of ransomware drama this week, mostly centered around LockBit, who saw their data leak sites taken down by a DDoS attack after they started leaking the allegedly stolen Entrust data.BleepingComputer
August 26, 2022 – Breach
DoorDash discloses new data breach tied to Twilio hackers Full Text
Abstract
Food delivery firm DoorDash has disclosed a data breach exposing customer and employee data that is linked to the recent cyberattack on Twilio.BleepingComputer
August 26, 2022 – Vulnerabilities
Atlassian Bitbucket Server vulnerable to critical RCE vulnerability Full Text
Abstract
Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that attackers could leverage to execute arbitrary code on vulnerable instances.BleepingComputer
August 26, 2022 – Criminals
Attackers Stole Crypto from Bitcoin ATMs Full Text
Abstract
Hackers abused a zero-day vulnerability in General Bytes Bitcoin ATM servers, allowing them to hijack transactions related to fund withdrawal and deposits. It's not known how many servers were attacked using the flaw and how much cryptocurrency was stolen. The ATM maker has provided steps to perfor ... Read MoreCyware Alerts - Hacker News
August 26, 2022 – Breach
Hackers Breach LastPass Developer System to Steal Source Code Full Text
Abstract
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen. "An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," LastPass CEO Karim Toubba said . Amidst ongoing investigation into the incident, the company said it has engaged the services of a leading cybersecurity and forensics firm and that it has implemented additional countermeasures. LastPass, however, didn't elaborate on the exact mitigation techniques that it used to strengthen its environment. It also reiterated that theThe Hacker News
August 26, 2022 – Vulnerabilities
Critical flaw impacts Atlassian Bitbucket Server and Data Center Full Text
Abstract
Atlassian addressed a critical vulnerability in Bitbucket Server and Data Center that could lead to malicious code execution on vulnerable instances. Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 (CVSS...Security Affairs
August 26, 2022 – Breach
Twilio breach let hackers gain access to Authy 2FA accounts Full Text
Abstract
Twilio's investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices.BleepingComputer
August 26, 2022 – Hacker
Microsoft: Iranian attackers are using Log4Shell to target organizations in Israel Full Text
Abstract
While the threat appears to be targeted exclusively at organizations based in Israel, Microsoft is urging all organizations to check whether SysAid is present on the network and apply the firm's patches for the Log4j flaws.ZDNet
August 26, 2022 – Criminals
Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework Full Text
Abstract
Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. "Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time," Microsoft security experts said . "Sliver thus presents an attractive alternative for actors looking for a lesser-known toolset with a low barrier for entry." Sliver, first made public in late 2019 by cybersecurity company BishopFox, is a Go-based open source C2 platform that supports user-developed extensions, custom implant generation, and other commandeering options. "A C2 framework usually includes a server that accepts connections from implants on a compromised system, and a client application that allows the C2 operators to interact with the implants and launch malicious commands," Microsoft said. Besides facilitating long-term access to infected hosts, the cross-platform kit is also knownThe Hacker News
August 26, 2022 – APT
Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access Full Text
Abstract
An Iran-linked Mercury APT group exploited the Log4Shell vulnerability in SysAid applications for initial access to the targeted organizations. The Log4Shell flaw (CVE-2021-44228) made the headlines in December after Chinese security researcher...Security Affairs
August 26, 2022 – Vulnerabilities
Microsoft: Iranian hackers still exploiting Log4j bugs against Israel Full Text
Abstract
Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software.BleepingComputer
August 26, 2022 – Government
CISA Warns of Vulnerability in Delta Electronics ICS Software Exploited in Attacks Full Text
Abstract
A vulnerability affecting industrial automation software from Delta Electronics appears to have been exploited in attacks, and the US CISA is urging organizations to take action as soon as possible.Security Week
August 26, 2022 – APT
GoldDragon campaign: North-Korea linked Kimsuky APT adopts victim verification technique Full Text
Abstract
The North Korea-linked Kimsuky APT is behind a new campaign, tracked as GoldDragon, targeting political and diplomatic entities in South Korea in early 2022. Researchers from Kaspersky attribute a series of attacks, tracked as GoldDragon, against...Security Affairs
August 26, 2022 – Cryptocurrency
Google Open Sources ‘Paranoid’ Crypto Testing Library Full Text
Abstract
Paranoid contains implementations and optimizations extracted from existing crypto-related literature, which “showed that the generation of these artifacts was flawed in some cases,” Google explains.Security Week
August 26, 2022 – Phishing
0ktapus phishing campaign: Twilio hackers targeted other 136 organizations Full Text
Abstract
The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign...Security Affairs
August 25, 2022 – Hacker
How ‘Kimsuky’ hackers ensure their malware only reach valid targets Full Text
Abstract
The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers.BleepingComputer
August 25, 2022 – Attack
Update: Twilio, Cloudflare Attacked in Campaign That Hit Over 130 Organizations Full Text
Abstract
The attacks disclosed recently by Twilio and Cloudflare were part of a massive phishing campaign that targeted at least 130 other organizations, according to cybersecurity company Group-IB.Security Week
August 25, 2022 – Hacker
Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations Full Text
Abstract
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations." Calling the attacks well designed and executed, the Singapore-headquartered company said the adversary singled out employees of companies that are customers of identity services provider Okta. The modus operandi involved sending targets text messages containing links to phishing sites that impersonated the Okta authentication page of the respective targeted entities. "This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organizations," Group-IB said . "FurtheThe Hacker News
August 25, 2022 – General
Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security Full Text
Abstract
Avoiding “foreign” open-source software appears impossible and is unlikely to improve security.Lawfare
August 25, 2022 – Breach
LastPass data breach: threat actors stole a portion of source code Full Text
Abstract
Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company...Security Affairs
August 25, 2022 – Attack
LastPass developer systems hacked to steal source code Full Text
Abstract
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information.BleepingComputer
August 25, 2022 – General
Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication Full Text
Abstract
The attackers change the bank details so that they receive the payment if the transfer is approved. Researchers say the attackers behind this campaign are attempting to steal millions of dollars in each transaction.ZDNet
August 25, 2022 – Malware
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers Full Text
Abstract
The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates Nobelium's commitment to developing and maintaining purpose-built capabilities. Nobelium is the tech giant's moniker for a cluster of activities that came to light with the sophisticated attack targeting SolarWinds in December 2020, and which overlaps with the Russian nation-state hacking group widely known as APT29 , Cozy Bear, or The Dukes. "Nobelium remains highly active, executing multiple campaigns in parallel targeting government organizations, non-governmental organizations (NGOs), intergovernmental organizations (IGOs), and think tanks across the US, Europe, and Central Asia," Microsoft said . MagicWeb, which shares similarities with another tThe Hacker News
August 25, 2022 – APT
Nobelium APT uses new Post-Compromise malware MagicWeb Full Text
Abstract
Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked...Security Affairs
August 25, 2022 – Hacker
Hackers abuse Genshin Impact anti-cheat system to disable antivirus Full Text
Abstract
Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks.BleepingComputer
August 25, 2022 – Phishing
CFO Spoofed in Convincing Business Email Compromise Scam Full Text
Abstract
The targeted users are presented with a phishing email from the CFO of a major corporation. The CFO asks the recipient of the email to make a payment to an insurance company.Avanan
August 25, 2022 – Government
U.S. Government Spending Billions on Cybersecurity Full Text
Abstract
In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are making their way through the house allocate a staggering $15.6 billion to cybersecurity spending . As you could probably guess, the lion's share of this spending ($11.2 billion) is being allocated to the Department of Defense. It is worth noting, however, that nearly $3 billion is going to the Cyber Security and Infrastructure Security Agency (CISA). Although it may be tempting to think of these cybersecurity budget allocations as just another example of excessive government spending, it's worth considering what a $15.6 billion cash infusion will mean for the IT security industry. It's equally important to consider why the US government finds it necessary to ramp up its cybersecurityThe Hacker News
August 25, 2022 – Attack
GAIROSCOPE attack allows to exfiltrate data from Air-Gapped systems via ultrasonic tones Full Text
Abstract
GAIROSCOPE: An Israeli researcher demonstrated how to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. The popular researcher Mordechai Guri from the Ben-Gurion University of the Negev in Israel devise an attack...Security Affairs
August 25, 2022 – Malware
Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows Full Text
Abstract
Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network.BleepingComputer
August 25, 2022 – Ransomware
New Golang Ransomware Agenda Customizes Attacks Against Organizations in Asia and Africa Full Text
Abstract
Researchers revealed that the new ransomware in question targeted enterprises in Asia and Africa. Based on dark web posts by a user named “Qilin,” and through ransom notes, the ransomware is called “Agenda.”Trend Micro
August 25, 2022 – Attack
Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats Full Text
Abstract
The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022. Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon , with the infection chains leading to the deployment of Windows malware designed to file lists, user keystrokes, and stored web browser login credentials. Included among the potential victims are South Korean university professors, think tank researchers, and government officials. Kimsuky , also known as Black Banshee, Thallium, and Velvet Chollima, is the name given to a prolific North Korean advanced persistent threat (APT) group that targets entities globally, but with a primary focus on South Korea, to gain intelligence on various topics of interest to the regime. Known to be operating since 2012, the group has a history of employing social engineering tactics, spear-phishing, and watering hole attacks to exfThe Hacker News
August 25, 2022 – Hacker
Threat actors are using the Tox P2P messenger as C2 server Full Text
Abstract
Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs...Security Affairs
August 25, 2022 – Phishing
Twilio hackers hit over 130 orgs in massive Okta phishing attack Full Text
Abstract
Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts.BleepingComputer
August 25, 2022 – Vulnerabilities
Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird Full Text
Abstract
Firefox 104 — as well as Firefox ESR 91.13 and 102.2 — patches a high-severity address bar spoofing issue related to XSLT error handling. The flaw, tracked as CVE-2022-38472, could be exploited for phishing.Security Week
August 25, 2022 – Phishing
PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks Full Text
Abstract
The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. "This is the first known phishing attack against PyPI," the maintainers of the official third-party software repository said in a series of tweets. The social engineering attack entails sending security-themed messages that create a false sense of urgency by informing recipients that Google is implementing a mandatory validation process on all packages and that they need to click on a link to complete the validation before September, or risk getting their PyPI modules removed. Should an unsuspecting developer fall for the scheme, users are directed to a lookalike landing page that mimics PyPI's login page and is hosted on Google Sites, from where the entered credentials are captured and abused to unauthorizedly access the accounts and compromise the packages to include malwareThe Hacker News
August 25, 2022 – Hacker
Hackers adopt Sliver toolkit as a Cobalt Strike alternative Full Text
Abstract
Threat actors are dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known. After Brute Ratel, the open-source, cross-platform kit called Sliver is becoming an attractive alternative.BleepingComputer
August 25, 2022 – Breach
This company paid a ransom demand. Hackers leaked its data anyway Full Text
Abstract
Stealing sensitive data has become a common part of ransomware attacks. Criminals leverage it as part of their extortion attempts, threatening to release it if a ransom isn't received.ZDNet
August 25, 2022 – Phishing
PyPI packages hijacked after developers fall for phishing emails Full Text
Abstract
A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.BleepingComputer
August 24, 2022 – Outage
Quantum ransomware attack disrupts govt agency in Dominican Republic Full Text
Abstract
The Dominican Republic's Instituto Agrario Dominicano has suffered a Quantum ransomware attack that encrypted multiple services and workstations throughout the government agency.BleepingComputer
August 24, 2022 – Breach
Employee Data Exposed After North Dakota Phishing Attack Full Text
Abstract
A Workforce Safety & Insurance employee opened a malicious email attachment — an incident that led to cyber attackers accessing personal data on 182 individuals who had been seeking injured employee claims.Government Technology
August 24, 2022 – Cryptocurrency
Crypto Miners Using Tox P2P Messenger as Command and Control Server Full Text
Abstract
Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format (ELF) artifact (" 72client ") that functions as a bot and can run scripts on the compromised host using the Tox protocol. Tox is a serverless protocol for online communications that offers end-to-end encryption (E2EE) protections by making use of the Networking and Cryptography library ( NaCl , pronounced "salt") for encryption and authentication. "The binary found in the wild is a stripped but dynamic executable, making decompilation easier," researchers Siddharth Sharma and Nischay Hedge said . "The entire binary appears to be written in C, and has only statically linked the c-toxcore library." It's worth noting that c-toxcore is a reference implementation ofThe Hacker News
August 24, 2022 – Breach
Plex discloses data breach and urges password reset Full Text
Abstract
The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data...Security Affairs
August 24, 2022 – Vulnerabilities
GitLab ‘strongly recommends’ patching critical RCE vulnerability Full Text
Abstract
GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.BleepingComputer
August 24, 2022 – Breach
Lamoille Health Partners Experiences Ransomware Attack Leading to Data Breach Involving Patient Information Full Text
Abstract
While the breached information varies depending on the individual, it may include name, address, date of birth, Social Security number, health insurance information, and any medical treatment information that was provided to Lamoille Health Partners.JD Supra
August 24, 2022 – Vulnerabilities
Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs Full Text
Abstract
A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards ( NICs ). The approach, codenamed ETHERLED , comes from Dr. Mordechai Guri , the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, who recently outlined GAIROSCOPE , a method for transmitting data ultrasonically to smartphone gyroscopes. "Malware installed on the device could programmatically control the status LED by blinking or alternating its colors, using documented methods or undocumented firmware commands," Dr. Guri said. "Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away." A network interface card, also known as a netwoThe Hacker News
August 24, 2022 – Phishing
AiTM phishing campaign also targets G Suite users Full Text
Abstract
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise...Security Affairs
August 24, 2022 – Attack
RansomEXX claims ransomware attack on Sea-Doo, Ski-Doo maker Full Text
Abstract
The RansomEXX ransomware gang is claiming responsibility for the cyberattack against Bombardier Recreational Products (BRP), disclosed by the company on August 8, 2022.BleepingComputer
August 24, 2022 – Criminals
True crime shows might be the biggest educational tool for cybercrime awareness Full Text
Abstract
Popular cultural depictions of fraud and cybercrime are raising awareness of the dangers posed to personally identifiable information by bad actors, according to a new study.CSO Online
August 24, 2022 – Education
Guide: How Service Providers can Deliver vCISO Services at Scale Full Text
Abstract
From ransomware to breaches, from noncompliance penalties to reputational damage – cyberthreats pose an existential risk to any business. But for SMEs and SMBs, the danger is compounded. These companies realize they need an in-house Chief Information Security Officer (CISO) – someone who can assess risks and vulnerabilities, create and execute a comprehensive cybersecurity plan, ensure compliance and safeguard business continuity. Yet unlike large enterprises, most don't have the budget to bring a full-time experienced CISO on board. To bridge this gap, managed service providers (MSPs), managed security service providers (MSSPs), and consulting firms offer virtual CISO (vCISO), or 'CISO-as-a-service' services. The model is simple: instead of hiring a full-time CISO, SMEs and SMBs pay a subscription or a retainer to gain access to expert cyber assistance in the form of a virtual CISO. Staffed by seasoned veteran executives, vCISOs offer C-level assistance in devising andThe Hacker News
August 24, 2022 – Vulnerabilities
VMware fixed a privilege escalation issue in VMware Tools Full Text
Abstract
VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. The virtualization giant VMware this week released patches to address an important-severity flaw, tracked as CVE-2022-31676, which...Security Affairs
August 24, 2022 – Phishing
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams Full Text
Abstract
A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA.BleepingComputer
August 24, 2022 – Privacy
Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies Full Text
Abstract
The disclosure also alleges that some of the company's senior-most executives have been trying to cover up Twitter's serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence service.CNN Money
August 24, 2022 – Malware
Hackers Using Fake DDoS Protection Pages to Distribute Malware Full Text
Abstract
WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's Ben Martin said in a write-up published last week. Distributed denial-of-service (DDoS) protection pages are essential browser verification checks designed to deter bot-driven unwanted and malicious traffic from eating up bandwidth and taking down websites. The new attack vector involves hijacking WordPress sites to display fake DDoS protection pop-ups that, when clicked, ultimately lead to the download of a malicious ISO file ("security_install.iso") to the victim's systems. This is achieved by injecting three lines of code into a JavaScript file ("jquery.min.js"), or alternatively into the activeThe Hacker News
August 24, 2022 – Attack
France hospital Center Hospitalier Sud Francilien suffered ransomware attack Full Text
Abstract
A French hospital, the Center Hospitalier Sud Francilien (CHSF), suffered a cyberattack on Sunday and was forced to refer patients to other structures. The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered...Security Affairs
August 24, 2022 – General
Highlighting What should be Patched First at the Endpoint Full Text
Abstract
FortiGuard Labs has released its Global Threat Landscape Report for the first half of 2022. This valuable report offers insights on the world's cyberthreats for the first six months of the year by examining the compiled data gathered from Fortinet's global array of sensors.BleepingComputer
August 24, 2022 – General
Cyber is a team sport–here’s how the public and private sectors can play together Full Text
Abstract
For outsiders looking in, it almost looks like the government isn't trying to improve its security posture; however, the reality is that it's difficult for security leaders to keep up with an evolving cyber threat landscape.FCW
August 24, 2022 – Attack
Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users Full Text
Abstract
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. "This campaign specifically targeted chief executives and other senior members of various organizations which use [Google Workspace]," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu detailed in a report published this month. The AiTM phishing attacks are said to have commenced in mid-July 2022, following a similar modus operandi as that of a social engineering campaign designed to siphon users' Microsoft credentials and even bypass multi-factor authentication. The low-volume Gmail AiTM phishing campaign also entails using the compromised emails of chief executives to conduct further social engineering, with the attacks also utilizing several compromised domains as an intermediate URL redirector to take the victims to the final landing page. Attack chaThe Hacker News
August 24, 2022 – Breach
Plex warns users to reset passwords after a data breach Full Text
Abstract
The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases.BleepingComputer
August 24, 2022 – Vulnerabilities
IBM Patches Severe Vulnerabilities in MQ Messaging Middleware Full Text
Abstract
IBM this week announced patches for high-severity vulnerabilities in IBM MQ, warning that attackers could exploit them to bypass security restrictions or access sensitive information.Security Week
August 24, 2022 – Vulnerabilities
GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software Full Text
Abstract
DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884 , the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1. At its core, the security weakness is a case of authenticated remote code execution that can be triggered via the GitHub import API. GitLab credited yvvdwf with discovering and reporting the flaw. While the issue has been resolved in versions 15.3.1, 15.2.3, 15.1.5, users also have the option of securing against the flaw by temporarily disabling the GitHub import option - Click "Menu" -> "Admin" Click "Settings" -> "General" Expand the "Visibility and access controls" tab Under "Import sources"The Hacker News
August 24, 2022 – Malware
Fake Chrome extension ‘Internet Download Manager’ has 200,000 installs Full Text
Abstract
Google Chrome extension 'Internet Download Manager' installed by more than 200,000 users is adware. The extension has been sitting on the Chrome Web Store since at least June 2019, according to the earliest reviews posted by users.BleepingComputer
August 24, 2022 – Ransomware
New ‘BianLian’ Ransomware Variant on the Rise Full Text
Abstract
Attackers using BianLian typically demand unusually high ransoms, and they utilize a unique encryption style that divides the file content into chunks of 10 bytes to evade detection by antivirus products, the researchers said.Dark Reading
August 23, 2022 – Malware
Pirated 3DMark benchmark tool delivering info-stealer malware Full Text
Abstract
Cybersecurity researchers have discovered multiple ongoing malware distribution campaigns that target internet users who seek to download copies of pirated software.BleepingComputer
August 23, 2022 – Vulnerabilities
Java libraries are full of deserialization security bugs Full Text
Abstract
Serialization is used to convert a data object in memory into a series of bytes for storage or transmission. Deserialization reverses that process by turning a data stream back into an object in memory.The Register
August 23, 2022 – Hacker
Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts Full Text
Abstract
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known sample dating back to 2020. The tool was first discovered in December 2021. Charming Kitten, a prolific advanced persistent threat (APT), is believed to be associated with Iran's Islamic Revolutionary Guard Corps (IRGC) and has a history of conducting espionage aligned with the interests of the government. Tracked as APT35, Cobalt Illusion, ITG18, Phosphorus, TA453, and Yellow Garuda, elements of the group have also carried out ransomware attacks, suggesting that the threat actor's motives are both espionage and financially driven. "HYPERSCRAPE requires the victim's accountThe Hacker News
August 23, 2022 – Vulnerabilities
Microsoft publicly discloses details on critical ChromeOS flaw Full Text
Abstract
Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8)....Security Affairs
August 23, 2022 – Vulnerabilities
VMware Carbon Black causing BSOD crashes on Windows Full Text
Abstract
Windows servers and workstations at dozens of organizations started to crash earlier today because of an issue caused by certain versions of VMware's Carbon Black endpoint security solution.BleepingComputer
August 23, 2022 – Outage
French Hospital Center Targeted by Cyberattack, Services Severely Disrupted Full Text
Abstract
This attack makes "for the time being inaccessible all the hospital's business software, the storage systems (in particular medical imaging) and the information system relating to patient admissions," indicated the establishment in a statement.Teller Report
August 23, 2022 – Malware
XCSSET Malware Updates with Python 3 to Target macOS Monterey Users Full Text
Abstract
The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers Phil Stokes and Dinesh Devadoss said in a report. XCSSET, first documented by Trend Micro in 2020, has many moving parts that allow it to harvest sensitive information from Apple Notes, WeChat, Skype, and Telegram; inject malicious JavaScript code into various websites; and dump cookies from Safari web browser. Infection chains entail using a dropper to compromise users' Xcode projects with the backdoor, with the latter also taking steps to evade detection by masquerading as either system software or the Google Chrome web browser application. The primary executable is anThe Hacker News
August 23, 2022 – Vulnerabilities
GitLab fixed a critical Remote Code Execution (RCE) bug in CE and EE releases Full Text
Abstract
DevOps platform GitLab fixed a critical remote code execution flaw in its GitLab Community Edition (CE) and Enterprise Edition (EE) releases. DevOps platform GitLab has released security updates to fix a critical remote code execution vulnerability,...Security Affairs
August 23, 2022 – General
Phishing attacks abusing SaaS platforms see a massive 1,100% growth Full Text
Abstract
Threat actors are increasingly abusing legitimate software-as-a-service (SaaS) platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials.BleepingComputer
August 23, 2022 – Hacker
Iranian UNC3890 Targets Israel’s Key Sectors Full Text
Abstract
An Iranian threat group UNC3890 was found targeting Israeli shipping, government, healthcare, aviation, and energy sectors via watering hole attacks and credential harvesting attacks. Additionally, the researchers have discovered a UNC3890 server loaded with scraped Facebook and Instagram informati ... Read MoreCyware Alerts - Hacker News
August 23, 2022 – Education
The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware Full Text
Abstract
Ransomware is the de facto threat organizations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation. Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for ransomware extortion, a crime that multiple threat actors around the world perpetrate. Something's changed, though. Crypto valuations have dropped, reducing the monetary appeal of ransomware attacks due to organizations mounting a formidable defense against ransomware. Threat actors have been searching for another opportunity – and found one. It's called data exfiltration, or exfil, a type of espionage causing headaches at organizations worldwide. Let's take a look. The threat to reveal confidential information Information exfiltration is rapidly becoming more prevalent. Earlier this year, incidents at NviThe Hacker News
August 23, 2022 – Vulnerabilities
Over 80,000 Hikvision cameras can be easily hacked Full Text
Abstract
Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked...Security Affairs
August 23, 2022 – Attack
French hospital hit by $10M ransomware attack, sends patients elsewhere Full Text
Abstract
The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.BleepingComputer
August 23, 2022 – Phishing
A Tale of PivNoxy and Chinoxy Puppeteer Full Text
Abstract
Recently, a simple and short email with a suspicious RTF attachment was sent to a telecommunications agency in South Asia. The email was disguised as having come from a Pakistan government division and delivered the PivNoxy malware.Fortinet
August 23, 2022 – Hacker
Suspected Iranian Hackers Targeted Several Israeli Organizations for Espionage Full Text
Abstract
A suspected Iranian threat activity cluster has been linked to attacks aimed at Israeli shipping, government, energy, and healthcare organizations as part of an espionage-focused campaign that commenced in late 2020. Cybersecurity firm Mandiant is tracking the group under its uncategorized moniker UNC3890 , which is believed to conduct operations that align with Iranian interests. "The collected data may be leveraged to support various activities, from hack-and-leak, to enabling kinetic warfare attacks like those that have plagued the shipping industry in recent years," the company's Israel Research Team noted . Intrusions mounted by the group lead to the deployment of two proprietary pieces of malware: a "small but efficient" backdoor named SUGARUSH and a browser credential stealer called SUGARDUMP that exfiltrates password information to an email address associated with Gmail, ProtonMail, Yahoo, and Yandex. Also employed is a network of command-and-conThe Hacker News
August 23, 2022 – Government
CISA adds Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
US Cybersecurity and Infrastructure Security Agency (CISA) added a flaw, tracked as CVE-2022-0028, affecting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA)...Security Affairs
August 23, 2022 – Criminals
New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks Full Text
Abstract
A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando.BleepingComputer
August 23, 2022 – Education
Defending against the new ransomware landscape Full Text
Abstract
The endless list of stolen credentials available online means that without basic defenses like multifactor authentication (MFA), organizations are at a disadvantage in combating ransomware’s infiltration routes before the malware deployment stage.Microsoft
August 23, 2022 – Malware
Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business Full Text
Abstract
Experts found backdoors in budget Android device models designed to target WhatsApp and WhatsApp Business messaging apps. Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit...Security Affairs
August 23, 2022 – Breach
ETHERLED: Air-gapped systems leak data via network card LEDs Full Text
Abstract
Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. Dubbed 'ETHERLED', the method turns the blinking lights into Morse code signals that can be decoded by an attacker.BleepingComputer
August 23, 2022 – Breach
Ragnar Locker Ransomware Claims to Breach Greek Natural Gas Operator DESFA Full Text
Abstract
On Saturday, DESFA confirmed that its IT infrastructure was hit by a cyberattack and that it had a “confirmed impact on the availability of some systems and possible leakage of a number of directories and files.”The Record
August 23, 2022 – General
Cryptojackers growing in numbers and sophistication Full Text
Abstract
One of the most abused tools for cryptomining is notepad.exe. Using techniques like process hollowing to inject malicious code into legitimate processes like notepad.exe, the cryptomining malware tries to stay below the radar.Malwarebytes Labs
August 23, 2022 – Denial Of Service
Lockbit leak sites hit by mysterious DDoS attack after Entrust hack Full Text
Abstract
LockBit ransomware gang claims to have hacked the IT giant Entrust and started leaking the stolen files. Entrust Corp., provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access...Security Affairs
August 22, 2022 – Vulnerabilities
Over 80,000 exploitable Hikvision cameras exposed online Full Text
Abstract
Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server.BleepingComputer
August 22, 2022 – General
Many Media Industry Vendors Slow to Patch Critical Vulnerabilities: Study Full Text
Abstract
A cybersecurity analysis of hundreds of media industry vendors showed that many companies are slow to patch critical vulnerabilities, according to MDR and third-party risk management provider BlueVoyant.Security Week
August 22, 2022 – Malware
Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts Full Text
Abstract
Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The trojans, which Doctor Web first came across in July 2022, were discovered in the system partition of at least four different smartphones: P48pro, radmi note 8, Note30u, and Mate40, was "These incidents are united by the fact that the attacked devices were copycats of famous brand-name models," the cybersecurity firm said in a report published today. "Moreover, instead of having one of the latest OS versions installed on them with the corresponding information displayed in the device details (for example, Android 10), they had the long outdated 4.4.2 version." Specifically, the tampering concerns two files "/system/lib/libcutils.so" and "/system/lib/libmtd.so" that are modified in such a manner that when the libcutils.so system library is usThe Hacker News
August 22, 2022 – Government
CISA is warning of high-severity PAN-OS DDoS flaw used in attacks Full Text
Abstract
A recent vulnerability found in Palo Alto Networks' PAN-OS has been added to the catalog of Known Exploitable Vulnerabilities from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).BleepingComputer
August 22, 2022 – Vulnerabilities
Microsoft: How we unearthed a critical flaw in ChromeOS, and how Google fixed it Full Text
Abstract
ChromeOS is considered secure compared to legacy Windows and MacOS, but Microsoft recently discovered a nasty, remotely exploitable bug in ChromeOS's audio server with a severity score of 9.8 out of 10.ZDNet
August 22, 2022 – Vulnerabilities
“As Nasty as Dirty Pipe” — 8 Year Old Linux Kernel Vulnerability Uncovered Full Text
Abstract
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw ( CVE-2022-2588 ) to escalate privileges to the maximum level. "DirtyCred is a kernel exploitation concept that swaps unprivileged kernel credentials with privileged ones to escalate privilege," researchers Zhenpeng Lin, Yuhang Wu, and Xinyu Xing noted. "Instead of overwriting any critical data fields on kernel heap, DirtyCred abuses the heap memory reuse mechanism to get privileged." This entails three steps - Free an in-use unprivileged credential with the vulnerability Allocate privileged credentials in the freed memory slot by triggering a privileged userspace process such as su, mount, or sshd Operate as a privileged user The novel exploitation method, according to the reseaThe Hacker News
August 22, 2022 – Policy and Law
European Cybersecurity in Context: A Policy-Oriented Comparative Analysis Full Text
Abstract
I'm proud to have contributed to the "European Cybersecurity in Context: A Policy-Oriented Comparative Analysis" Worldwide connectivity has unleashed global digitalisation, creating cross-border social networks for communicating and spreading information....Security Affairs
August 22, 2022 – Government
FBI warns of residential proxies used in credential stuffing attacks Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns of a rising trend of cybercriminals using residential proxies to conduct large-scale credential stuffing attacks without being tracked, flagged, or blocked.BleepingComputer
August 22, 2022 – Government
U.S. Cyber Command deploys defensive operators to Croatia to hunt for malicious cyber activity Full Text
Abstract
“This kind of partnership in cybersecurity is essential in today’s world as it expands our reach and capabilities,” said Director of the Croatian Security and Intelligence Agency Daniel Marki?.Help Net Security
August 22, 2022 – Malware
Meet Borat RAT, a New Unique Triple Threat Full Text
Abstract
Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen ? RAT malware typically helps cybercriminals gain complete control of a victim's system, permitting them to access network resources, files, and power to toggle the mouse and keyboard. Borat RAT malware goes beyond the standard features and enables threat actors to deploy ransomware and DDoS attacks . It also increases the number of threat actors who can launch attacks, sometimes appealing to the lowest common denominator. The added functionality of carrying out DDoS attacks makes it insidious and a risk to today's digital organizations. Ransomware has been the most common top attack type for over three years . According to an IBM report, REvil was the most common ransomware strain, consisting of about 37% of all ransomware attacks. Borat RAT is a uniqueThe Hacker News
August 22, 2022 – Vulnerabilities
8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe Full Text
Abstract
Researchers shared details of an eight-year-old flaw dubbed DirtyCred, defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University (Zhenpeng Lin | PhD Student,Yuhang Wu | PhD Student, Xinyu Xing | Associate...Security Affairs
August 22, 2022 – Breach
Misconfigured Meta Pixel exposed healthcare data of 1.3M patients Full Text
Abstract
U.S. healthcare provider Novant Health has disclosed a data breach impacting 1,362,296 individuals who have had their sensitive information mistakenly collected by the Meta Pixel ad tracking script.BleepingComputer
August 22, 2022 – Breach
Luxury Textile Company Sferra Discloses Data Breach Affecting Employee Information Full Text
Abstract
Founded in 1891, Sferra designs and sells Italian-made luxury linen products, including luxury sheets, table linens, and bedding collections, as well as decorative home accessories.Security Week
August 22, 2022 – Vulnerabilities
RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering Full Text
Abstract
Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems ( RTLS ), enabling threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location data. "The zero-days found specifically pose a security risk for workers in industrial environments," cybersecurity firm Nozomi Networks disclosed in a technical write-up last week. "If a threat actor exploits these vulnerabilities, they have the ability to tamper with safety zones designated by RTLS to protect workers in hazardous areas." RTLS is used to automatically identify and track the location of objects or people in real-time, usually within a confined indoor area. This is achieved by making use of tags that are attached to assets, which broadcast USB signals to fixed reference points called anchors that then determine their location. But flaws identified in RTLS solutions – Sewio Indoor Tracking RTLS UWB Wi-Fi Kit and Avalue Renity ArThe Hacker News
August 22, 2022 – Policy and Law
Group-IB CEO will remain in jail – complaint denied Full Text
Abstract
On August 18, a Russian judge decided that Ilya Sachkov, founder and CEO of the Russian-led Group-IB, will remain in jail. Ilya Sachkov, founder and CEO of the Russian-led Group-IB will remain in jail following the judge’s decision on August 18th...Security Affairs
August 22, 2022 – Breach
Greek natural gas operator suffers ransomware-related data breach Full Text
Abstract
Greece's largest natural gas distributor DESFA confirmed on Saturday that they suffered a limited scope data breach and IT system outage following a cyberattack.BleepingComputer
August 22, 2022 – Business
TXOne Networks Scores $70M Series B Investment Full Text
Abstract
The company offers security gateways, endpoint agents, and network segmentation solutions designed to help organizations secure, control, and monitor equipment and operational technology (OT).Security Week
August 22, 2022 – Malware
Escanor Malware delivered in Weaponized Microsoft Office Documents Full Text
Abstract
Researchers spotted a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool)...Security Affairs
August 22, 2022 – Denial Of Service
LockBit ransomware blames Entrust for DDoS attacks on leak sites Full Text
Abstract
The LockBit ransomware operation's data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust's allegedly stolen data.BleepingComputer
August 22, 2022 – Malware
Escanor malware delivered in weaponized Microsoft Office documents Full Text
Abstract
The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to weaponize Microsoft Office and Adobe PDF documents to deliver malicious code.Help Net Security
August 22, 2022 – Malware
Donot Team cyberespionage group updates its Windows malware framework Full Text
Abstract
The Donot Team threat actor, aka APT-C-35, has added new capabilities to its Jaca Windows malware framework. The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies...Security Affairs
August 22, 2022 – Phishing
PayPal Phishing Scam Uses Invoices Sent Via PayPal – Krebs on Security Full Text
Abstract
While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. For starters, all of the links in the email lead to paypal.com.Krebs on Security
August 22, 2022 – Malware
Disk wiping malware knows no borders Full Text
Abstract
Fortinet announced the latest semiannual FortiGuard Labs Global Threat Landscape Report which revealed that ransomware threat continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS).Help Net Security
August 21, 2022 – Criminals
Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability Full Text
Abstract
Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user," the company said in an advisory last week. "This vulnerability has been present in CAS software since version 2020-12-08." It's not immediately clear how many servers were breached using this flaw and how much cryptocurrency was stolen. CAS is short for Crypto Application Server , a self-hosted product from General Bytes that enables companies to manage Bitcoin ATM ( BATM ) machines from a central location via a web browser on a desktop or a mobile device. The zero-day flaw, which concerned a bug in the CAS admin interface, has been mitigated in two server pThe Hacker News
August 21, 2022 – Education
An encrypted ZIP file can have two correct passwords — here’s why Full Text
Abstract
Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malware (phishing "invoices" in emails). But, did you know it is possible for an encrypted ZIP file to have two correct passwords, with both producing the same outcome on extraction?BleepingComputer
August 21, 2022 – Phishing
Fake DDoS protection pages on compromised WordPress sites lead to malware infections Full Text
Abstract
Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. Recently...Security Affairs
August 21, 2022 – Hacker
Hackers target hotel and travel companies with fake reservations Full Text
Abstract
A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space.BleepingComputer
August 21, 2022 – Criminals
Threat actors are stealing funds from General Bytes Bitcoin ATM Full Text
Abstract
Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers. Threat actors have exploited a zero-day flaw in General Bytes Bitcoin ATM servers that allowed them to hijack transactions...Security Affairs
August 21, 2022 – Malware
Grandoreiro banking malware targets Mexico and Spain Full Text
Abstract
A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico...Security Affairs
August 21, 2022 – Hacker
White hat hackers broadcasted talks and hacker movies through a decommissioned satellite Full Text
Abstract
Hackers took control of a decommissioned satellite and broadcasted hacking conference talks and hacker movies. During the latest edition of the DEF CON hacking conference held in Las Vegas, the group of white hat hackers Shadytel demonstrated how to take...Security Affairs
August 20, 2022 – Attack
New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers Full Text
Abstract
Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute 'Grandoreiro,' a prolific banking trojan that has been active since at least 2016, and that specifically targets users in Latin America," Zscaler said in a report. The ongoing attacks, which commenced in June 2022, have been observed to target automotive, civil and industrial construction, logistics, and machinery sectors via multiple infection chains in Mexico and chemicals manufacturing industries in Spain. Attack chains entail leveraging spear-phishing emails written in Spanish to trick potential victims into clicking on an embedded link that retrieves a ZIP archiveThe Hacker News
August 20, 2022 – Education
Become a Cybersecurity Expert with 18 New Online Courses @ 98% OFF Full Text
Abstract
With more data stored in the cloud than ever before, now is a good time to get into cybersecurity . Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white hat hacking? Enter the All-In-One 2022 Super-Sized Ethical Hacking Bundle . This collection of 18 courses provides the perfect launchpad for your new career, and readers of The Hacker News can currently grab it at a massive discount. Reader Offer — This collection of 18 courses is worth $3,284. But for a limited time, you can get lifetime access to all the training for only $42.99 ! Knowledge is everything in the world of cybersecurity. The more skills you acquire, the more doors will open within the industry. This bundle helps you fill your résumé, with 1,686 individual tutorials covering a wide range of topics. You don't need any technical background in order to take the courseThe Hacker News
August 20, 2022 – Cryptocurrency
Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug Full Text
Abstract
Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers.BleepingComputer
August 20, 2022 – Government
CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. The issue in question is CVE-2022-22536 , which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch Tuesday updates for February 2022. Described as an HTTP request smuggling vulnerability, the shortcoming impacts the following product versions - SAP Web Dispatcher (Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87) SAP Content Server (Version - 7.53) SAP NetWeaver and ABAP Platform (Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49) "An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victimThe Hacker News
August 20, 2022 – Breach
WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware Full Text
Abstract
WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.BleepingComputer
August 20, 2022 – General
Russia’s ‘Oculus’ to use AI to scan sites for banned information Full Text
Abstract
Russia's internet watchdog Roskomnadzor is developing a neural network that will use artificial intelligence to scan websites for prohibited information.BleepingComputer
August 20, 2022 – General
Security Affairs newsletter Round 380 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. CISA...Security Affairs
August 20, 2022 – Government
CISA added 7 new flaws to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added seven new flaws to its Known Exploited...Security Affairs
August 20, 2022 – Criminals
TA558 cybercrime group targets hospitality and travel orgs Full Text
Abstract
TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting...Security Affairs
August 20, 2022 – Criminals
Crypto hackers have stolen nearly $2 billion this year—Here’s why it’s a growing problem Full Text
Abstract
As per a report by Chainalysis, cybercriminals have already stolen nearly $2 billion worth of cryptocurrency in 2022 which is a spike of nearly 60% compared to a year ago.CNBC
August 20, 2022 – Hacker
North Korean hacker group Lazarus targeting Mac users with fake job ads Full Text
Abstract
The malware in the messages uses three files to compromise computers — a decoy PDF to make users think they've downloaded a legitimate attachment, a fake "font updater" app, and a downloader labeled "safarifontagent”.Independent
August 20, 2022 – Government
FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks Full Text
Abstract
The Federal Bureau of Investigation (FBI) has raised an alarm for cybercriminals using proxies and configurations to hide and automate credential stuffing attacks against companies in the United States.Security Week
August 20, 2022 – Attack
Whitworth University Still Recovering from Ransomware Attack Full Text
Abstract
Whitworth University is taking steps to shore up its cyber defenses following a reported ransomware attack that has left the university's network crippled since late last month.Government Technology
August 20, 2022 – Privacy
TikTok Browser Can Track Users’ Keystrokes, According to New Research Full Text
Abstract
The web browser used within the TikTok app can track every keystroke made by its users, according to new research that is surfacing as the Chinese-owned video app grapples with U.S. lawmakers’ concerns over its data practices.New York Times
August 19, 2022 – Ransomware
The Week in Ransomware - August 19th 2022 - Evolving extortion tactics Full Text
Abstract
Bringing you the latest ransomware news, including new research, tactics, and cyberattacks. We also saw the return of the BlackByte ransomware operation, who has started to use new extortion tactics.BleepingComputer
August 19, 2022 – Hacker
DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities Full Text
Abstract
The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold Osipov disclosed in a report published last week. Also known as APT-C-35 and Viceroy Tiger, the Donot Team is known for setting its sights on defense, diplomatic, government, and military entities in India, Pakistan, Sri Lanka, and Bangladesh, among others at least since 2016. Evidence unearthed by Amnesty International in October 2021 connected the group's attack infrastructure to an Indian cybersecurity company called Innefu Labs. Spear-phishing campaigns containing malicious Microsoft Office documents are the preferred delivery pathway for malware, followed by taking advantage of mThe Hacker News
August 19, 2022 – APT
Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users Full Text
Abstract
Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported that the Russia-linked Cozy Bear cyberespionage group (aka APT29, CozyDuke, and Nobelium),...Security Affairs
August 19, 2022 – Malware
241 npm and PyPI packages caught dropping Linux cryptominers Full Text
Abstract
More than 200 malicious packages were discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.BleepingComputer
August 19, 2022 – Criminals
Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations Full Text
Abstract
A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018, this group has used consistent tactics, techniques, and procedures to attempt to install a variety of malware including Loda RAT, Vjw0rm, and Revenge RAT," the company's threat research team said in a new report. The group has been operational at a higher tempo in 2022 than usual, with intrusions mainly geared towards Portuguese and Spanish speakers in Latin America, and to a lesser extent in Western Europe and North America. Phishing campaigns mounted by the group involve sending malicious spam messages with reservation-themed lures such as hotel bookings that contThe Hacker News
August 19, 2022 – Government
CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
US CISA added a critical SAP flaw to its Known Exploited Vulnerabilities Catalog after its details were disclosed at the Black Hat and Def Con conferences. The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability,...Security Affairs
August 19, 2022 – Malware
Grandoreiro banking malware targets manufacturers in Spain, Mexico Full Text
Abstract
The notorious 'Grandoreiro' banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico.BleepingComputer
August 19, 2022 – Denial Of Service
Google Cloud Blocks Record DDoS attack of 46 Million Requests Per Second Full Text
Abstract
Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service (DDoS) attacks which peaked at 46 million requests per second (RPS), making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this June. "To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds," Google Cloud's Emil Kiner and Satya Konduru said . It's said to have started around 9:45 a.m. PT with 10,000 RPS, before growing to 100,000 RPS eight minutes later and further ramping up within two minutes to hit a high of 46 million RPS at 10:18 a.m. PT. In all, the DDoS assault lasted for a total of 69 minutes. Google said that the unexpectedly high volume of traffic originated from 5The Hacker News
August 19, 2022 – Vulnerabilities
A flaw in Amazon Ring could expose user’s camera recordings Full Text
Abstract
Amazon addressed a high-severity flaw in its Ring app for Android that could have exposed sensitive information and camera recordings. In May, Amazon fixed a high-severity vulnerability in its Ring app for Android that could have allowed a malicious...Security Affairs
August 19, 2022 – Solution
New tool checks if a mobile app’s browser is a privacy risk Full Text
Abstract
A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.BleepingComputer
August 19, 2022 – Privacy
New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings Full Text
Abstract
Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm systems. Amazon acquired the doorbell maker for about $1 billion in 2018. Application security firm Checkmarx explained it identified a cross-site scripting (XSS) flaw that it said could be weaponized as part of an attack chain to trick victims into installing a malicious app. The app can then be used to get hold of the user's Authorization Token, that can be subsequently leveraged to extract the session cookie by sending this information alongside the device's hardware ID, which is also encoded in the token, to the endpoint "ring[.]com/mobile/authorize." Armed with thThe Hacker News
August 19, 2022 – Vulnerabilities
Cisco fixes High-Severity bug in Secure Web Appliance Full Text
Abstract
Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection...Security Affairs
August 19, 2022 – Government
CISA adds 7 vulnerabilities to list of bugs exploited by hackers Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of bugs actively exploited by hackers, with the new flaws disclosed by Apple. Microsoft, SAP, and Google.BleepingComputer
August 19, 2022 – Attack
Bumblebee attacks, from initial access to the compromise of Active Directory Services Full Text
Abstract
Threat actors are using the Bumblebee loader to compromise Active Directory services as part of post-exploitation activities. The Cybereason Global Security Operations Center (GSOC) Team analyzed a cyberattack that involved the Bumblebee...Security Affairs
August 19, 2022 – APT
Russian APT29 hackers abuse Azure services to hack Microsoft 365 users Full Text
Abstract
The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information.BleepingComputer
August 19, 2022 – Attack
SAP Vulnerability Exploited in Attacks After Details Disclosed at Hacker Conferences Full Text
Abstract
The SAP vulnerability added to CISA’s list, tracked as CVE-2022-22536, was patched by the vendor in February in NetWeaver Application Server ABAP, NetWeaver Application Server Java, ABAP Platform, Content Server 7.53 and Web Dispatcher.Security Week
August 19, 2022 – Attack
Estonia blocked cyberattacks claimed by Pro-Russia Killnet group Full Text
Abstract
Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced...Security Affairs
August 19, 2022 – Solution
Spyware Hunters Are Expanding Their Toolset Full Text
Abstract
The researchers specifically announced new detection algorithms based on their findings for the open source memory forensics framework Volatility. Memory forensics was very different five or six years ago.Wired
August 19, 2022 – Government
S. Korea, US Agree to Upgrade Cyber Cooperation, Regularize Cyber Exercises Full Text
Abstract
Both sides discussed recent cyber threats, countermeasures and ways to develop cyber cooperation between Seoul and Washington. The cyber commands also signed a memorandum of understanding on “cooperation and development in cyberspace operations.Korea Herald
August 18, 2022 – Vulnerabilities
Google Patches Chrome’s Fifth Zero-Day of the Year Full Text
Abstract
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.Threatpost
August 18, 2022 – Attack
LockBit claims ransomware attack on security giant Entrust Full Text
Abstract
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.BleepingComputer
August 18, 2022 – Attack
Russian Cyber Attacks on Ukraine driven by Government Groups Full Text
Abstract
Russia's nation-state crews have been breaking into Ukrainian networks and attempting to disrupt or even destroy vulnerable systems. A bevy of attacks and malware samples can all be tied back to Kremlin-backed hacking groups.Tech Target
August 18, 2022 – Malware
Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware Full Text
Abstract
A .NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015 . "It can also deliver 'add-on packages' such as additional malicious payloads, benign decoy documents, and executables," cybersecurity firm Secureworks said in a Wednesday report. "It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging." Malware delivered by the crypter includes information steakers and remote access trojans (RATs) such as Agent Tesla, AsyncRat, NanoCore, and RedLine Stealer. "DarkTortilla has versatility that similar malware does not," the researchers noted. Crypters are software tools that use a combination of encryption, obfuscation, and code manipulation of malware so as to bypass detection by security solutions. The delivery of DarkTortilThe Hacker News
August 18, 2022 – Vulnerabilities
Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild Full Text
Abstract
Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893....Security Affairs
August 18, 2022 – Vulnerabilities
Apple releases Safari 15.6.1 to fix zero-day bug used in attacks Full Text
Abstract
Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs.BleepingComputer
August 18, 2022 – General
81% of Malware Seen on USB Drives in Industrial Facilities Can Disrupt ICS: Honeywell Full Text
Abstract
The percentage of industrial-specific malware has increased to 32%, from 30% in the 2021 report and 11% in the 2020 report. The percentage of malware designed to propagate over USB or to specifically exploit USB for infection has also increased.Security Week
August 18, 2022 – APT
China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year Full Text
Abstract
The Chinese advanced persistent threat (APT) actor tracked as Winnti (aka APT41) has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. "The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and aviation," cybersecurity firm Group-IB said in a report shared with The Hacker News. This also included the attack on Air India that came to light in June 2021 as part of a campaign codenamed ColunmTK . The other three campaigns have been assigned the monikers DelayLinkTK, Mute-Pond, and Gentle-Voice based on the domain names used in the attacks. APT41, also known as Barium, Bronze Atlas, Double Dragon, Wicked Panda, or Winnti, is a prolific Chinese cyber threat group that's known to carry out state-sponsored espionage activity in parallel with financially motivated operatiThe Hacker News
August 18, 2022 – Denial Of Service
Google blocked the largest Layer 7 DDoS reported to date Full Text
Abstract
Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google announced to have blocked the largest ever HTTPs DDoS attack that hit one of its Cloud Armor customers. The IT giant revealed...Security Affairs
August 18, 2022 – Malware
Android malware apps with 2 million installs found on Google Play Full Text
Abstract
A new batch of thirty-five Android malware apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims' mobile devices.BleepingComputer
August 18, 2022 – APT
APT41 Group: 4 Malicious Campaigns, 13 Victims, New Tools and Techniques Full Text
Abstract
Group-IB researchers emphasize that the group usually used certain servers exclusively to host the Cobalt Strike framework, while they exploited others only for active scanning through Acunetix.Help Net Security
August 18, 2022 – Hacker
Hackers Using Bumblebee Loader to Compromise Active Directory Services Full Text
Abstract
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up. Bumblebee first came to light in March 2022 when Google's Threat Analysis Group (TAG) unmasked the activities of an initial access broker dubbed Exotic Lily with ties to the TrickBot and the larger Conti collectives. Typically delivered via initial access acquired through spear-phishing campaigns, the modus operandi has since been tweaked by eschewing macro-laced documents in favor of ISO and LNK files, primarily in response to Microsoft's decision to block macros by default . "Distribution of the malware is doneThe Hacker News
August 18, 2022 – Ransomware
BlackByte ransomware v2 is out with new extortion novelties Full Text
Abstract
A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones. BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data...Security Affairs
August 18, 2022 – Vulnerabilities
Janet Jackson’s music video is now a vulnerability for crashing hard disks Full Text
Abstract
Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers.BleepingComputer
August 18, 2022 – General
The Majority of Americans Have Been Targeted by Online Scammers Full Text
Abstract
The best way to avoid falling for a rental scam is to use the smell test: If it smells fishy, it’s probably fishy. Clues like weird grammar, refusing to talk on the phone, and unnecessary demand for money should be seen as suspicious attempts.Avast
August 18, 2022 – Education
Penetration Testing or Vulnerability Scanning? What’s the Difference? Full Text
Abstract
Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an actual hacker would. However, there is a very important distinction between the two - and when each is the better option. Manual or automated? Penetration testing is a manual security assessment where cyber security professional attempts to find a way to break into your systems. It's a hands-on, in-depth test to evaluate security controls across a variety of systems, including web application, network and cloud environments. This kind of testing could take several weeks to complete, and due to its complexity and cost, is commonly carried out once a year. Vulnerability scanning,The Hacker News
August 18, 2022 – Vulnerabilities
Apple fixed two new zero-day flaws exploited by threat actors Full Text
Abstract
Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited...Security Affairs
August 18, 2022 – Denial Of Service
Google blocks largest HTTPS DDoS attack ‘reported to date’ Full Text
Abstract
A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind.BleepingComputer
August 18, 2022 – Criminals
Fugitive Arrested After 3 Years on Charges Related to BEC Scheme Full Text
Abstract
Using the illegally obtained personal information, conspirators would obtain counterfeit checks on behalf of their victims, along with details on the victims’ bank accounts.Security Week
August 18, 2022 – Vulnerabilities
PoC exploit code for critical Realtek RCE flaw released online Full Text
Abstract
Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking...Security Affairs
August 18, 2022 – APT
Winnti hackers split Cobalt Strike into 154 pieces to evade detection Full Text
Abstract
The Chinese Winnti hacking group, also known as 'APT41' or 'Wicked Spider,' targeted at least 80 organizations last year and successfully breached the networks of at least thirteen.BleepingComputer
August 18, 2022 – General
NOAA Evaluating Multi-factor Authentication for Apps and Devices Full Text
Abstract
NOAA is exploring multi-factor authentication beyond its network as it looks to strengthen cybersecurity in accordance with the federal zero trust strategy, according to its chief information officer.Fed Scoop
August 18, 2022 – Vulnerabilities
Amazon fixes Ring Android app flaw exposing camera recordings Full Text
Abstract
Amazon has fixed a high-severity vulnerability in the Amazon Ring app for Android that could have allowed hackers to download customers' saved camera recordings.BleepingComputer
August 17, 2022 – Vulnerabilities
Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities Full Text
Abstract
Apple on Wednesday released security updates for iOS, iPadOS , and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An out-of-bounds issue in the operating system's Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges Apple said it addressed both the issues with improved bounds checking, adding it's aware the vulnerabilities "may have been actively exploited." The company did not disclose any additional information regarding these attacks or the identities of the threat actors perpetrating them, although it's likely that they were abused as part of highly-targeted intrusions. The latest update brings the total number of zero-daysThe Hacker News
August 17, 2022 – Vulnerabilities
Apple security updates fix 2 zero-days used to hack iPhones, Macs Full Text
Abstract
Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.BleepingComputer
August 17, 2022 – Vulnerabilities
Security Analysis Leads to Discovery of Vulnerabilities in 18 Electron Applications Full Text
Abstract
The research project targeting Electron apps has been dubbed ElectroVolt and the findings were presented last week at the Black Hat conference. Nearly all of the exploits, many of which involve chaining several flaws, can lead to RCE attacks.Security Week
August 17, 2022 – Criminals
Cybercriminals Developing BugDrop Malware to Bypass Android Security Features Full Text
Abstract
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals to perform On-Device Fraud on victim's devices," ThreatFabric's Han Sahin said in a statement shared with The Hacker News. Dubbed BugDrop by the Dutch security firm, the dropper app is explicitly designed to defeat new features introduced in the upcoming version of Android that aim to make it difficult for malware to request Accessibility Services privileges from victims. ThreatFabric attributed the dropper to a cybercriminal group known as "Hadoken Security," which is also behind the creation and distribution of the Xenomorph and Gymdrop Android malwaThe Hacker News
August 17, 2022 – APT
China-linked RedAlpha behind multi-year credential theft campaign Full Text
Abstract
A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor...Security Affairs
August 17, 2022 – Criminals
BlackByte ransomware gang is back with new extortion tactics Full Text
Abstract
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit.BleepingComputer
August 17, 2022 – Attack
RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Critical Entities Globally Full Text
Abstract
Chinese state-sponsored threat activity group RedAlpha has been registering and weaponizing hundreds of domains spoofing global organizations to target government organizations and think tanks globally.Recorded Future
August 17, 2022 – Vulnerabilities
New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild Full Text
Abstract
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856 , the issue has been described as a case of insufficient validation of untrusted input in Intents . Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022. As is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. "Google is aware that an exploit for CVE-2022-2856 exists in the wild," it acknowledged in a terse statement. The latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads. The development marks the fifth zero-day vulnerabThe Hacker News
August 17, 2022 – Malware
Bugdrop dropper includes features to circumvent Google’s security Controls Full Text
Abstract
Researchers have discovered a previously undocumented Android dropper, dubbed BugDrop, that's still under development. Recently, researchers from ThreatFabric discovered a previously undetected Android dropper, dubbed BugDrop, which is under active...Security Affairs
August 17, 2022 – Attack
North Korean hackers use signed macOS malware to target IT job seekers Full Text
Abstract
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.BleepingComputer
August 17, 2022 – Insider Threat
Microsoft Employees Exposed Own Company’s Internal Logins Full Text
Abstract
Microsoft refused to elaborate on what systems the credentials were protecting when asked multiple times by Motherboard. But generally speaking, an attacker may have an opportunity to move on to gain initial access to an internal system.Vice
August 17, 2022 – Hacker
Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers Full Text
Abstract
A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future disclosed in a new report. A lesser-known threat actor, RedAlpha was first documented by Citizen Lab in January 2018 and has a history of conducting cyber espionage and surveillance operations directed against the Tibetan community, some in India, to facilitate intelligence collection through the deployment of the NjRAT backdoor . "The campaigns [...] combine light reconnaissance, selective targeting, and diverse malicious tooling," Recorded Future noted at the time. Since then, malicious activities undertaken by the group have involved weaponizing as many as 350 domains that spoof legThe Hacker News
August 17, 2022 – Vulnerabilities
Google fixed a new Chrome Zero-Day actively exploited in the wild Full Text
Abstract
Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including...Security Affairs
August 17, 2022 – Malware
Malicious PyPi packages turn Discord into password-stealing malware Full Text
Abstract
A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox.BleepingComputer
August 17, 2022 – Phishing
Iranian Group Targeting Israeli Shipping and Other Key Sectors Full Text
Abstract
One possible phishing lure used by the attackers is likely to have been a .xls file disguised as a job offer but designed to install Sugardump – one of two unique tools being used by the threat group.Security Week
August 17, 2022 – Education
Lean Security 101: 3 Tips for Building Your Framework Full Text
Abstract
Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it's hard to keep track. Until…they infiltrate your system. But you know what's even more overwhelming than rampant cybercrime? Building your organization's security framework. CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and control to a tee, you still couldn't keep your company from getting caught up in the next SolarWinds. Because textbook security and check-the-box compliance won't cut it. You've got to be strategic ( especially when manpower is limited! ). And lean. Learn the ropes now. 3 Pro Tips for Building Your Lean Security Framework Without a framework in place, you're either navigating the cyber-risk universe with blinders on — or buried so deep in false positives you couldn't spot a complex attack until it's already laterally advancing. But why build your secuThe Hacker News
August 17, 2022 – APT
North Korea-linked APT targets Job Seekers with macOS malware Full Text
Abstract
The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as "Operation In(ter)ception," that has been...Security Affairs
August 17, 2022 – Malware
Malware devs already bypassed Android 13’s new security feature Full Text
Abstract
Android malware developers are already adjusting their tactics to bypass a new 'Restricted settings' security feature introduced by Google in the newly released Android 13.BleepingComputer
August 17, 2022 – Education
Top Five Patch Management & Process Best Practices Full Text
Abstract
What does a successful patch management strategy look like? It starts with a risk-based approach to stay up-to-date with new vulnerabilities while preventing bottlenecks in security workflows.Trend Micro
August 17, 2022 – Malware
Malicious Browser Extensions Targeted Over a Million Users So Far This Year Full Text
Abstract
More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company said . As many as 1,311,557 users fall under this category in the first half of 2022, per Kaspersky's telemetry data. In comparison, the number of such users peaked in 2020 at 3,660,236, followed by 1,823,263 unique users in 2021. The most prevalent threat is a family of adware called WebSearch, which masquerade as PDF viewers and other utilities, and comes with capabilities to collect and analyze search queries and redirect users to affiliate links. WebSearch is also notable for modifying the browser's start page, which contains a search engine and a number of links to third-party sourThe Hacker News
August 17, 2022 – Vulnerabilities
ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data Full Text
Abstract
Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak (CVE-2022-21233) is the first architecturally CPU bug that could lead...Security Affairs
August 17, 2022 – Vulnerabilities
Google fixes fifth Chrome zero-day bug exploited this year Full Text
Abstract
Google has released a security update for Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited in the wild.BleepingComputer
August 17, 2022 – Vulnerabilities
Zoom fixed two flaws in macOS App that were disclosed at DEF CON Full Text
Abstract
Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference....Security Affairs
August 16, 2022 – Hacker
North Korea Hackers Spotted Targeting Job Seekers with macOS Malware Full Text
Abstract
The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed " Operation In(ter)ception " that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into opening decoy job offer documents. The latest attack is no different in that a job description for the Coinbase cryptocurrency exchange platform was used as a launchpad to drop a signed Mach-O executable. ESET's analysis comes from a sample of the binary that was uploaded to VirusTotal from Brazil on August 11, 2022. "Malware is compiled for both Intel and Apple Silicon," the company said in a series of tweets. "It drops three files: a decoy PDF document ' Coinbase_online_careers_2022_07.pdf ', a bundle 'FinderFontsUpdater.app ,' and a downloaThe Hacker News
August 16, 2022 – General
RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers Full Text
Abstract
RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI . To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022. "Users in this category who do not have MFA enabled on the UI and API or UI and gem sign-in level will not be able to edit their profile on the web, perform privileged actions (i.e. push and yank gems, or add and remove gem owners), or sign in on the command line until they configure MFA," RubyGems noted . What's more, gem maintainers who cross 165 million cumulative downloads are expected to receive reminders to turn on MFA until the download count touches the 180 million thresholds, at which point it will be made mandatory. The development is seen as an attempt by package ecosystems to bolster the software supply chainThe Hacker News
August 16, 2022 – Vulnerabilities
Exploit out for critical Realtek flaw affecting many networking devices Full Text
Abstract
Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC), which are estimated to be in the millions.BleepingComputer
August 16, 2022 – Vulnerabilities
Users of Zoom on Macs Told to Update App as Company Issues Security Fix Full Text
Abstract
Zoom disclosed the details about the sensitive security gaps that were affecting both the standard and IT admin versions of the application. The bugs could be exploited in Zoom’s update process.The Guardian
August 16, 2022 – Vulnerabilities
ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors Full Text
Abstract
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak , the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution attacks like Meltdown and Spectre , ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel," the academics said. The study was conducted by researchers from the Sapienza University of Rome, the Graz University of Technology, Amazon Web Services, and the CISPA Helmholtz Center for Information Security. The vulnerability ( CVE-2022-21233 , CVSS score: 6.0), which affects CPUs with Sunny Cover microarchitecture, is rooted in a component called Advanced Programmable Interrupt Controller ( APIC ), whThe Hacker News
August 16, 2022 – Criminals
Clop gang targeted UK drinking water supplier South Staffordshire Water Full Text
Abstract
A cyber attack disrupted the IT operations of South Staffordshire Water, a company supplying drinking water to 1.6M consumers daily. South Staffordshire Water has issued a statement confirming the security breach, the company pointed out that the attack...Security Affairs
August 16, 2022 – Vulnerabilities
RTLS systems vulnerable to MiTM attacks, location manipulation Full Text
Abstract
Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data.BleepingComputer
August 16, 2022 – Vulnerabilities
Secure Boot Bypass Flaws Affect Bootloaders of Many Devices Made in Past Decade Full Text
Abstract
Secure Boot is a mechanism designed to protect a device’s boot process from attacks, and bypassing it can allow an attacker to execute arbitrary code before the operating system loads.Security Week
August 16, 2022 – Attack
New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks Full Text
Abstract
Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers ( PLCs ) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed " Evil PLC " attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson. Programmable logic controllers are a crucial component of industrial devices that control manufacturing processes in critical infrastructure sectors. PLCs, besides orchestrating the automation tasks, are also configured to start and stop processes and generate alarms. It's hence not surprising that the entrenched access provided by PLCs have made the machines a focus of sophisticated attacks for more than a decade, starting from Stuxnet to PIPEDREAM (aka INCONTROLLER), with the goal of causing physical disruptions. "TheThe Hacker News
August 16, 2022 – Malware
Malicious browser extensions targeted almost 7 million people Full Text
Abstract
Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements.BleepingComputer
August 16, 2022 – Privacy
Microsoft Shuts Down Accounts Linked to Russian Spies Full Text
Abstract
The criminals make contact with their targets via email, and for this, they register new accounts with different consumer email providers, and they use email addresses or alias designed to look like a legitimate person.The Register
August 16, 2022 – Solution
Unified Threat Management: The All-in-One Cybersecurity Solution Full Text
Abstract
UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a conventional firewall, such systems are capable of detecting and blocking more sophisticated attacks. SafeDNS has recently released such a solution, and this is what this article is going to be about. Who needs UTMs? Most of all, UTMs are valued by SMEs - the all-in-one solution makes it simple to manage all their cybersecurity solutions and services. This also cuts down a lot of communications between vendors, since UTMs are easily supported by one IT team. This leads to another upside of the system - it can be cost-effective, as there is no need to pay a bunch of vendors & extra for techThe Hacker News
August 16, 2022 – Breach
New MailChimp breach exposed DigitalOcean customer email addresses Full Text
Abstract
DigitalOcean is warning customers that a recent MailChimp security breach exposed the email addresses of some customers, with a small number receiving unauthorized password resets.BleepingComputer
August 16, 2022 – Hacker
Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware Full Text
Abstract
China-backed Iron Tiger APT compromised the servers of MiMi – an instant messaging application available on Windows, macOS, Android, and iOS chat applications, for a supply chain attack.Security Week
August 16, 2022 – Phishing
Microsoft Warns About Phishing Attacks by Russia-linked Hackers Full Text
Abstract
Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM , which it said overlaps with a hacking group also known as Callisto , COLDRIVER , and TA446. "SEABORGIUM intrusions have also been linked to hack-and-leak campaigns, where stolen and leaked data is used to shape narratives in targeted countries," Microsoft's threat hunting teams said . "Its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft." Attacks launched by the adversarial collective are known to target the same organizations using consistent methodologies applied over long periods of time, enabling it to infiltrate the victims' social networks through a combination of impersonation,The Hacker News
August 16, 2022 – General
The Benefits of Making Password Strength More Transparent Full Text
Abstract
Google is in the process of developing a password strength indicator for its Chrome browser. The good news is that there is an easy way of starting users down the road to using strong passwords even before the new version of Chrome is released.BleepingComputer
August 16, 2022 – Breach
BharatPay Data Breach: Personal data, Transaction Details of 37,000 Users Leaked Online - ET CISO Full Text
Abstract
BharatPay, an Indian finance service, leaked PII and sensitive financial data of users. Researchers found that transaction data and API keys of online bill payment facilitators such as Patchway Recharge and Mr. Robotics were also exposed.The Times Of India
August 16, 2022 – Breach
CS:GO trading site hacked to steal $6 million worth of skins Full Text
Abstract
CS.MONEY, one of the largest platforms for trading CS:GO skins, has taken its website offline after a cyberattack allowed hackers to loot 20,000 items worth approximately $6,000,000.BleepingComputer
August 16, 2022 – Attack
Hackers attack UK water supplier but extort wrong company Full Text
Abstract
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack.BleepingComputer
August 16, 2022 – Attack
Hackers attack UK water supplier with 1.6 million customers Full Text
Abstract
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack.BleepingComputer
August 16, 2022 – Vulnerabilities
Microsoft Secure Boot fix sends PCs into BitLocker Recovery Full Text
Abstract
The issues are related to KB5012170, which is designed to plug some Secure Boot holes. The problem occurs on boot, and brings up the BitLocker Recovery screen into which a user is supposed to enter a key.The Register
August 16, 2022 – APT
Russia-linked Gamaredon APT continues to target Ukraine Full Text
Abstract
Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities...Security Affairs
August 16, 2022 – Vulnerabilities
Rapid7: Cisco ASA and ASDM flaws went unpatched for months Full Text
Abstract
Vulnerabilities discovered in Cisco software may lead to a variety of threats, including supply chain attacks, Rapid7 lead researcher Jake Baines warned during a Black Hat USA 2022 session.Tech Target
August 16, 2022 – Breach
Phone numbers of 1,900 Signal users exposed as a result of Twilio security breach Full Text
Abstract
For about 1,900 users, Twilio hackers could have attempted to re-register their number to another device or learned that their number was registered to Signal. Communication company Twilio provides Signal with phone number verification services, and recent...Security Affairs
August 16, 2022 – Ransomware
Black Basta: New Ransomware Threat Aiming for the Big League Full Text
Abstract
The gang behind Black Basta has reached a high level of success in a short time through its double extortion techniques and is possibly an offshoot of Conti and REvil. It has claimed responsibility for compromising at least 50 organizations so far.CSO Online
August 15, 2022 – Attack
Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware Full Text
Abstract
Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm , also known as Actinium , Armageddon , Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated by the Computer Emergency Response Team of Ukraine (CERT-UA). The threat actor, active since at least 2013, is known for explicitly singling out public and private entities in Ukraine. The attacks have since ratcheted up in the wake of Russia's military invasion in late 2022. The latest set of attacks are said to have commenced on July 15, 2022, and ongoing as recently as August 8, with the infection chains leveraging phishing emails disguised as newsletters and combat orders, ultimately leading to the deployment of a PowerShell stealer malware dubbed GammaLoad.PS1_v2 .The Hacker News
August 15, 2022 – Attack
Argentina’s Judiciary of Córdoba hit by PLAY ransomware attack Full Text
Abstract
Argentina's Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new 'Play' ransomware operation.BleepingComputer
August 15, 2022 – Breach
Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack Full Text
Abstract
Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said . "All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private and secure and were not affected." Signal, which uses Twilio to send SMS verification codes to users registering with the app, said it's in the process of alerting the affected users directly and prompting them to re-register the service on their devices. The development comes less than a week after Twilio revealed that data associated with about 125 customer accounts were accessed by malicious actors through a phishing attack that duped the compThe Hacker News
August 15, 2022 – Cryptocurrency
Monero hard fork makes hackers’ favorite coin even more private Full Text
Abstract
Monero, the privacy-oriented decentralized cryptocurrency project, underwent a planned hard fork event on Saturday, introducing new features to boost its privacy and security.BleepingComputer
August 15, 2022 – General
Credential Theft Is (Still) A Top Attack Method Full Text
Abstract
Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals. The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations aren't revoking credentials that are no longer needed, meaning passwords can go unattended and dormant like a sitting duck (similar to what happened with Colonial Pipeline). And Verizon's Data Breach Investigations Report cites that nearly 50% of all data breaches were caused by stolen credentials. The stats don't lie. Cybercriminals are advancing, there's no doubt, but if there's an option to take the path of least resistance, they'll take it. Too often, that means compromising passwords and exploiting vulnerable access points. Credential Theft and Critical AccessThe Hacker News
August 15, 2022 – Phishing
Microsoft disrupts SEABORGIUM ’s ongoing phishing operations Full Text
Abstract
Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. The Microsoft Threat Intelligence Center (MSTIC) has disrupted activity by SEABORGIUM (aka ColdRiver, TA446), a Russia-linked threat...Security Affairs
August 15, 2022 – Denial Of Service
Malicious PyPi packages aim DDoS attacks at Counter-Strike servers Full Text
Abstract
A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server.BleepingComputer
August 15, 2022 – Criminals
Ransomware Groups Refine Shakedown and Monetization Models Full Text
Abstract
Ransomware-wielding attackers continue to seek new ways to maximize profits with minimal effort. Some of their top tactics include tapping initial access brokers, working with botnet operators and testing new monetization models.Bank Info Security
August 15, 2022 – Malware
SOVA Android Banking Trojan Returns With New Capabilities and Targets Full Text
Abstract
The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out. That's according to the latest findings from Italian cybersecurity firm Cleafy, which found newer versions of the malware sporting functionality to intercept two-factor authentication (2FA) codes, steal cookies, and expand its targeting to cover Australia, Brazil, China, India, the Philippines, and the U.K. SOVA, meaning Owl in Russian, came to light in September 2021 when it was observed striking financial and shopping apps from the U.S. and Spain for harvesting credentials through overlay attacks by taking advantage of Android's Accessibility services. In less than a year, the trojan has also acted as a foundation for another Android malware called MaliBot that's designed to target online banking and cryptocurrency wallet custoThe Hacker News
August 15, 2022 – Vulnerabilities
VNC instances exposed to Internet pose critical infrastructures at risk Full Text
Abstract
Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control...Security Affairs
August 15, 2022 – Breach
Twilio hack exposed Signal phone numbers of 1,900 users Full Text
Abstract
Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of the month.BleepingComputer
August 15, 2022 – General
Almost 2,000 data breaches reported for the first half of 2022 Full Text
Abstract
A successful data breach can impact an organization not just by compromising sensitive information but by serving as a prelude to ransomware and more devastating cyberattacks.Tech Republic
August 15, 2022 – Malware
SOVA Android malware now also encrypts victims’ files Full Text
Abstract
Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers...Security Affairs
August 15, 2022 – Hacker
Microsoft disrupts Russian hackers’ operation on NATO targets Full Text
Abstract
The Microsoft Threat Intelligence Center (MSTIC) has disrupted a hacking and social engineering operation linked to a Russian threat actor tracked as SEABORGIUM that targets propland organizations in NATO countries.BleepingComputer
August 15, 2022 – Hacker
Russia-linked Shuckworm Hacker Group Maintains Focus on Ukraine Full Text
Abstract
Shuckworm (aka Gamaredon, Armageddon) is a Russia-linked group that has almost exclusively focused its operations on Ukraine since it first appeared in 2014. It is generally considered to be a state-sponsored espionage operation.Symantec
August 15, 2022 – Malware
A new PyPI Package was found delivering fileless Linux Malware Full Text
Abstract
Security Researchers discovered a new PyPI Package designed to drop fileless cryptominer to Linux systems. Sonatype researchers have discovered a new PyPI package named 'secretslib' that drops fileless cryptominer to the memory of Linux machine systems....Security Affairs
August 15, 2022 – Attack
Russian hackers target Ukraine with default Word template hijacker Full Text
Abstract
Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notorious Russian state-backed hacking group 'Gamaredon' continue to heavily target the war-torn country.BleepingComputer
August 15, 2022 – APT
Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi Full Text
Abstract
China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a new campaign conducted by a China-linked threat actor Iron Tiger that employed a backdoored...Security Affairs
August 15, 2022 – Vulnerabilities
Windows KB5012170 Secure Boot DBX update may fail with 0x800f0922 error Full Text
Abstract
Users may see a 0x800f0922 error when trying to install security update KB5012170 on the currently supported Windows operating system for consumers and the enterprise-class Server version.BleepingComputer
August 15, 2022 – Phishing
Callback phishing attacks see massive 625% growth since Q1 2021 Full Text
Abstract
Phishing is constantly evolving to bypass user training and email protections, and as threat actors adopt new tactics with better success ratios, quarterly stats reflect interesting threat trends on multiple fronts.BleepingComputer
August 14, 2022 – Malware
Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems Full Text
Abstract
A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named " secretslib " and downloaded 93 times prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as "secrets matching and verification made easy." "On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters," Sonatype researcher Ax Sharma disclosed in a report last week. It achieves this by executing a Linux executable file retrieved from a remote server post installation, whose main task is to drop an ELF file (" memfd ") directly in memory that functions as a Monero cryptominer, after which it gets deleted by the "secretslib" package. "The malicious activity leaves little to nThe Hacker News
August 14, 2022 – Vulnerabilities
Over 9,000 VNC servers exposed online without a password Full Text
Abstract
Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks.BleepingComputer
August 14, 2022 – Cryptocurrency
Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer Full Text
Abstract
Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and Investigation Service (FIOD) said in a statement. Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block identified him as Alexey Pertsev, citing confirmation from his wife. "My husband didn't do anything illegal," she was quoted as saying. FIOD also alleged that "Tornado Cash has been used to conceal large-scale criminal money flows, including from (online) thefts of cryptocurrencies (so-called crypto hacks and scams)." The agency, which initiated an investigation into Tornado Cash in June 2022, further hinted it may make more arrestsThe Hacker News
August 14, 2022 – Vulnerabilities
A flaw in Xiaomi phones using MediaTek Chips could allow to forge transactions Full Text
Abstract
Flaws in Xiaomi Redmi Note 9T and Redmi Note 11 models could be exploited to disable the mobile payment mechanism and even forge transactions. Check Point researchers discovered the flaws while analyzing the payment system built into Xiaomi smartphones...Security Affairs
August 14, 2022 – Government
CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint...Security Affairs
August 13, 2022 – Attack
Cedar Rapids schools pay ransom in cyber attack Full Text
Abstract
The Cedar Rapids school district paid a ransom in hopes of keeping personal data compromised in a cyberattack last month from being released, the school superintendent has told parents.The Gazette
August 13, 2022 – Malware
SOVA malware adds ransomware feature to encrypt Android devices Full Text
Abstract
The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.BleepingComputer
August 13, 2022 – General
Researchers Find Stolen Algorithms in Commercial Cybersecurity Products Full Text
Abstract
An analysis conducted by two researchers has revealed that some commercial cybersecurity products rely on algorithms that have been taken from other security tools without authorization.Security Week
August 13, 2022 – Hacker
Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users Full Text
Abstract
A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell. The first victim of rshell was reported in mid-July 2021. Lucky Mouse, also called APT27 , Bronze Union, Emissary Panda, and Iron Tiger, is known to be active since 2013 and has a history of gaining access to targeted networks in pursuit of its political and military intelligence-collection objectives aligned with China. The advanced persistent threat actor (APT)The Hacker News
August 13, 2022 – Criminals
US unmasks alleged Conti ransomware operative, offers $10M Full Text
Abstract
The U.S. government said it will offer up to $10 million for information related to five people believed to be high-ranking members of the notorious Russia-backed Conti ransomware gang.Tech Crunch
August 13, 2022 – Breach
Killnet claims to have breached Lockheed Martin Full Text
Abstract
Russian hacker group Killnet claims to have launched a DDoS attack on the aerospace and defense giant Lockheed Martin. The Moscow Times first reported that the Pro-Russia hacker group Killnet is claiming responsibility for a recent DDoS attack that...Security Affairs
August 13, 2022 – Ransomware
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan Full Text
Abstract
The Android banking Trojan SOVA is back in the action and sporting new and updated capabilities with an additional version in development that contains a ransomware module.Dark Reading
August 13, 2022 – Vulnerabilities
Three flaws allow attackers to bypass UEFI Secure Boot feature Full Text
Abstract
Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible...Security Affairs
August 12, 2022 – Ransomware
The Week in Ransomware - August 12th 2022 - Attacking the defenders Full Text
Abstract
It was a very busy week for ransomware news and attacks, especially with the disclosure that Cisco was breached by a threat actor affiliated with the Yanluowang ransomware gang.BleepingComputer
August 12, 2022 – APT
Bitter APT and Transparent Tribe Campaigns on Social Media Full Text
Abstract
Meta recently took down two cyberespionage campaigns across its social media platforms. These campaigns were being operated by Bitter APT and Transparent Tribe threat groups.Cyware Alerts - Hacker News
August 12, 2022 – Vulnerabilities
Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders Full Text
Abstract
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one," hardware security firm Eclypsium said in a report shared with The Hacker News. The following vendor-specific boot loaders , which were signed and authenticated by Microsoft, have been found vulnerable to the bypass and have been patched as part of the tech giant's Patch Tuesday update released this week - Eurosoft Boot Loader ( CVE-2022-34301 ) New Horizon Data Systems Inc Boot Loader ( CVE-2022-34302 ), and Crypto Pro Boot Loader ( CVE-20220-34303 ) Secure Boot is a security standard designed to thwart malicious programs from loading wheThe Hacker News
August 12, 2022 – Criminals
The US offers a $10M rewards for info on the Conti ransomware gang’s members Full Text
Abstract
The U.S. State Department announced a $10 million reward for information related to five individuals associated with the Conti ransomware gang. The U.S. State Department announced a $10 million reward for information on five prominent members of the Conti...Security Affairs
August 12, 2022 – Malware
Chinese hackers backdoor chat app with new Linux, macOS malware Full Text
Abstract
Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems.BleepingComputer
August 12, 2022 – APT
DoNot Team APT Updates its Malware Arsenal Full Text
Abstract
Morphisec Labs researchers have reported that the group has added new modules to its Windows spyware framework aka YTY, Jaca. These latest samples appear to be used in the wild.Cyware Alerts - Hacker News
August 12, 2022 – Vulnerabilities
Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments Full Text
Abstract
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's "Kinibi" Trusted Execution Environment (TEE). A TEE refers to a secure enclave inside the main processor that's used to process and store sensitive information such as cryptographic keys so as to ensure confidentiality and integrity. Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant. "Therefore, an attacker can bypass security fixes made by Xiaomi or MediaTek in trusted apps by downgrading them to unpatchedThe Hacker News
August 12, 2022 – Vulnerabilities
Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite Full Text
Abstract
Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is...Security Affairs
August 12, 2022 – Breach
Anonymous poop gifting site hacked, customers exposed Full Text
Abstract
ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a "customer" spotted a vulnerability.BleepingComputer
August 12, 2022 – Solution
GoTestWAF adds API attack testing via OpenAPI support Full Text
Abstract
Launched in April 2020, the security testing tool simulates OWASP and API exploits to test the detection capabilities of web application firewalls (WAFs), NGWAFs, RASPs, WAAPs, and, now, API security tools.The Daily Swig
August 12, 2022 – Criminals
U.S. Government Offers $10 Million Reward for Information on Conti Ransomware Gang Full Text
Abstract
The U.S. State Department on Thursday announced a $10 million reward for information related to five individuals associated with the Conti ransomware group. The reward offer, first reported by WIRED, is also notable for the fact that it marks the first time the face of a Conti associate, known as "Target," has been unmasked. The four other associates have been referred to as "Tramp," "Dandis," "Professor," and "Reshaev." The government, besides seeking information about the five operators that could lead to their identification or location, is also calling on people to share details about Conti and its affiliated groups TrickBot and Wizard Spider . Since its rebrand from Ryuk to Conti, the transnational organized crime group has been linked to hundreds of ransomware incidents over the past two years. As of January 2022, the Russia-based ransomware-as-a-service (RaaS) operation is estimated to have hit over 1,000 entities, wThe Hacker News
August 12, 2022 – Ransomware
BazarCall attacks have revolutionized ransomware operations Full Text
Abstract
The Conti ransomware gang is using BazarCall phishing attacks as an initial attack vector to access targeted networks. BazarCall attack, aka call back phishing, is an attack vector that utilizes targeted phishing methodology and was first used by the Ryuk...Security Affairs
August 12, 2022 – Malware
Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass Full Text
Abstract
Some signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) used by Windows could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads.BleepingComputer
August 12, 2022 – Vulnerabilities
Enterprises Can’t Shake Log4j flaw Full Text
Abstract
Research by CyCognito highlights business continuity risks such as digital asset sprawl, subsidiary risk, and the importance of reducing the time it takes to identify a vulnerable Log4j asset and patch it.Security Affairs
August 12, 2022 – Solution
Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger Full Text
Abstract
Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature," Sara Su, product management director of Messenger Trust, said . The incremental development comes a year after it turned on E2EE for audio and video calls on the messaging service as well as for one-on-one chats in Instagram, and enabled encrypted chat backups for WhatsApp on Android and iOS. E2EE is a secure communication mechanism that scrambles data in transit and prevents third-parties from unauthorizedly accessing information sent from one endpoint to another, including Meta. "This is because with end-to-end encryption, your messages are secured with aThe Hacker News
August 12, 2022 – Breach
Twilio: 125 customers affected by data breach, no passwords stolen Full Text
Abstract
Cloud communications giant Twilio, the owner of the highly popular two-factor authentication (2FA) provider Authy, says that it has so far identified 125 customers who had their data accessed during a security breach discovered last week.BleepingComputer
August 12, 2022 – Policy and Law
FTC Initiates Privacy and Data Security Rule-Making Full Text
Abstract
The U.S. Federal Trade Commission today initiated a potentially yearslong attempt to impose new data security and privacy regulations onto the American economy. Agency commissioners voted along party lines to initiate the rule-making process.Bank Info Security
August 12, 2022 – Vulnerabilities
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions Full Text
Abstract
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. Successful exploitation of the flaw could allow an attacker to retrieve the RSA private key by means of a Lenstra side-channel attack against the targeted device. "If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic," Cisco warned in an advisory issued on August 10. Cisco noted that the flaw impacts only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later. Affected products are listed below -The Hacker News
August 12, 2022 – Denial Of Service
Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks Full Text
Abstract
Palo Alto Networks has issued a security advisory warning of an actively exploited high-severity vulnerability impacting PAN-OS, the operating system used by the company's networking hardware products.BleepingComputer
August 12, 2022 – Criminals
Alleged Business Email Compromise Fraudsters Extradited Full Text
Abstract
Three Nigerian nationals accused of participating in multimillion-dollar business email compromise fraud with a fixation on universities arrived in the United States after extradition from the United Kingdom.Bank Info Security
August 12, 2022 – Solution
Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered Full Text
Abstract
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies — things like packet switching and TCP/IP — gave much consideration to the need to secure the data passing through it. But by 1989, hackers like Robert Morris had already spotted the security weaknesses of the fledgling global network and started to exploit them. And that was just the beginning. Today, network administrators and individual internet users spend significant amounts of time and money trying to keep their data safe from prying eyes. The de-facto tool most people use for that purpose is a VPN. It's a software encryption solution that prevents anyone from accessing data traversing the public internet other than its intended recipient. And VPNs make up a data privacy markThe Hacker News
August 12, 2022 – Vulnerabilities
Xiaomi phones with MediaTek chips vulnerable to forged payments Full Text
Abstract
Security analysts have found weaknesses in the implementation of the trusted execution environment (TEE) in MediaTek-powered Xiaomi smartphones, which could enable third-party unprivileged apps to disable the payment system or forge payments.BleepingComputer
August 12, 2022 – Vulnerabilities
VA Systems Vulnerable to Cyber Intrusions Due to Lack of Effective Oversight, Report Says Full Text
Abstract
The Department of Veterans Affairs Inspector General's office said the agency is "leaving its systems vulnerable to compromise by impostors who may gain access to protected information."Nextgov
August 12, 2022 – Cryptocurrency
VileRAT Updated to Target More Cryptocurrency Exchanges Full Text
Abstract
According to the researchers from Securelist, DeathStalker has been updating the features of VileRAT through 2021, with the latest update observed in June 2022.Cyware Alerts - Hacker News
August 12, 2022 – Solution
CISA Releases Cybersecurity Toolkit to Help Protect Upcoming Midterm Elections Full Text
Abstract
The CISA on Wednesday released an election security toolkit to help state and local election officials access a variety of free tools and resources to safeguard their voting systems ahead of the upcoming midterm elections.Nextgov
August 12, 2022 – Solution
Intel Introduces Protection Against Physical Fault Injection Attacks Full Text
Abstract
According to Daniel Nemiroff, senior principal engineer at Intel, fault injection attacks allow attackers to execute malicious instructions and potentially leak data through clock pin, electromagnetic, and voltage glitches.Security Week
August 11, 2022 – Vulnerabilities
Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925 (CVSS score: 7.2) - Remote code execution (RCE) through mboximport from authenticated user (fixed in versions 8.8.15 Patch 31 and 9.0.0 Patch 24 released in March) CVE-2022-37042 - Authentication bypass in MailboxImportServlet (fixed in versions 8.8.15 Patch 33 and 9.0.0 Patch 26 released in August) "If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible," Zimbra warned earlier this week. CISA has not shared any information on the attacks exploiting the flaws but cybersecurity fiThe Hacker News
August 11, 2022 – Criminals
US govt will pay you $10 million for info on Conti ransomware members Full Text
Abstract
The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time.BleepingComputer
August 11, 2022 – Cryptocurrency
Hackers exploited crypto platform RenBridge to launder $540 mn Full Text
Abstract
More than half a billion dollars have been laundered in crypto assets originating from theft, fraud, ransomware and various other types of criminal activity since 2020, a new report has revealed.The Times Of India
August 11, 2022 – Criminals
Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector Full Text
Abstract
A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a Wednesday report. These targeted campaigns "substantially increased" attacks against entities in finance, technology, legal, and insurance sectors, the company added. The actors in question include Silent Ransom, Quantum, and Roy/Zeon, all of which split from Conti after the ransomware-as-a-service (RaaS) cartel orchestrated its shutdown in May 2022 following its public support for Russia in the ongoing Russo-Ukrainian conflict. The advanced social engineering tactic, also called BazaCall (aka BazarCall), came under the spotlight in 2020/2021 when it was put to use by operators of theThe Hacker News
August 11, 2022 – General
From Defending the Open Internet to Confronting the Reality of a Fragmented Cyberspace: Reflecting Upon Two CFR Reports on U.S. Goals in Cyberspace Full Text
Abstract
Reading the two reports in tandem is a reminder of how high public expectations were for what Washington could accomplish in cyberspace. It also illustrates how significantly the United States’ position in cyberspace has worsened over the past decade.Lawfare
August 11, 2022 – Denial Of Service
Palo Alto Networks warns of Reflected Amplification DoS issue in PAN-OS Full Text
Abstract
Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices...Security Affairs
August 11, 2022 – Breach
Cisco Confirms Network Breach Via Hacked Employee Google Account Full Text
Abstract
Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.Threatpost
August 11, 2022 – Vulnerabilities
Zimbra auth bypass bug exploited to breach over 1,000 servers Full Text
Abstract
An authentication bypass Zimbra security vulnerability is being exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide.BleepingComputer
August 11, 2022 – Denial Of Service
Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attacks Full Text
Abstract
Palo Alto Networks is working on fixes for a reflected amplification denial-of-service (DoS) vulnerability that impacts PAN-OS, the platform powering its next-gen firewalls.Security Week
August 11, 2022 – Attack
Cisco Confirms It’s Been Hacked by Yanluowang Ransomware Gang Full Text
Abstract
Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up. "The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account." The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10. The exfiltrated information, according to Talos, included the contents of a Box cloud storage folder that was associated with the compromised employee's account and is not believed to have included any valuablThe Hacker News
August 11, 2022 – Insider Threat
Ex Twitter employee found guilty of spying for Saudi Arabian government Full Text
Abstract
A former Twitter employee was found guilty of spying on certain Twitter users for Saudi Arabia. A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. "Ahmad...Security Affairs
August 11, 2022 – Hacker
Inside the Hackers’ Toolkit – Podcast Full Text
Abstract
This edition of the Threatpost podcast is sponsored by Egress.Threatpost
August 11, 2022 – Government
FBI: Zeppelin ransomware may encrypt devices multiple times in attacks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations today that attackers deploying Zeppelin ransomware might encrypt their files multiple times.BleepingComputer
August 11, 2022 – General
Education hammered by exploits and backdoors in 2021 and 2022 Full Text
Abstract
Beyond spikes in detections, the education sector has dealt with an onslaught of attacks ranging from spyware and denial of service tools to ransomware. Throughout the year, almost every month has a report of an educational institution under attack.Malwarebytes Labs
August 11, 2022 – Attack
Hackers Behind Cuba Ransomware Attacks Using New RAT Malware Full Text
Abstract
Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team, which is tracking the double extortion ransomware group under the constellation-themed moniker Tropical Scorpius . Cuba ransomware (aka COLDDRAW ), which was first detected in December 2019, reemerged on the threat landscape in November 2021 and has been attributed to attacks against 60 entities in five critical infrastructure sectors, amassing at least $43.9 million in ransom payments. Of the 60 victims listed on its data leak site, 40 are located in the U.S., indicating a not as global distribution of targeted organizations as other ransomware gangs. "Cuba ransomware is distributed through Hancitor malware, a loader known for dropping or executing stealers, such as RemoteThe Hacker News
August 11, 2022 – Vulnerabilities
Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key Full Text
Abstract
Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower...Security Affairs
August 11, 2022 – Attack
UK NHS service recovery may take a month after MSP ransomware attack Full Text
Abstract
Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems caused the disruption of emergency services (111) from the United Kingdom's National Health Service (NHS).BleepingComputer
August 11, 2022 – Hacker
The Hacking of Starlink Terminals Has Begun Full Text
Abstract
To access the satellite dish’s software, security researcher Lennert Wouters physically stripped down a dish he purchased and created a custom hacking tool that can be attached to the Starlink dish.Wired
August 11, 2022 – Education
What the Zola Hack Can Teach Us About Password Security Full Text
Abstract
Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was the victim of a significant cybersecurity breach where hackers used an attack known as credential stuffing . It resulted in fraudulent activity tied to customer accounts. Let's look at the Zola breach and why it emphasizes the need for organizations to bolster their password security and protect against various types of password attacks. What happened with the Zola attack? Instead of going after Zola's core business-critical infrastructure, hackers went after customer accounts with the May attack. Attackers used an age-old technique called credential stuffing to compromise several Zola customer accounts. With access to the compromised accounts, they attempted to purchase gift voucheThe Hacker News
August 11, 2022 – General
Access to hacked corporate networks still strong but sales fall Full Text
Abstract
Statistics collected by cyber-intelligence firm KELA during this year's second quarter show that marketplaces selling initial access to corporate networks have taken a blow.BleepingComputer
August 11, 2022 – Encryption
NIST post-quantum algorithm candidate’s future uncertain, with second attack proposed Full Text
Abstract
Uncertainty surrounds a cracked post-quantum cryptography algorithm being considered by the National Institute of Standards and Technology, now that researchers have potentially discovered a second attack method.Fed Scoop
August 11, 2022 – Vulnerabilities
Critical Flaws Disclosed in Device42 IT Asset Management Software Full Text
Abstract
Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an LFI ) or obtain full access to the appliance files and database (through remote code execution)," Bitdefender said in a Wednesday report. Even more concerningly, an adversary with any level of access within the host network could daisy-chain three of the flaws to bypass authentication protections and achieve remote code execution with the highest privileges. The issues in question are listed below - CVE-2022-1399 - Remote Code Execution in scheduled tasks component CVE-2022-1400 - Hard-coded encryption key IV in Exago WebReportsApi.dll CVE 2022-1401 - Insufficient validation of provided paths in ExagoThe Hacker News
August 11, 2022 – Privacy
GitHub’s new privacy policy sparks backlash over tracking cookies Full Text
Abstract
Developers are furious at GitHub's upcoming privacy policy changes that would allow GitHub to place tracking cookies on some of its subdomains. The Microsoft subsidiary announced this month, it would be adding "non-essential cookies" on some marketing web pages starting in September, and offered a 30-day "comment period."BleepingComputer
August 11, 2022 – Outage
Tenet’s $100 Million Cyber Shutdown Sparks 10 Questions All Boards Must Ask Full Text
Abstract
Leadership must establish, understand and trust crisis response plans—especially those related to business interruption risks. Substantive answers to these questions help build the resolve, readiness, and fortitude the digital era requires.Forbes
August 11, 2022 – Ransomware
BlueSky Ransomware Conducts Faster File Encryption via Multithreading Full Text
Abstract
BlueSky ransomware predominantly targets Windows hosts and utilizes multithreading to encrypt files faster. The multithreaded architecture of BlueSky bears code similarities with Conti v3, and the network search module is an exact replica of it.Palo Alto Networks
August 11, 2022 – Phishing
Best Buy Spoof Uses Google Storage to Launch Phishing Attack Full Text
Abstract
In this attack, hackers are spoofing Best Buy. Best Buy is another popular spoofed brand. This one is not the most convincing one researchers have seen, as the logos are lacking, and the email isn’t especially convincing.Avanan
August 10, 2022 – Vulnerabilities
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws Full Text
Abstract
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.Threatpost
August 10, 2022 – Vulnerabilities
GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions Full Text
Abstract
Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. "When a security vulnerability is reported in an action, our team of security researchers will create an advisory to document the vulnerability, which will trigger an alert to impacted repositories," GitHub's Brittany O'Shea and Kate Catlin said . GitHub Actions is a continuous integration and continuous delivery (CI/CD) solution that enables users to automate the software build, test, and deployment pipeline. Dependabot is part of the Microsoft-owned subsidiary's continued efforts to secure the software supply chain by notifying users that their source code depends on a package with a security vulnerability and helping keep all the dependencies up-to-date. The latest move entails receiving alerts on GitHub Actions and vulnerabilities impacting developer code,The Hacker News
August 10, 2022 – Criminals
Ransomware gangs move to ‘callback’ social engineering attacks Full Text
Abstract
At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network.BleepingComputer
August 10, 2022 – Criminals
New dark web markets claim association with criminal cartels Full Text
Abstract
Several new marketplaces have appeared on the dark web, claiming to be the dedicated online portals for notorious criminal cartels from Mexico.BleepingComputer
August 10, 2022 – Business
AppOmni receives funding from Cisco Investments to expand SaaS coverage Full Text
Abstract
AppOmni announced that Cisco Investments has made a strategic investment in the company. This investment will help propel product development and accelerate the company’s roadmap.Help Net Security
August 10, 2022 – Insider Threat
Former Twitter Employee Found Guilty of Spying for Saudi Arabia Full Text
Abstract
A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg reported Tuesday. He faces up to 20 years in prison when sentenced. The verdict comes nearly three years after Abouammo, along with Ali Alzabarah and Ahmed Almutairi (Ahmed Aljbreen) were indicted in 2019 for acting as "illegal agents" of Saudi Arabia, with the former also charged with destroying, altering, and falsifying records in a federal investigation. Prosecutors accused Abouammo and Alzabarah, both of whom joined Twitter in 2013, of being enlisted by officials of the Kingdom of Saudi Arabia for unmasking its critics on the social media platform. According to court documents, both individuals leveraged their access to internal systems to unauthorizedly get hold of nonpubliThe Hacker News
August 10, 2022 – Attack
Cisco was hacked by the Yanluowang ransomware gang Full Text
Abstract
Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole...Security Affairs
August 10, 2022 – Outage
7-Eleven Denmark confirms ransomware attack behind store closures Full Text
Abstract
7-Eleven Denmark has confirmed that a ransomware attack was behind the closure of 175 stores in the country on Monday.BleepingComputer
August 10, 2022 – General
Metaverse and Cybersecurity Threats Full Text
Abstract
With massive investments made into the metaverse space, it is now necessary to start designing and implementing relevant security measures while the concept is still evolving.Cyware Alerts - Hacker News
August 10, 2022 – Attack
Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers Full Text
Abstract
The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021. Much of the data about its modus operandi came from incident response activities and industry analysis of a Maui sample that revealed a lack of "several key features" typically associated with ransomware-as-a-service (RaaS) operations. Not only is Maui designed to be manually executed by a remote actor via a command-line interface, it's also notable for not including a ransom note to provide recovery instructions. Subsequently, the Justice Department announced the seizure of $500,000 worth of Bitcoin that were extorted from several organizations, including two heThe Hacker News
August 10, 2022 – Vulnerabilities
Risky Business: Enterprises Can’t Shake Log4j flaw Full Text
Abstract
70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch them. Eight months later many...Security Affairs
August 10, 2022 – Breach
Automotive supplier breached by 3 ransomware gangs in 2 weeks Full Text
Abstract
An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over a two-week span in May, two of the attacks happening within just two hours.BleepingComputer
August 10, 2022 – Vulnerabilities
Security Firm Finds Flaws in Indian Online Insurance Broker Full Text
Abstract
Last month, a small cybersecurity firm told a major Indian online insurance brokerage it had found critical vulnerabilities in the company’s internet-facing network that could expose sensitive data from at least 11 million customers.Security Week
August 10, 2022 – Hacker
The Business of Hackers-for-Hire Threat Actors Full Text
Abstract
Today's web has made hackers' tasks remarkably easy. For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. Cybercrime has entered a new era where people don't steal just for the thrill of doing it anymore. They make it their business to carry out illegal cyber activities in small groups or individually to earn business from online criminals, selling offensive services like spyware as a service or commercial cybersecurity. For instance, a series of new DDoS for Hire are commoditizing the art of hacking and reducing the barrier to launching DDoS attacks . Who are Hackers-for-Hire? Hackers-for-hire are secret cyber experts or groups who specialize in infiltrating organizations to acquire intelligence in one wayThe Hacker News
August 10, 2022 – Malware
Experts found 10 malicious packages on PyPI used to steal developers’ data Full Text
Abstract
10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have discovered ten malicious packages on the Python Package Index (PyPI). The packages install info-stealers that...Security Affairs
August 10, 2022 – Criminals
Conti extortion gangs behind surge of BazarCall phishing attacks Full Text
Abstract
At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network.BleepingComputer
August 10, 2022 – Vulnerabilities
SmokeLoader Actively Spreads by Exploiting Old Vulnerabilities Full Text
Abstract
Researchers had spotted the mass exploitation of two flaws— CVE-2017-0199 and CVE-2017-11882—that are almost five years old. Although patches are available for both flaws, they continue to be exploited.Cyware Alerts - Hacker News
August 10, 2022 – Breach
Hackers Behind Twilio Breach Also Targeted Cloudflare Employees Full Text
Abstract
Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio . The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards and was ultimately unsuccessful. The text messages pointed to a seemingly legitimate domain containing the keywords "Cloudflare" and "Okta" in an attempt to deceive the employees into handing over their credentials. The wave of over 100 smishing messages commenced less than 40 minutes after the rogue domain was registered via Porkbun, the company noted, adding the phishing page was designed to relay the credentials entered by unsuspecting users to the attacker via Telegram in real-time. This also meant that the attack could defeat 2FA roadblocks, as the Time-based OnThe Hacker News
August 10, 2022 – Hacker
Hackers behind Twilio data breach also targeted Cloudflare employees Full Text
Abstract
Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one that hit Twilio. The content delivery network and DDoS mitigation company Cloudflare revealed this week that at least 76 employees...Security Affairs
August 10, 2022 – Breach
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen Full Text
Abstract
Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.BleepingComputer
August 10, 2022 – Vulnerabilities
Intel Patches Severe Vulnerabilities in Firmware, Management Software Full Text
Abstract
Intel on Tuesday published 27 security advisories detailing roughly 60 vulnerabilities across firmware, software libraries, and endpoint and data center management products.Security Week
August 10, 2022 – Government
CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog Full Text
Abstract
US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed security flaw,...Security Affairs
August 10, 2022 – Attack
Hacker uses new RAT malware in Cuba Ransomware attacks Full Text
Abstract
A member of the Cuba ransomware operation is employing previously unseen tactics, techniques, and procedures (TTPs), including a novel RAT (remote access trojan) and a new local privilege escalation tool.BleepingComputer
August 10, 2022 – Vulnerabilities
SAP Patches Information Disclosure Vulnerabilities in BusinessObjects Full Text
Abstract
SAP released five new and two updated security notes as part of its August 2022 Security Patch Day. Of the five, four address information disclosure vulnerabilities, three of which impact SAP's BusinessObjects Business Intelligence Platform.Security Week
August 10, 2022 – Vulnerabilities
VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656 Full Text
Abstract
VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass...Security Affairs
August 10, 2022 – Vulnerabilities
Cisco fixes bug allowing RSA private key theft on ASA, FTD devices Full Text
Abstract
Cisco has addressed a high severity vulnerability affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.BleepingComputer
August 10, 2022 – Solution
Microsoft Edge deepens defenses against malicious websites with enhanced security mode Full Text
Abstract
Microsoft said these changes provide “defense in depth” by making it harder for malicious sites to leverage unpatched vulnerabilities in order to write to executable code into memory.The Daily Swig
August 10, 2022 – Phishing
Phishing attack abuses Microsoft Azure, Google Sites to steal crypto Full Text
Abstract
A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites.BleepingComputer
August 10, 2022 – General
Google now blocks Workspace account hijacking attempts automatically Full Text
Abstract
Google Workspace (formerly G Suite) now comes with stronger protections for risky account actions, automatically blocking hijacking attempts with identity verification prompts and logging them for further investigation.BleepingComputer
August 09, 2022 – Government
CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. This means that an adversary could exploit the flaw to drop arbitrary files on a target system that has the utility installed simply by decompressing the file. The vulnerability was revealed by SonarSource researcher Simon Scannell in late June. "RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation," the agency said in an advisory. Not much is known about the nature of the attacks, but the disclosure is evidence of a growing trend wherein threat actoThe Hacker News
August 09, 2022 – Vulnerabilities
Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack Full Text
Abstract
As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues have been listed as publicly known at the time of the release. It's worth noting that the 121 security flaws are in addition to 25 shortcomings the tech giant addressed in its Chromium-based Edge browser late last month and the previous week. Topping the list of patches is CVE-2022-34713 (CVSS score: 7.8), a case of remote code execution affecting the Microsoft Windows Support Diagnostic Tool (MSDT), making it the second flaw in the same component after Follina (CVE-2022-30190) to be weaponized in real-world attacks within three months. The vulnerability is also said to be a varThe Hacker News
August 09, 2022 – Government
CISA warns of Windows and UnRAR flaws exploited in the wild Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.BleepingComputer
August 9, 2022 – Phishing
Snapchat and Amex Abused to Target Microsoft 365 Users Full Text
Abstract
Threat actors were found sending phishing emails that abused open redirects on Amex and Snapchat. The domains act as a temporary landing site from where the victim is redirected to the malicious site.Cyware Alerts - Hacker News
August 09, 2022 – Breach
Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack Full Text
Abstract
Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "well-organized" and "methodical in their actions." The incident came to light on August 4. "This broad based attack against our employee base succeeded in fooling some employees into providing their credentials," it said in a notice. "The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data." The communications giant has 268,000 active customer accounts , and counts companies like Airbnb, Box, Dell, DoorDash, eBay, Glassdoor, Lyft, Salesforce, Stripe, Twitter,The Hacker News
August 9, 2022 – Vulnerabilities
Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day Full Text
Abstract
Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core,...Security Affairs
August 09, 2022 – Criminals
How hackers are stealing credit cards from classifieds sites Full Text
Abstract
A new credit card stealing campaign is underway in Singapore, snatching the payment details of sellers on classifieds sites through an elaborate phishing trick.BleepingComputer
August 9, 2022 – Vulnerabilities
ICS Patch Tuesday: Siemens, Schneider Electric Fix Only 11 Vulnerabilities Full Text
Abstract
Siemens’ four advisories describe seven security holes. The company informed customers that some of its SCALANCE switches, routers, security appliances and wireless communication devices are affected by three vulnerabilities.Security Week
August 09, 2022 – Policy and Law
U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering Full Text
Abstract
The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move cryptocurrency assets between accounts by obfuscating their origin and destination, is estimated to have been used to launder more than $7.6 billion worth of virtual assets since its creation in 2019, the department said. Thefts, hacks, and fraud account for $1.54 billion of the total assets sent through the mixer, according to blockchain analytics firm Elliptic . Crypto mixing is akin to shuffling digital currencies through a black box, blending a certain quantity of digital funds in private pools before transferring it to its designated receivers for a fee. The aim is to make transactions anonymous and difficult to trace. "Despite public assurances otherwise, Tornado Cash has repeatedly faThe Hacker News
August 9, 2022 – APT
`
Experts linked Maui ransomware to North Korean Andariel APT Full Text
Abstract
Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered...Security Affairs
August 09, 2022 – Vulnerabilities
Microsoft: Exchange ‘Extended Protection’ needed to fully patch new bugs Full Text
Abstract
Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks.BleepingComputer
August 9, 2022 – Malware
Woody RAT Targets Russian Entities Full Text
Abstract
The malware was being delivered via archive files and MS Office documents by abusing the Follina vulnerability. The malware has been active in the wild for at least a year.Cyware Alerts - Hacker News
August 09, 2022 – General
The Truth About False Positives in Security Full Text
Abstract
TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years. I am, of course, referring to the COVID-19 pandemic, which required massive testing campaigns in order to control the spread of the virus. For the record, a false positive is a result that appears positive (for COVID-19 in our case), where it is actually negative (the person is not infected). More commonly, we speak of false alarms. In computer security, we are also often confronted with false positives. Ask the security team behind any SIEM what their biggest operational challenge is, and chances are that false positives will be mentioned. A recent report estimates that as much as 20% of all the alerts received by security professionals are false positives, making it a big source of fatigue. Yet theThe Hacker News
August 9, 2022 – Attack
Chinese actors behind attacks on industrial enterprises and public institutions Full Text
Abstract
China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public...Security Affairs
August 09, 2022 – Solution
Kali Linux 2022.3 adds 5 new tools, updates Linux kernel, and more Full Text
Abstract
Offensive Security has released Kali Linux 2022.3, the third version of 2022, with virtual machine improvements, Linux Kernel 5.18.5, new tools to play with, and improved ARM support.BleepingComputer
August 9, 2022 – Vulnerabilities
IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products Full Text
Abstract
A total of three vulnerabilities were resolved in IBM Netezza for Cloud Pak for Data, all of which impact the Golang packages that the platform uses. Two of these issues are rated ‘high severity’, with a CVSS score of 7.5.Security Week
August 09, 2022 – Malware
10 Credential Stealing Python Libraries Found on PyPI Repository Full Text
Abstract
In what's yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index (PyPI) for their ability to harvest critical data points such as passwords and Api tokens. The packages "install info-stealers that enable attackers to steal developer's private data and personal credentials," Israeli cybersecurity firm Check Point said in a Monday report. A short summary of the offending packages is below - Ascii2text , which downloads a nefarious script that gathers passwords stored in web browsers such as Google Chrome, Microsoft Edge, Brave, Opera, and Yandex Browser Pyg-utils, Pymocks, and PyProto2 , which are designed to steal users' AWS credentials Test-async and Zlibsrc , which download and execute malicious code during installation Free-net-vpn, Free-net-vpn2, and WINRPCexploit , which steal user credentials and environment variables, and Browserdiv , which are capable of collThe Hacker News
August 9, 2022 – APT
US sanctioned crypto mixer Tornado Cash used by North Korea-linked APT Full Text
Abstract
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North Korea. The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the crypto mixer service...Security Affairs
August 09, 2022 – Vulnerabilities
Microsoft patches Windows DogWalk zero-day exploited in attacks Full Text
Abstract
Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks.BleepingComputer
August 9, 2022 – General
How Hash-Based Safe Browsing Works in Google Chrome Full Text
Abstract
Safe Browsing works in different ways depending on the user's preferences. In the most common case, Chrome uses the privacy-conscious Update API from the Safe Browsing service.August 09, 2022 – Hacker
Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions Full Text
Abstract
Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed the attacks "with a high degree of confidence" to a China-linked threat actor tracked by Proofpoint as TA428 , citing overlaps in tactics, techniques, and procedures (TTPs). TA428, also tracked under the names Bronze Dudley, Temp.Hex, and Vicious Panda, has a history of striking entities in Ukraine, Russia, Belarus, and Mongolia. It's believed to share connections with another hacking group called Mustang Panda (aka Bronze President). Targets of the latest cyber espionage campaign included industrial plants, design bureaus and research institutes, government agencies, ministries and departments in several East European countries and Afghanistan. Attack chains entailThe Hacker News
August 9, 2022 – Education
Malicious file analysis – Example 01 Full Text
Abstract
Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented...Security Affairs
August 09, 2022 – Vulnerabilities
Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws Full Text
Abstract
Today is Microsoft's August 2022 Patch Tuesday, and with it comes fixes for the actively exploited 'DogWalk' zero-day vulnerability and a total of 121 flaws.BleepingComputer
August 9, 2022 – Phishing
3 Common Bank Scams Targeting NFCU, Bank of America, and M&T Bank Full Text
Abstract
One thing we can all agree on is the fact that merely the thought of being scammed is scary. However, if there is perhaps one type of scam that, above all others, nobody wants to fall for, it’s a bank scam.Trend Micro
August 09, 2022 – Breach
Cloudflare employees also hit by hackers behind Twilio breach Full Text
Abstract
Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack very similar to the one that led to Twilio's network being breached last week.BleepingComputer
August 9, 2022 – Criminals
Morocco court in favour of extraditing French cybercrime suspect to US Full Text
Abstract
French magazine L'Obs reported that the FBI suspects Raoult of belonging to the ShinyHunters hacking group, which has allegedly targeted US companies including Microsoft.France24
August 09, 2022 – Malware
10 malicious PyPI packages found stealing developer’s credentials Full Text
Abstract
Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware.BleepingComputer
August 9, 2022 – Breach
India: Company cheated of $125k in man-in-the-middle cyber attack; 3 held Full Text
Abstract
The primary accused created a fake email ID, similar to that of a reputed company that deals in construction and technology, and sent an email to their client posing as the company and asked to deposit the amount in two other bank accounts.The Times Of India
August 09, 2022 – Vulnerabilities
VMware warns of public exploit for critical auth bypass vulnerability Full Text
Abstract
Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges.BleepingComputer
August 09, 2022 – Criminals
Maui ransomware operation linked to North Korean ‘Andariel’ hackers Full Text
Abstract
The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea.BleepingComputer
August 09, 2022 – Malware
Hackers install Dracarys Android malware using modified Signal app Full Text
Abstract
Researchers have discovered more details on the newly discovered Android spyware 'Dracarys,' used by the Bitter APT group in cyberespionage operations targeting users from New Zealand, India, Pakistan, and the United Kingdom.BleepingComputer
August 08, 2022 – Cryptocurrency
deBridge Finance crypto platform targeted by Lazarus hackers Full Text
Abstract
Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains.BleepingComputer
August 8, 2022 – Breach
More than 3200 Apps Found Exposing Twitter API Keys Full Text
Abstract
A set of 3,207 mobile apps were found exposing Twitter API keys to the public, potentially allowing a hacker to take over Twitter accounts associated with the apps. A threat actor with access to a Twitter account could perform actions such as reading direct messages, deleting tweets, accessing acco ... Read MoreCyware Alerts - Hacker News
August 08, 2022 – Botnet
New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains Full Text
Abstract
A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure. "Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using the common time-generated [ domain generation algorithms ], and thus more difficult to defend against," researchers from Qihoo 360's Netlab security team said in a Friday write-up. Orchard is said to have undergone three revisions since February 2021, with the botnet primarily used to deploy additional payloads onto a victim's machine and execute commands received from the C2 server. It's also designed to upload device and user information as well as infect USB storage devices to propagate the malware. Netlab's analysis shows that over 3,000 hosts have been enslaved by the malware to date, most of them located in China. Orchard has also been subjected toThe Hacker News
August 8, 2022 – Botnet
Orchard botnet uses Bitcoin Transaction info to generate DGA domains Full Text
Abstract
Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto's account information to generate malicious domains. 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto's Bitcoin account...Security Affairs
August 08, 2022 – Breach
Email marketing firm hacked to steal crypto-focused mailing lists Full Text
Abstract
Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers.BleepingComputer
August 8, 2022 – Ransomware
An Introduction to Industrial Spy Ransomware Group Full Text
Abstract
Researchers have dissected the inner workings of a relatively new ransomware threat known as Industrial Spy that started as a data extortion marketplace in April. It has reportedly studied Cuba ransomware briefly before creating its own ransomware.Cyware Alerts - Hacker News
August 08, 2022 – General
The Benefits of Building a Mature and Diverse Blue Team Full Text
Abstract
A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy camper being part of Cymulate's blue team. What upset me was that my friend could not grasp the idea that I wanted to keep working as a blue teamer because, as far as he was concerned, the only natural progression is to move to the red team. Red teams include many roles ranging from penetration testers to attackers and exploit developers. These roles attract most of the buzz, and the many certifications revolving around these roles (OSCP, OSEP, CEH) make them seem fancy. Movies usually make hackers the heroes, while typically ignoring the defending side, the complexities and challenges of blue teamers' roles are far less known. While blue teams' defending roles might not sound asThe Hacker News
August 8, 2022 – Breach
Twilio discloses data breach that impacted customers and employees Full Text
Abstract
Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers....Security Affairs
August 08, 2022 – Policy and Law
US sanctions crypto mixer Tornado Cash used by North Korean hackers Full Text
Abstract
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash today, a decentralized cryptocurrency mixer service used to launder more than $7 billion since its creation in 2019.BleepingComputer
August 8, 2022 – Breach
Anonymous Source Leaks 4TB of Cellebrite Data Online After Cyberattack Full Text
Abstract
It is worth noting that as of now, the leaked data is only available to researchers and journalists by requesting Distributed Denial of Secrets (DDoSecrets), a non-profit whistleblower organization.Hackread
August 08, 2022 – Phishing
Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore Full Text
Abstract
A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe . "Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data," Group-IB said in a report shared with The Hacker News. The cybersecurity firm called the operators a "well-coordinated and technologically advanced scammer criminal network." Classiscam refers to a Russia-based cybercrime operation that was first recorded in summer 2019 but only came under spotlight a year later coinciding with a surge in activity owing to an increase in online shopping in the aftermath of COVID-19 outbreak. Called the most widely used fraud scheme during the pandemic, Classiscam targets people who use marketplaces and services relating to property rentals, hotel bookings, online bank transfers, online retail, ride-sharing, and package deThe Hacker News
August 8, 2022 – Phishing
LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities Full Text
Abstract
LogoKit - Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection...Security Affairs
August 08, 2022 – Phishing
Twilio discloses data breach after SMS phishing attack on employees Full Text
Abstract
Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack.BleepingComputer
August 8, 2022 – General
Update: Hackers might have figured out your secret Twitter accounts Full Text
Abstract
Twitter initially patched the issue in January after receiving a report through its bug bounty program, but a hacker managed to exploit the flaw before Twitter even knew about it.The Verge
August 08, 2022 – Attack
Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook Full Text
Abstract
Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting individuals in New Zealand, India, Pakistan, and the U.K. "Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware," Meta said in its Quarterly Adversarial Threat Report. "They used a mix of link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware." The attacks involved the threat actor creating fictitious personas on the platform, masquerading as attractive young women in a bid to build trust with targets and lure them into clThe Hacker News
August 8, 2022 – Phishing
Attackers abuse open redirects in Snapchat and Amex in phishing attacks Full Text
Abstract
Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused open redirects on the websites of Snapchat and American Express as part of a phishing campaign targeting Microsoft...Security Affairs
August 08, 2022 – Outage
7-Eleven stores in Denmark closed due to a cyberattack Full Text
Abstract
7-Eleven stores in Denmark shut down today after a cyberattack disrupted stores' payment and checkout systems throughout the country.BleepingComputer
August 8, 2022 – Breach
Chinese Adult Site Leaking 14 Million User Details – and It’s Increasing! Full Text
Abstract
Hjedd, a Chinese adult content and NSFW platform, has been exposing a treasure trove of user data online since at least July 2022. The server was found to be publicly accessible without any security authentication or password.Hackread
August 8, 2022 – General
Microsoft is blocking Tutanota email addresses from registering a MS Teams account Full Text
Abstract
Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams account. Tutanota is an end-to-end encrypted email app and a freemium secure email service, as of March 2017, Tutanota's owners claimed to have over 2 million...Security Affairs
August 08, 2022 – Hacker
Chinese hackers use new Windows malware to backdoor govt, defense orgs Full Text
Abstract
An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe.BleepingComputer
August 8, 2022 – Hacker
Hackers target social media accounts of small businesses via Instagram scams Full Text
Abstract
The phishing emails are often sent during the early evening and on weekends when the recipients are likely to be less vigilant. Such emails often claim that a business page had violated copyright laws.The Age
August 8, 2022 – Vulnerabilities
F5 Fixes 21 Vulnerabilities With Quarterly Security Patches Full Text
Abstract
Security and application delivery solutions provider F5 has released its quarterly security notification for August 2022, which informs customers about 21 vulnerabilities affecting BIG-IP and other products.Security Week
August 8, 2022 – General
Cyberattacks on healthcare organizations negatively impact patient care Full Text
Abstract
Among other things, a survey by Cynerio and the Ponemon Institute has also revealed that almost half of hospitals have been attacked with ransomware, and that 76% of victimized hospitals were attacked 3 or more times.Help Net Security
August 07, 2022 – Cryptocurrency
North Korean hackers target crypto experts with fake Coinbase job offers Full Text
Abstract
A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry.BleepingComputer
August 7, 2022 – Attack
Serious cyberattack hits German Chambers of Industry and Commerce (DIHK) Full Text
Abstract
A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary...Security Affairs
August 07, 2022 – Phishing
Snapchat, Amex sites abused in Microsoft 365 phishing attacks Full Text
Abstract
Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials.BleepingComputer
August 7, 2022 – General
Security Affairs newsletter Round 377 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Greek...Security Affairs
August 7, 2022 – Ransomware
GwisinLocker ransomware exclusively targets South Korea Full Text
Abstract
Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a new ransomware called GwisinLocker which is able to encrypt Windows and Linux ESXi servers. The ransomware targets...Security Affairs
August 6, 2022 – Breach
A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years Full Text
Abstract
Slack has revealed that one of its low-friction features contained a vulnerability, now fixed, that exposed cryptographically scrambled versions of some users' passwords.Wired
August 06, 2022 – IOT
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack Full Text
Abstract
A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code , but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," Fortinet FortiGuard Labs said in a report. The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers. RapperBot's current implementation also delineates it from Mirai, allowing it to primarily function as an SSH brute-force tool with limited capabilities to carry out distributed denial-of-service (DDoS) attacks. The deviation from traditional Mirai behavior is furtherThe Hacker News
August 6, 2022 – Breach
Twitter fixes bug that exposed at least 5.4M accounts Full Text
Abstract
Twitter says it has fixed a security vulnerability that allowed threat actors to compile information of 5.4 million Twitter accounts, which were listed for sale on a known cybercrime forum.Tech Crunch
August 06, 2022 – Breach
Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts Full Text
Abstract
Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. "As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any," the company said in an advisory. Twitter said the bug, which it was made aware of in January 2022, stemmed from a code change introduced in June 2021. No passwords were exposed as a result of the incident. The six-month delay in making this public stems from new evidence last month that an unidentified actor had potentially taken advantage of the flaw before the fix to scrape user information and sell it for profit on Breach Forums . Although Twitter didn't reveal the exact number of impacted users, the forum post made by the threat actor shows that the flaw was exThe Hacker News
August 06, 2022 – Solution
Microsoft Edge gets better security defaults on less popular sites Full Text
Abstract
Microsoft is rolling out a new update to the Microsoft Edge Stable Channel over the coming days to improve the web browser's security defaults when visiting less popular websites.BleepingComputer
August 06, 2022 – Breach
Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users Full Text
Abstract
Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members," the enterprise communication and collaboration platform said in an alert on 4th August. Hashing refers to a cryptographic technique that transforms any form of data into a fixed-size output (called a hash value or simply hash). Salting is designed to add an extra security layer to the hashing process to make it resistant to brute-force attempts. The Salesforce-owned company, which reported more than 12 million daily active users in September 2019, didn't reveal the exact hashing algorithm used to safeguard the passwords. The bug is said to have impacted all users who created or revoked shared invitation links between 17 April 2017 and 17 July 20The Hacker News
August 06, 2022 – Ransomware
New GwisinLocker ransomware encrypts Windows and Linux ESXi servers Full Text
Abstract
A new ransomware family called 'GwisinLocker' targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines.BleepingComputer
August 6, 2022 – Privacy
Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Full Text
Abstract
Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance...Security Affairs
August 6, 2022 – Breach
Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Full Text
Abstract
Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace Slack announced that it is resetting passwords for about 0.5% of its users...Security Affairs
August 05, 2022 – Outage
UK NHS suffers outage after cyberattack on managed service provider Full Text
Abstract
United Kingdom's National Health Service (NHS) 111 emergency services are affected by a major outage triggered by a cyberattack that hit the systems of managed service provider (MSP) Advanced.BleepingComputer
August 5, 2022 – Policy and Law
India scraps data protection law, promises better successor Full Text
Abstract
On Wednesday, telecom minister Ashwini Vaishnaw tweeted that the bill was nixed because the Joint Committee of Parliament (JCP) recommended 81 amendments to the Bill's 99 sections.The Register
August 05, 2022 – Attack
Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government Full Text
Abstract
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The July 17 attacks , according to Albania's National Agency of Information Society, forced the government to "temporarily close access to online public services and other government websites" because of a "synchronized and sophisticated cybercriminal attack from outside Albania." The politically motivated disruptive operation, per Mandiant, entailed the deployment of a new ransomware family called ROADSWEEP that included a ransom note with the text: "Why should our taxes be spent on the benefit of DURRES terrorists?" A front named HomeLand Justice has since claimed credit for the cyber offensive, with the group also alleThe Hacker News
August 5, 2022 – Breach
Twitter confirms zero-day used to access data of 5.4 million accounts Full Text
Abstract
Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting...Security Affairs
August 05, 2022 – Ransomware
The Week in Ransomware - August 5th 2022 - A look at cyber insurance Full Text
Abstract
For the most part, it has been a quiet week on the ransomware front, with a few new reports, product developments, and attacks revealed.BleepingComputer
August 5, 2022 – Breach
Neurology Practice Notifies 363,000 Individuals That PHI Was Posted on Dark Web Full Text
Abstract
An Indiana neurology practice is notifying nearly 363,000 individuals that their sensitive information was compromised in a recent ransomware attack - and that some of their data was posted on the dark web.Bank Info Security
August 05, 2022 – Vulnerabilities
Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages Full Text
Abstract
The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks. The August 1 advisory comes courtesy of DHS' Federal Emergency Management Agency (FEMA). CYBIR security researcher Ken Pyle has been credited with discovering the shortcoming. EAS is a U.S. national public warning system that enables state authorities to disseminate information within 10 minutes during an emergency. Such alerts can interrupt radio and television to broadcast emergency alert information. Details of the flaw have been kept under wraps to prevent active exploitation by malicious actors, although it's expected to be publicized as a proof-of-concept at the DEF CON conference to be held in Las Vegas next week. "In short, the vulnerability is public knowledge and will be demonsThe Hacker News
August 5, 2022 – Malware
The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases Full Text
Abstract
Dark Utilities "C2-as-a-Service" is attracting a growing number of customers searching for a command-and-control for their campaigns. The popularity of the Dark Utilities "C2-as-a-Service" is rapidly increasing, over 3,000 users are already...Security Affairs
August 05, 2022 – Breach
Slack resets passwords after exposing hashes in invitation links Full Text
Abstract
Slack notified roughly 0.5% of its users that it reset their passwords after fixing a bug exposing salted password hashes when creating or revoking shared invitation links for workspaces.BleepingComputer
August 5, 2022 – Government
U.S. CISA and Australia’s ACSC Release List of 2021’s Top Malware Strains Full Text
Abstract
As per the advisory, the top malware strains of 2021 include Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and GootLoader.US CERT
August 05, 2022 – Education
Resolving Availability vs. Security, a Constant Conflict in IT Full Text
Abstract
Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn't always easy – though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams. Yes, both teams ultimately want to have secure systems that are harder to breach. However, security can come at the expense of availability – and vice versa. In this article, we'll look at the availability vs. security conflict, and a solution that helps to resolve that conflict. Ops team focus on availability… security teams lock down Operations teams will always have stability, and therefore availability, as a top priority. Yes, ops teams will make security a priority too but only as far as it touches on either stability or availability, never as an absolute goal. It plays out in the "five nines" uptime goal that sets an incredibly highThe Hacker News
August 5, 2022 – Government
DHS warns of critical flaws in Emergency Alert System encoder/decoder devices Full Text
Abstract
The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder...Security Affairs
August 05, 2022 – Attack
Hackers are actively exploiting password-stealing flaw in Zimbra Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by hackers.BleepingComputer
August 5, 2022 – Attack
Disruptive Roadsweep Ransomware Attacks on NATO Member Albania Linked to Iran Full Text
Abstract
The Albanian government announced in mid-July that it was forced to shut down some public online services due to a cyberattack. Mandiant has investigated the incident, which led to the discovery of a new piece of ransomware.Security Week
August 05, 2022 – Attack
A Growing Number of Malware Attacks Leveraging Dark Utilities ‘C2-as-a-Service’ Full Text
Abstract
A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos said in a report shared with The Hacker News. Dark Utilities, which emerged in early 2022, is advertised as a "C2-as-a-Service" (C2aaS), offering access to infrastructure hosted on the clearnet as well as the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99. Authenticated users on the platform are presented with a dashboard that makes it possible to generate new payloads tailored to a specific operating system that can then be deployed and executed on victim hosts. Additionally, users are provided an administrative panelThe Hacker News
August 5, 2022 – Government
CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog Full Text
Abstract
US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed...Security Affairs
August 05, 2022 – Breach
Twitter confirms zero-day used to expose data of 5.4 million accounts Full Text
Abstract
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.BleepingComputer
August 5, 2022 – Business
Keyavi Data raises $13 million to meet market demand for self-protecting data technology Full Text
Abstract
As organizations rely on digital information to run their business, data-centric security is rapidly evolving. Keyavi’s patented technology infuses intelligence directly into data—adding layers of policy-based protection that fortify each file.Help Net Security
August 5, 2022 – Hacker
Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor Full Text
Abstract
A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134...Security Affairs
August 05, 2022 – APT
Facebook finds new Android malware used by APT hackers Full Text
Abstract
Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 (aka 'Transparent Tribe') using new Android malware.BleepingComputer
August 5, 2022 – Vulnerabilities
Chromium site isolation bypass allows wide range of attacks on browsers Full Text
Abstract
The security weakness opens the door to a number of exploits including stealing private information, reading and modifying cookies, and gaining access to microphone and camera feeds.The Daily Swig
August 5, 2022 – Botnet
New Linux botnet RapperBot brute-forces SSH servers Full Text
Abstract
RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022....Security Affairs
August 05, 2022 – Solution
DuckDuckGo browser now blocks all Microsoft trackers, most of the time Full Text
Abstract
DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past.BleepingComputer
August 5, 2022 – Solution
Sonatype shines a light on typosquatting in PyPI Full Text
Abstract
Miscreants making use of typosquatting are being spotted by researchers at Sonatype, emphasizing the need to check that the package is really the one you meant to download.The Register
August 5, 2022 – Malware
A Bunch of Android Apps Spread Adware and Other Malware Full Text
Abstract
Another batch of malicious apps infected with adware and malware has managed to slip past Google’s defenses and end up on the Play Store. These apps were pushing intrusive ads, subscribing users to premium services, and stealing social media accounts. Users are requested to verify apps beforehand ... Read MoreCyware Alerts - Hacker News
August 04, 2022 – Vulnerabilities
Critical RCE vulnerability impacts 29 models of DrayTek routers Full Text
Abstract
Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers.BleepingComputer
August 04, 2022 – Government
CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation . The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary Memcached commands and theft of sensitive information. "Zimbra Collaboration (ZCS) allows an attacker to inject memcached commands into a targeted instance which causes an overwrite of arbitrary cached entries," CISA said. Specifically, the bug relates to a case of insufficient validation of user input that, if successfully exploited, could enable attackers to steal cleartext credentials from users of targeted Zimbra instances. The issue was disclosed by SonarSource in June, with patches released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1. CISA hasnThe Hacker News
August 4, 2022 – Attack
New Woody RAT used in attacks aimed at Russian entities Full Text
Abstract
An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT....Security Affairs
August 04, 2022 – General
New Traffic Light Protocol standard released after five years Full Text
Abstract
The Forum of Incident Response and Security Teams (FIRST) has published TLP 2.0, a new version of its Traffic Light Protocol (TLP) standard, five years after the release of the initial version.BleepingComputer
August 4, 2022 – Malware
Microsoft links Raspberry Robin Malware to Evil Corp Attacks Full Text
Abstract
Microsoft has interlinked the operations of cybercriminals spreading Raspberry Robin and the notorious Evil Corp. Evil Corp was seen taking advantage of Raspberry Robin's DEV-0243 access to enterprise networks for distributing Dridex malware. Raspberry Robin spreads via external USB drives.Cyware Alerts - Hacker News
August 04, 2022 – General
Who Has Control: The SaaS App Admin Paradox Full Text
Abstract
Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team to use their login. This CRM, however, defines MFA as a top-tier security setting; for example, Salesforce has a "High Assurance Login Value" configuration and immediately locks out all users as a safety precaution. The entire organization hits a standstill and is frustrated and confused. Deeply concerning, this is not a one-off event, admins for business-critical SaaS apps often sit outside the security department and have profound control. Untrained and not focused on security measures, these admins are working towards their departmental KPIs. For instance, Hubspot is usually owned by the marketing department, likewise, Salesforce is often owned by the business depThe Hacker News
August 4, 2022 – Vulnerabilities
Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction Full Text
Abstract
A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices. Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated,...Security Affairs
August 04, 2022 – Criminals
Hackers try to extort survey firm QuestionPro after alleged data theft Full Text
Abstract
Hackers attempted to extort the online survey platform QuestionPro after claiming to have stolen the company's database containing respondents' personal information.BleepingComputer
August 4, 2022 – Breach
India: Over 280M records comprising UANs, bank account numbers, incomes, and PFs allegedly leaked online Full Text
Abstract
On August 2, cybersecurity researcher Volodymyr "Bob" Diachenko, during a routine search for public exposures on the internet, found two IPs containing massive amounts of highly sensitive data belonging to Indian citizens.The Times Of India
August 04, 2022 – Vulnerabilities
Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers Full Text
Abstract
As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the devices and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing," Trellix researcher Philippe Laulheret said . "A one-click attack can also be performed from within the LAN in the default device configuration." Filed under CVE-2022-32548, the vulnerability has received the maximum severity rating of 10.0 on the CVSS scoring system, owing to its ability to completely allow an adversary to seize control of the routers. At its core, the shortcoming is the result of a buffer overflow flaw in the web management interface ("/cgi-bin/wlogin.cgi"), which can be weaponized by a malicious actor by supplying specThe Hacker News
August 4, 2022 – Denial Of Service
Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit Full Text
Abstract
Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy Pelosi. Major Taiwan government websites were temporarily forced offline by distributed denial of service (DDoS) attacks...Security Affairs
August 04, 2022 – Government
DHS warns of critical flaws in Emergency Alert System devices Full Text
Abstract
The Department of Homeland Security (DHS) warned that attackers could exploit critical security vulnerabilities in unpatched Emergency Alert System (EAS) encoder/decoder devices to send fake emergency alerts via TV and radio networks.BleepingComputer
August 4, 2022 – Malware
IcedID leverages PrivateLoader. By: Joshua Platt and Jason Reaves Full Text
Abstract
PrivateLoader is not new to having some bigger malware names leveraging it as previous research indicates it being leveraged by TrickBot, Qakbot, DanaBot, and Dridex previously.Medium
August 04, 2022 – Attack
New Woody RAT Malware Being Used to Target Russian Organizations Full Text
Abstract
An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability ( CVE-2022-30190 ) in Windows. Like other implants engineered for espionage-oriented operations, Woody RAT sports a wide range of features that enables the threat actor to remotely commandeer and steal sensitive information from the infected systems. "The earliest versions of this RAT were typically archived into a ZIP file pretending to be a document specific to a Russian group," Malwarebytes researchers Ankur Saini and Hossein Jazi said in a Wednesday report. "When the Follina vulnerability became known to the world, the threat actor switched to it to distribute the payload.&quoThe Hacker News
August 4, 2022 – Breach
Hackers stole $200 million from the Nomad crypto bridge Full Text
Abstract
The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its funds. Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad....Security Affairs
August 04, 2022 – Hacker
Thousands of hackers flock to ‘Dark Utilities’ C2-as-a-Service Full Text
Abstract
Security researchers found a new service called Dark Utilities that provides an easy and inexpensive way for cybercriminals to set up a command and control (C2) center for their malicious operations.BleepingComputer
August 4, 2022 – Breach
UAE-based Retail Chain Spinneys Suffers Customer Data leak Full Text
Abstract
The hackers accessed an internal server that comprised customer data, including names, contact numbers, email addresses, delivery addresses, and previous order information.Secure Reading
August 04, 2022 – Attack
Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage Full Text
Abstract
A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch as TAC-040 . "The evidence indicates that the threat actor executed malicious commands with a parent process of tomcat9.exe in Atlassian's Confluence directory," the company said . "After the initial compromise, the threat actor ran various commands to enumerate the local system, network, and Active Directory environment." The Atlassian vulnerability suspected to have been exploited is CVE-2022-26134 , an Object-Graph Navigation Language (OGNL) injection flaw that paves the way for arbitrary code execution on a Confluence Server or Data Center instance.The Hacker News
August 4, 2022 – Vulnerabilities
Cisco addressed critical flaws in Small Business VPN routers Full Text
Abstract
Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The...Security Affairs
August 04, 2022 – Malware
New Linux malware brute-forces SSH servers to breach networks Full Text
Abstract
A new botnet called 'RapperBot' has emerged in the wild since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers and then establishing persistence.BleepingComputer
August 4, 2022 – Criminals
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware Full Text
Abstract
Among the threat actors distributing Bumblebee is Projector Libra (aka EXOTIC LILY). It is a criminal group that uses file sharing services to distribute malware after direct email correspondence with a potential victim.Palo Alto Networks
August 04, 2022 – Education
Three Common Mistakes That May Sabotage Your Security Training Full Text
Abstract
Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques. The Need for Security Awareness Training Although technical solutions protect against phishing threats, no solution is 100% effective . Consequently, companies have no choice but to involve their employees in the fight against hackers. This is where security awareness training comes into play. Security awareness training gives companies the confidence that their employees will execute the right response when they discover a phishing message in their inbox. As the saying goes, "knowledge is power," but the effectiveness of knowledge depends heavily on how it is delivered. When it comes to phishing attacks, simulations are among the most effective forms of training because the events in training simulations directly mimic how an employee would react in the event of an actuThe Hacker News
August 04, 2022 – Malware
Cybersecurity agencies reveal last year’s top malware strains Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a list of the topmost detected malware strains last year in a joint advisory with the Australian Cyber Security Centre (ACSC).BleepingComputer
August 4, 2022 – IOT
New IoT Malware Dubbed RapperBot Brute Forces Into SSH Servers Full Text
Abstract
RapperBot is designed to function primarily as an SSH brute-forcer with limited DDoS capabilities. As is typical of most IoT malware, it targets ARM, MIPS, SPARC, and x86 architectures.Fortinet
August 04, 2022 – Attack
German Chambers of Industry and Commerce hit by ‘massive’ cyberattack Full Text
Abstract
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.BleepingComputer
August 4, 2022 – Business
Cyber Readiness Measurement Firm Axio Raises $23 Million Full Text
Abstract
New York-based cyber readiness and risk management firm Axio has raised $23 million in a Series B funding round led by ISTARI, with participation from existing investors NFP Ventures and IA Capital Group.Security Week
August 03, 2022 – Vulnerabilities
Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws Full Text
Abstract
Cisco on Wednesday rolled out patches to address eight security vulnerabilities , three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8), the weakness stems from an insufficient validation of user-supplied input to the web-based management interface of the appliances. "An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device," Cisco said in an advisory. "A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition." A second shortcoming relates to a command injection vulnerability residing in the routers' web filter database update featurThe Hacker News
August 03, 2022 – Attack
Russian organizations attacked with new Woody RAT malware Full Text
Abstract
Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely.BleepingComputer
August 3, 2022 – Vulnerabilities
Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104 Full Text
Abstract
Google has patched 27 vulnerabilities with the release of Chrome 104 on Tuesday, and the researchers who reported some of these security holes earned thousands of dollars in bug bounties.Security Week
August 03, 2022 – Encryption
Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour Full Text
Abstract
A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the fourth round of the Post-Quantum Cryptography (PQC) standardization process by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST). "Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively," KU Leuven researchers Wouter Castryck and Thomas Decru said in a new paper. "A run on the SIKEp434 parameters, previously believed to meet NIST's quantum security level 1, took about 62 minutes, again on a single core." The code was executed on an Intel Xeon CPU E5-2630v2 at 2.60GHz, which was releaseThe Hacker News
August 3, 2022 – Attack
Power semiconductor component manufacturer Semikron suffered a ransomware attack Full Text
Abstract
Semikron, a German-based independent manufacturer of power semiconductor components, suffered a ransomware cyberattck. Semikron is a German-based independent manufacturer of power semiconductor components, it employs more than...Security Affairs
August 03, 2022 – Malware
Cloned Atomic Wallet website is pushing Mars Stealer malware Full Text
Abstract
A fake website impersonating the official portal for the Atomic wallet, a popular decentralized wallet that also operates as a cryptocurrency exchange portal, is, in reality, distributing copies of the Mars Stealer information-stealing malware.BleepingComputer
August 3, 2022 – Vulnerabilities
Unpatched XSS, CSRF bugs included in latest Jenkins plugin advisory Full Text
Abstract
The organization’s latest security advisory lists a total of 27 plugin vulnerabilities, five of which were deemed to be ‘high’ impact and the majority of which remain unpatched.The Daily Swig
August 03, 2022 – Malware
VirusTotal Reveals Most Impersonated Software in Malware Attacks Full Text
Abstract
Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the simplest social engineering tricks we've seen involves making a malware sample seem a legitimate program," VirusTotal said in a Tuesday report. "The icon of these programs is a critical feature used to convince victims that these programs are legitimate." It's no surprise that threat actors resort to a variety of approaches to compromise endpoints by tricking unwitting users into downloading and running seemingly innocuous executables. This, in turn, is primarily achieved by taking advantage of genuine domains in a bid to get around IP-based firewall defensesThe Hacker News
August 3, 2022 – Malware
Manjusaka, a new attack tool similar to Sliver and Cobalt Strike Full Text
Abstract
Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. Talos researchers observed a Chinese threat actor using a new offensive framework called Manjusaka (which can be translated...Security Affairs
August 03, 2022 – Attack
Spanish research agency still recovering after ransomware attack Full Text
Abstract
The Spanish National Research Council (CSIC) last month was hit by a ransomware attack that is now attributed to Russian hackers.BleepingComputer
August 3, 2022 – Policy and Law
Senators introduce bill to ensure resiliency of federal data centers Full Text
Abstract
A group of bipartisan senators have introduced legislation to establish baseline cybersecurity requirements and new protections against catastrophic weather-related disasters for federal data centers across the country.FCW
August 03, 2022 – General
On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams Full Text
Abstract
The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Nearly 60% of enterprises can't find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study. The result? Heavier workloads, unfilled positions, and burnout. And technology isn't easing the burden in many organizations, especially smaller ones. In fact, it's making the problem worse, suggests Cynet's recent CISO survey . Big Tech Pushes Small Teams to the Limits Tech stacks normally supercharge cyber security teams, but in the case of crews of five or fewer — it just leads to overwhelm. For example, it took them an average of 18 months to fully implement and feel proficient in endpoint detection and response (EDR) tools — making the technology yet another barrier to cyber security for the 85% of teams adopting it in 2022 . SuThe Hacker News
August 3, 2022 – Vulnerabilities
Google fixed Critical Remote Code Execution flaw in Android Full Text
Abstract
Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution over Bluetooth. Google has fixed a critical vulnerability, tracked as CVE-2022-20345, that affects the Android...Security Affairs
August 03, 2022 – Solution
Windows 11 Smart App Control blocks files used to push malware Full Text
Abstract
Smart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several new file types threat actors have recently adopted to infect targets with malware in phishing attacks.BleepingComputer
August 3, 2022 – Business
NortonLifeLock, Avast deal gets provisional approval of CMA Full Text
Abstract
The $8.6 billion merger was announced in August 2021 and, after a gentle probe, the Competition and Markets Authority (CMA) decided that a closer look was needed in March 2022.The Register
August 03, 2022 – Attack
Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users Full Text
Abstract
A new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts. "It uses an adversary-in-the-middle (AitM) attack technique capable of bypassing multi-factor authentication," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu said in a Tuesday report. "The campaign is specifically designed to reach end users in enterprises that use Microsoft's email services." Prominent targets include fintech, lending, insurance, energy, manufacturing, and federal credit union verticals located in the U.S., U.K., New Zealand, and Australia. This is not the first time such a phishing attack has come to light. Last month, Microsoft disclosed that over 10,000 organizations had been targeted since September 2021 by means of AitM techniques to breach accounts secured with multi-factor authentication (MFA). The ongoing campaign, effective June 2022,The Hacker News
August 3, 2022 – Education
Busting the Myths of Hardware Based Security Full Text
Abstract
Many experts often overlook hardware based security and its vital importance in establishing a secure workspace. When it comes to cybersecurity, everyone likes to talk about software and the dangers that it poses. However, people often overlook hardware-based...Security Affairs
August 03, 2022 – Phishing
Microsoft accounts targeted with new MFA-bypassing phishing kit Full Text
Abstract
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication.BleepingComputer
August 3, 2022 – Phishing
Phishers Exploit Unprotected Snapchat, American Express Sites for Malicious Redirects Full Text
Abstract
From the website operator’s perspective, the only damage that potentially occurs is harm to the site’s reputation. The victims, however, may lose credentials, data, and possibly money.INKY
August 03, 2022 – Vulnerabilities
Cisco fixes critical remote code execution bug in VPN routers Full Text
Abstract
Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service (DoS) conditions on vulnerable devices.BleepingComputer
August 3, 2022 – Policy and Law
German prosecutors issue warrant for Russian government hacker over energy sector attacks Full Text
Abstract
Prosecutors in Germany have issued a warrant for the arrest of Pawel A, a Russian national they accuse of being part of the Berserk Bear hacking group within Russia’s Federal Security Service (FSB), according to German public broadcasters BR and WDR.The Record
August 03, 2022 – Disinformation
Ukraine takes down 1,000,000 bots used for disinformation Full Text
Abstract
The Ukrainian cyber police (SSU) has shut down a massive bot farm of 1,000,000 bots used to spread disinformation on social networks.BleepingComputer
August 3, 2022 – Vulnerabilities
Nvidia releases security update for unsupported Windows 7 and 8.1 systems Full Text
Abstract
Effective October 2021, Game Ready Driver upgrades, including performance enhancements, new features, and bug fixes, are exclusively available for systems utilizing Windows 10 and Windows 11 as their operating system.Ghacks
August 03, 2022 – Education
Minimizing the security risks of Single Sign On implementations Full Text
Abstract
While the use of Single Sign On resulted in some organizations adopting stronger password policies, it also created additional security risks. Learn what these risks are and how you can make SSO more secure.BleepingComputer
August 3, 2022 – Ransomware
SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users Full Text
Abstract
The SolidBit ransomware group appears to be planning to expand its operations through these fraudulent apps and its recruitment of ransomware-as-a-service (RaaS) affiliates.Trend Micro
August 03, 2022 – Breach
Thousands of Solana wallets drained in attack using unknown exploit Full Text
Abstract
An overnight attack on the Solana blockchain platform drained thousands of software wallets of cryptocurrency worth millions of U.S. dollars.BleepingComputer
August 3, 2022 – Government
Singapore takes formal step towards setting up cyber defence unit Full Text
Abstract
First mooted in March, the new digital and intelligence service (DIS) unit would be set up as a fourth service under the Singapore Armed Forces (SAF) and responsible for combating online attacks.ZDNet
August 03, 2022 – Malware
35,000 code repos not hacked—but clones flood GitHub to serve malware Full Text
Abstract
Thousands of GitHub repositories were forked (cloned) and altered to include malware, a software engineer discovered.BleepingComputer
August 02, 2022 – Vulnerabilities
VMware Releases Patches for Several New Flaws Affecting Multiple Products Full Text
Abstract
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager. The most severe of the flaws is CVE-2022-31656 (CVSS score: 9.8), an authentication bypass vulnerability affecting local domain users that could be leveraged by a bad actor with network access to obtain administrative rights. Also resolved by VMware are three remote code execution vulnerabilities (CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665) related to JDBC and SQL injection that could be weaponized by an adversary with administrator and network access. Elsewhere, it has also remediated a reflecThe Hacker News
August 02, 2022 – Hacker
Chinese hackers use new Cobalt Strike-like attack framework Full Text
Abstract
Researchers have observed a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative to the widely abused Cobalt Strike toolset or parallel to it for redundancy.BleepingComputer
August 2, 2022 – Denial Of Service
Taiwanese Websites Hit with DDoS Attacks Just Prior to Nancy Pelosi Visit Full Text
Abstract
The attacks hit at least four websites — those of President Tsai Ing-wen, the National Defense Ministry, the Foreign Affairs Ministry and the country’s largest airport, Taiwan Taoyuan International.NBC News
August 02, 2022 – Hacker
Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike Full Text
Abstract
Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors," Cisco Talos said in a new report. Sliver and Cobalt Strike are legitimate adversary emulation frameworks that have been used by threat actors to carry out post-exploitation activities such as network reconnaissance, lateral movement, and facilitating the deployment of follow-on payloads. Written in Rust, Manjusaka -- meaning "cow flower" -- is advertised as an equivalent to the Cobalt Strike framework with capabilities to target both Windows and Linux operating systems. Its developer is believed to be located in the GuangDongThe Hacker News
August 2, 2022 – Policy and Law
Didi Fined $1.2 Billion for Violating Data Security Laws Full Text
Abstract
Lawfare’s biweekly roundup of U.S.-China technology policy news.Lawfare
August 2, 2022 – Vulnerabilities
VMware fixed critical authentication bypass vulnerability Full Text
Abstract
VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting...Security Affairs
August 02, 2022 – Attack
Semiconductor manufacturer Semikron hit by LV ransomware attack Full Text
Abstract
German power electronics manufacturer Semikron has disclosed that it was hit by a ransomware attack that partially encrypted the company's network.BleepingComputer
August 2, 2022 – Criminals
Hackers Stole Passwords for Accessing 140,000 Payment Terminals Full Text
Abstract
Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy, a cybersecurity startup told TechCrunch.Tech Crunch
August 02, 2022 – Vulnerabilities
New ‘ParseThru’ Parameter Smuggling Vulnerability Affects Golang-based Applications Full Text
Abstract
Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm Oxeye said in a report shared with The Hacker News. The issue, at its core, has to do with inconsistencies stemming from changes introduced to Golang's URL parsing logic that's implemented in the "net/url" library. While versions of the programming language prior to 1.17 treated semicolons as a valid query delimiter (e.g., example.com?a=1;b=2&c=3), this behavior has since been modified to throw an error upon finding a query string containing a semicolon. "The net/url and net/http packages used to accept ";" (semicolon) as a setting separatThe Hacker News
August 2, 2022 – Criminals
LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender Full Text
Abstract
An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service...Security Affairs
August 02, 2022 – Education
Wolf in sheep’s clothing: how malware tricks users and antivirus Full Text
Abstract
One of the primary methods used by malware distributors to infect devices is by deceiving people into downloading and running malicious files, and to achieve this deception, malware authors are using a variety of tricks.BleepingComputer
August 2, 2022 – Policy and Law
Banking Groups Urge Senators to Reject NDAA Provision as Harmful to Cybersecurity Full Text
Abstract
A provision in annual legislation to authorize spending by the Defense Department could endanger the cybersecurity of critical infrastructure, trade associations for the financial sector argued in a letter to key senators.Nextgov
August 02, 2022 – Education
What is ransomware and how can you defend your business from it? Full Text
Abstract
Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat actors typically provide victims with a decryption key or tool to unlock their data or device, though this is not guaranteed. Oliver Pinson-Roxburgh, CEO of Defense.com , the all-in-one cybersecurity platform, shares knowledge and advice in this article on how ransomware works, how damaging it can be, and how your business can mitigate ransomware attacks from occurring. What does a ransomware attack comprise? There are three key elements to a ransomware attack: Access In order to deploy malware to encrypt files and gain control, cybercriminals need to initially gain access to an organizaThe Hacker News
August 2, 2022 – Malware
Gootkit AaaS malware is still active and uses updated tactics Full Text
Abstract
Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised...Security Affairs
August 02, 2022 – Policy and Law
Mobile store owner hacked T-Mobile employees to unlock phones Full Text
Abstract
A former owner of a T-Mobile retail store in California has been found guilty of a $25 million scheme where he illegally accessed T-Mobile's internal systems to unlock and unblock cell phones.BleepingComputer
August 2, 2022 – General
Not All Vulnerabilities Are Created Equal Full Text
Abstract
For industries without heavy IT expertise, responding to the myriad vulnerability advisories released by the Cybersecurity and Infrastructure Security Agency is a daunting task.Nextgov
August 02, 2022 – Ransomware
LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload Full Text
Abstract
A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial access had been achieved, the threat actors performed a series of enumeration commands and attempted to run multiple post-exploitation tools, including Meterpreter, PowerShell Empire, and a new way to side-load Cobalt Strike," researchers Julio Dantas, James Haughom, and Julien Reisdorffer said . LockBit 3.0 (aka LockBit Black), which comes with the tagline "Make Ransomware Great Again!," is the next iteration of the prolific LockBit RaaS family that emerged in June 2022 to iron out critical weaknesses discovered in its predecessor. It's notable for instiThe Hacker News
August 2, 2022 – Policy and Law
Austria investigates DSIRF firm for allegedly developing Subzero spyware Full Text
Abstract
Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies. At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers...Security Affairs
August 02, 2022 – Vulnerabilities
VMware urges admins to patch critical auth bypass bug immediately Full Text
Abstract
VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.BleepingComputer
August 2, 2022 – Attack
GoLang-based ‘Manjusaka’ Attack Framework Imitates Sliver and Cobalt Strike Full Text
Abstract
Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of Cobalt Strike.Cisco Talos
August 02, 2022 – Solution
Microsoft announces new external attack surface audit tool Full Text
Abstract
Microsoft has announced a new security product allowing security teams to spot Internet-exposed resources in their organization's environment that attackers could use to breach their networks.BleepingComputer
August 2, 2022 – Privacy
Austria Probes Claim Spyware Targeted Law Firms, Banks Full Text
Abstract
Austria's interior ministry said it had not received reports of any incidents. "Of course, (intelligence agency) DSN checks the allegations. So far, there is no proof of the use of spy software from the company mentioned," it said in a statement.Security Week
August 02, 2022 – Attack
EU missile maker MBDA confirms data theft extortion, denies breach Full Text
Abstract
MBDA, one of the largest missile developers and manufacturers in Europe, has responded to rumors about a cyberattack on its infrastructure saying that claims of a breach of its systems are false.BleepingComputer
August 01, 2022 – Breach
Over 3,200 apps leak Twitter API keys, some allowing account hijacks Full Text
Abstract
Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app.BleepingComputer
August 1, 2022 – Vulnerabilities
GitHub Actions workflow flaws provided write access to projects including Logstash Full Text
Abstract
A research team from dating platform Tinder crafted an automation script that unearthed flaws that enabled the exfiltration of secrets that provide write access to various open source GitHub repositories, including Elastic’s Logstash.The Daily Swig
August 01, 2022 – Breach
Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys Full Text
Abstract
Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News. "Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said. This can range from reading direct messages to carrying out arbitrary actions such as retweeting, liking and deleting tweets, following any account, removing followers, accessing account settings, and even changing the account profile picture. Access to the Twitter API requires generating the Keys and Access Tokens, which act as the usernames and passwords for the apps as well as the users on whose behalf the API requests wThe Hacker News
August 1, 2022 – General
A Frontier Without Direction? The U.K.’s Latest Position on Responsible Cyber Power Full Text
Abstract
The U.K. missed an opportunity to clarify its view on non-intervention in international law for peacetime offensive cyber operations, develop perspectives on what states can do in cyberspace, and provide detail on what its own National Cyber Force does.Lawfare
August 1, 2022 – Criminals
ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A. Full Text
Abstract
The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages...Security Affairs
August 01, 2022 – General
Microsoft Defender Experts for Hunting now generally available Full Text
Abstract
Microsoft Defender Experts for Hunting, a new managed security service for Microsoft 365 Defender customers, is now generally available.BleepingComputer
August 1, 2022 – Vulnerabilities
CompleteFTP path traversal flaw allowed attackers to delete server files Full Text
Abstract
A security researcher with the handle rgod discovered a flaw in the HttpFile class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.The Daily Swig
August 01, 2022 – Education
Two Key Ways Development Teams Can Increase Their Security Maturity Full Text
Abstract
Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent global research, 67% of developers that were interviewed said they were still shipping code they knew contained vulnerabilities. Helping your development teams progress to achieve security maturity is possible, and ultimately beneficial. It will help ensure secure software development at every stage of the software development lifecycle. But how can you help your development teams reach security maturity? We dug deep and leveraged insights from over 400 of our customers to identify traits and behaviors that occur when a development team increases its security maturity. Here we share two of them: #1: A deep understanding of your gaps Before creating any maturity program, we first need to uThe Hacker News
August 1, 2022 – Policy and Law
Australian man charged with creating and selling the Imminent Monitor spyware Full Text
Abstract
An Australian national has been charged for the creation and sale of the Imminent Monitor (IM) spyware, which was also used for criminal purposes. The 24-year-old Australian national Jacob Wayne John Keen has been charged for his alleged role in the development...Security Affairs
August 01, 2022 – General
Steam, PayPal blocked as Indonesia enforces new Internet regulation Full Text
Abstract
The Indonesian Ministry of Communication and Information Technology, Kominfo, is now blocking access to internet service and content providers who had not registered on the country's new licensing platform by July 27th, 2022, as the country begins to restrict access to online content providers and services.BleepingComputer
August 1, 2022 – Vulnerabilities
Organizations Warned of Critical Confluence Flaw as Exploitation Continues Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government organizations — and advised private sector companies — to address a recently disclosed Confluence vulnerability that has been exploited in attacks.Security Week
August 1, 2022 – Vulnerabilities
A flaw in Dahua IP Cameras allows full take over of the devices Full Text
Abstract
A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects...Security Affairs
August 01, 2022 – Attack
BlackCat ransomware claims attack on European gas pipeline Full Text
Abstract
The ransomware group known as ALPHV (aka BlackCat) has assumed over the weekend responsibility for the cyberattack that hit Creos Luxembourg last week, a natural gas pipeline and electricity network operator in the central European country.BleepingComputer
August 1, 2022 – Phishing
Blockchain security firm warns of new MetaMask phishing campaign Full Text
Abstract
As per a post written by Halborn’s technical education specialist Luis Lubeck, the active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrases.Coin Telegraph
August 1, 2022 – Government
US Federal Communications Commission (FCC) warns of the rise of smishing attacks Full Text
Abstract
The Federal Communications Commission (FCC) warned Americans of the rising threat of smishing (robotexts) attacks. The Federal Communications Commission (FCC) issued an alert to warn Americans of the rising threat of smishing (robotexts) attacks aimed...Security Affairs
August 1, 2022 – General
Cyber Attacks Against Critical Infrastructure Quietly Increase Full Text
Abstract
Back in June of this year, Trend Micro research revealed that 89 percent of electricity, oil & gas, and manufacturing firms have experienced cyberattacks impacting production and energy supply over the past 12 months.Government Technology
August 1, 2022 – Malware
Latest Generation of the Raccoon Stealer Family Ditches Telegram Network for Command & Control Full Text
Abstract
Raccoon is a malware family that has been sold as malware-as-a-service on underground forums since early 2019. In early July 2022, a new variant of this malware dubbed Raccoon Stealer v2 was released.Zscaler
August 1, 2022 – Policy and Law
With cyber sovereignty at stake, it is high time India brings in uniform cybersecurity law Full Text
Abstract
India’s digital transformation cannot be fashioned on the foundations of decades-old legal infrastructure like the Information Technology Act 2000 and the National Cyber Security Policy 2013, among others.First Post