Link Search Menu Expand Document
BSafes Library

January, 2023

January 31, 2023 – Business

Guardz Emerges From Stealth Mode With $10 Million in Funding Full Text

Abstract Guardz today emerged from stealth mode with $10 million raised in a seed funding round led by Hanaco Ventures, with additional investment from iAngels, Cyverse Capital, and GKFF Ventures.

Cyware

January 31, 2023 – General

You Don’t Know Where Your Secrets Are Full Text

Abstract Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases. It might sound ridiculous at first: keeping secrets is an obvious first thought when thinking about security in the development lifecycle. Whether in the cloud or on-premise, you know that your secrets are safely stored behind hard gates that few people can access. It is not just a matter of common sense since it's also an essential compliance requirement for security audits and certifications. Developers working in your organization are well-aware that secrets should be handled with special care. They have put in place specific tools and procedures to correctly create, communicate, and rotate human or machine credentials. Still, do you know where your secrets are?

The Hacker News

January 31, 2023 – Breach

IT Army of Ukraine gained access to a 1.5GB archive from Gazprom Full Text

Abstract IT Army of Ukraine claims to have breached the infrastructure of the Russian energy giant Gazprom and had access to a 1.5 GB archive. The collective IT Army of Ukraine announced it has gained access to a 1.5 GB archive belonging to the Russian energy...

Security Affairs

January 31, 2023 – Malware

New GOOTLOADER Variant Evolves Further with New Obfuscation Tricks Full Text

Abstract The UNC2565 hacker group appears to have restructured its GOOTLOADER (or Gootkit) malware by adding new components and implementing new obfuscation techniques. Gootkit is used by adversaries to drop additional malicious payloads, such as SunCrypt, REvil (Sodinokibi) ransomware, Kronos trojan, and C ... Read More

Cyware

January 31, 2023 – Malware

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector Full Text

Abstract The Russia-affiliated Sandworm used yet another wiper malware strain dubbed  NikoWiper  as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on  SDelete , a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET  revealed  in its latest APT Activity Report shared with The Hacker News. The Slovak cybersecurity firm said the attacks coincided with  missile strikes  orchestrated by the Russian armed forces aimed at the Ukrainian energy infrastructure, suggesting overlaps in objectives. The disclosure comes merely days after ESET attributed Sandworm to a Golang-based data wiper known as  SwiftSlicer  that was deployed against an unnamed Ukrainian entity on January 25, 2023. The advanced persistent threat (APT) group linked to Russia's foreign military intelligence agency GRU has also been implicated in a partially successful attack targeting national

The Hacker News

January 31, 2023 – Malware

Experts released VMware vRealize Log RCE exploit for CVE-2022-31706 Full Text

Abstract Horizon3 security researchers released proof-of-concept (PoC) code for VMware vRealize Log Insight RCE vulnerability CVE-2022-31706. Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution...

Security Affairs

January 31, 2023 – Business

Saviynt Raises $205M; Founder Rejoins as CEO Full Text

Abstract The latest funding brings the total raised by the California company to $375 million and provides a growth-mode runway for Saviynt to establish a foothold in a very competitive marketplace.

Cyware

January 31, 2023 – Malware

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years Full Text

Abstract A shellcode-based  packer  dubbed  TrickGate  has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically," Check Point Research's Arie Olshtein  said , calling it a "master of disguises." Offered as a service to other threat actors since at least late 2016, TrickGate helps conceal payloads behind a layer of wrapper code in an attempt to get past security solutions installed on a host. Packers can also function as crypters by encrypting the malware as an obfuscation mechanism. "Packers have different features that allow them to circumvent detection mechanisms by appearing as benign files, being difficult to reverse engineer, or incorporating sandbox evasion tec

The Hacker News

January 31, 2023 – Breach

GitHub to revoke stolen code signing certificates for GitHub Desktop and Atom Full Text

Abstract GitHub confirmed that threat actors exfiltrated encrypted code signing certificates for some versions of GitHub Desktop for Mac and Atom apps. GitHub this week disclosed a security breach, threat actors exfiltrated encrypted code signing certificates...

Security Affairs

January 31, 2023 – Breach

Charter Communications says vendor breach exposed some customer data Full Text

Abstract Telecommunications company Charter Communications said one of its third-party vendors suffered from a security breach after data from the company showed up on a hacking forum.

Cyware

January 31, 2023 – Vulnerabilities

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates Full Text

Abstract Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as  CVE-2022-27596 , the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS hero h5.0.1. "If exploited, this vulnerability allows remote attackers to inject malicious code," QNAP  said  in an advisory released Monday. The exact technical specifics surrounding the flaw are unclear, but the NIST National Vulnerability Database (NVD) has categorized it as an SQL injection vulnerability. This means an attacker could send specially crafted SQL queries such that they could be weaponized to bypass security controls and access or alter valuable information. "Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL injection attack," according to  MI

The Hacker News

January 31, 2023 – Hacker

Pro-Palestine hackers threaten Israeli chemical companies Full Text

Abstract Threat actors are targeting Israeli chemical companies operating in the occupied territories, security experts warn. Threat actors have launched a massive hacking campaign aimed at Israeli chemical companies operating in the occupied territories....

Security Affairs

January 31, 2023 – Government

HHS, AHA Warn of Surge in Russian DDoS Attacks on US Healthcare Sector Entities Full Text

Abstract U.S. government and industry authorities are warning the healthcare sector of a surge in distributed denial-of-service attacks in recent days against hospitals and other medical entities instigated by Russian nuisance hacking group KillNet.

Cyware

January 31, 2023 – Breach

GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom Full Text

Abstract GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is  taking the step  of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.1.0, 3.1.1, and 3.1.2. Versions 1.63.0 and 1.63.1 of 1.63.0 of Atom are also expected to stop working as of February 2, 2023, requiring that users downgrade to a  previous version  (1.60.0) of the source code editor. Atom was officially discontinued in December 2022. GitHub Desktop for Windows is not affected. The Microsoft-owned subsidiary said it detected unauthorized access to a set of repositories, including those from deprecated GitHub-owned organizations, used in the planning and development of GitHub Desktop and Atom on December 7, 2022. The repositories are said

The Hacker News

January 31, 2023 – Denial Of Service

Pro-Russia group Killnet targets US healthcare with DDoS attacks Full Text

Abstract The Pro-Russia group Killnet is launching a series of DDoS attacks against the websites of US healthcare organizations and hospitals. The Pro-Russia group Killnet launched a series of DDoS attacks against US healthcare organizations and hospitals....

Security Affairs

January 31, 2023 – Attack

Ukraine Targeted via New Waves of Data Wipers, Including SwiftSlicer Full Text

Abstract A lot has happened on the cyber front in Ukraine and Russia ever since the war began. Joining the bandwagon, on the behalf of Russian Sandworm APT, is a pack of five wiper malware, including the new Golang-based SwiftSlicer. The new wiper has been added to the VirusTotal database recently (sub ... Read More

Cyware

January 31, 2023 - Vulnerabilities

Denial-of-Service Vulnerability Patched in Open5GS GTP Library Full Text

Abstract Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop.

Cyware

January 30, 2023 – Breach

UK-Based JD Sports Details Data Breach Affecting 10 Million Customers Full Text

Abstract The company says the breach stems from a system containing customer data "relating to some online orders placed between November 2018 and October 2020" and that customers are at risk from scammers.

Cyware

January 30, 2023 – Malware

Titan Stealer: A New Golang-Based Information Stealer Malware Emerges Full Text

Abstract A new Golang-based information stealer malware dubbed  Titan Stealer  is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi  said  in a recent report. Details of the malware were  first documented  by cybersecurity researcher Will Thomas (@BushidoToken) in November 2022 by querying the IoT search engine Shodan. Titan is offered as a builder, enabling customers to customize the malware binary to include specific functionalities and the kind of information to be exfiltrated from a victim's machine. The malware, upon execution, employs a technique known as  process hollowing  to inject the malicious payload into the memory of a legitimate process known as AppLa

The Hacker News

January 30, 2023 – Vulnerabilities

QNAP addresses a critical flaw impacting its NAS devices Full Text

Abstract Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596...

Security Affairs

January 30, 2023 – Business

Automated security CyberTech Hadrian receives ABN AMRO backing Full Text

Abstract As part of the investment, ABN AMRO will integrate Hadrian technology into its platform. The company stated it has formed tens of thousands of digital endpoints as it has grown its digital infrastructure over the years.

Cyware

January 30, 2023 – Vulnerabilities

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices Full Text

Abstract Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks originated from the U.S. (48.3%), followed by Vietnam (17.8%), Russia (14.6%), The Netherlands (7.4%), France (6.4%), Germany (2.3%0, and Luxembourg (1.6%). What's more, 95% of the attacks leveraging the security shortcoming that emanated from Russia singled out organizations in Australia. "Many of the attacks we observed tried to deliver malware to infect vulnerable IoT devices," Unit 42 researchers  said  in a report, adding "threat groups are using this vulnerability to carry out large-scale attacks on smart devices around the world." The vulnerability in question is

The Hacker News

January 30, 2023 – Breach

JD Sports discloses a data breach impacting 10 million customers Full Text

Abstract Sports fashion retail JD Sports discloses a data breach that explosed data of about 10M customers who placed orders between 2018 and 2020. UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between...

Security Affairs

January 30, 2023 – Criminals

Copycat Criminals Mimicking Lockbit Ransomware Gang in Northern Europe Full Text

Abstract Despite not being the true LockBit Locker group, these micro criminals were still able to cause significant damage by encrypting a large number of internal files at SMBs in Belgium.

Cyware

January 30, 2023 – Vulnerabilities

Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram Full Text

Abstract A researcher disclosed technical details of a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The researcher Gtm Manoz received a $27,000 bug bounty for having reported a two-factor authentication bypass vulnerability...

Security Affairs

January 30, 2023 – Vulnerabilities

Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability Full Text

Abstract Security researcher Gtm Manoz from Nepal discovered in September 2022 that a system designed by Meta for confirming a phone number and email address did not have any rate-limiting protection.

Cyware

January 30, 2023 – APT

Sandworm APT group hit Ukrainian news agency with five data wipers Full Text

Abstract The Ukrainian (CERT-UA) discovered five different wipers deployed on the network of the country's national news agency, Ukrinform. On January 17, 2023, the Telegram channel "CyberArmyofRussia_Reborn" reported the compromise of the systems at the Ukrainian...

Security Affairs

January 30, 2023 – Malware

Gootkit Malware Evolves with New Components and Obfuscations Full Text

Abstract Gootkit runs on an access-a-as-a-service model used by different groups to drop additional malicious payloads on compromised systems. It has been known to use fileless techniques to deliver threats such as SunCrypt, REvil, Kronos, and Cobalt Strike.

Cyware

January 30, 2023 – Hacker

UNC2565 threat actors continue to improve the GOOTLOADER malware Full Text

Abstract The threat actors behind the GOOTLOADER malware continues to improve their code by adding new components and implementing new obfuscation techniques. Mandiant researchers reported that the UNC2565 group behind the GOOTLOADER malware (aka Gootkit)...

Security Affairs

January 30, 2023 – General

Inside TikTok’s proposal to address US national security concerns Full Text

Abstract Under the terms of the proposal, TikTok would divulge core segments of its technology to Oracle and a set of third-party auditors who would verify that it is not promoting content in line with Beijing’s wishes or sharing U.S. user data with China.

Cyware

January 30, 2023 – Insider Threat

Insider attacks becoming more frequent, more difficult to detect Full Text

Abstract A Gurucul report found that organizations have never felt more vulnerable with three-quarters of respondents saying they feel moderately to extremely vulnerable to insider threats – an increase of 8% over the previous year.

Cyware

January 30, 2023 – Malware

Godfather Banking Trojan Expands Application Targeting to Affect More Europe-Based Victims Full Text

Abstract The most notable features of Godfather malware are bypassing 2FA by capturing SMS texts or notifications and executing itself as an Android service by abusing Accessibility Services to keep persistent and privileged access on infected devices.

Cyware

January 29, 2023 – Malware

Gootkit Malware Continues to Evolve with New Components and Obfuscations Full Text

Abstract The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is  monitoring  the activity cluster under the moniker  UNC2565 , noting that the usage of the malware is "exclusive to this group." Gootkit , also called Gootloader, is spread through compromised websites that victims are tricked into visiting when searching for business-related documents like agreements and contracts via a technique called search engine optimization (SEO) poisoning. The purported documents take the form of ZIP archives that harbor the JavaScript malware, which, when launched, paves the way for additional payloads such as  Cobalt Strike Beacon , FONELAUNCH, and SNOWCONE. FONELAUNCH is a .NET-based loader designed to load an encoded payload into memory, and SNOWCONE is a downloader that's tasked with retrieving next-stage payloads, typically  IcedID , via

The Hacker News

January 29, 2023 – Criminals

Alleged member of ShinyHunters group extradited to the US, could face 116 years in jail Full Text

Abstract An alleged member of the ShinyHunters cybercrime gang has been extradited from Morocco to the United States. Sebastien Raoult, a French national who is suspected of being a member of ShinyHunters cybercrime gang known as "Seyzo Kaizen," has been extradited...

Security Affairs

January 29, 2023 – Hacker

Pro-Russia group Killnet targets Germany due to its support to Ukraine Full Text

Abstract Pro-Russia group Killnet launched last week DDoS attacks against the websites of German airports, administration bodies, and banks. The Pro-Russia group Killnet is behind the DDoS attacks that last week hit the websites of German airports, administration...

Security Affairs

January 29, 2023 – General

Security Affairs newsletter Round 404 by Pierluigi Paganini Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Copycat...

Security Affairs

January 29, 2023 – Malware

Watch out! Experts plans to release VMware vRealize Log RCE exploit next week Full Text

Abstract Horizon3's Attack Team made the headlines again announcing the releasse of a PoC exploit code for remote code execution in VMware vRealize Log. Researchers from the Horizon3's Attack Team announced the release of PoC exploit code for remote code execution...

Security Affairs

January 28, 2023 – Criminals

Copycat Criminals mimicking Lockbit gang in northern Europe Full Text

Abstract Recent reports of Lockbit locker-based attacks against North European SMBs indicate that local crooks started using Lockbit locker variants. Executive Summary During the past months, the Lockbit gang reached very high popularity in the underground...

Security Affairs

January 28, 2023 – APT

Sandworm APT targets Ukraine with new SwiftSlicer wiper Full Text

Abstract Russia-linked Sandworm APT group is behind a new Golang-based wiper, tracked as SwiftSlicer, that hit Ukraine, ESET reports. Researchers from ESET discovered a new Golang-based wiper, dubbed SwiftSlicer, that was used in attacks aimed at Ukraine....

Security Affairs

January 28, 2023 – Vulnerabilities

ISC fixed high-severity flaws in DNS software suite BIND Full Text

Abstract The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS). BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC). The...

Security Affairs

January 28, 2023 – Vulnerabilities

Microsoft Urges Customers to Secure On-Premises Exchange Servers Full Text

Abstract Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling  Windows Extended Protection  and configuring  certificate-based signing  of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange servers are not going to go away," the tech giant's Exchange Team  said  in a post. "There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts." Microsoft also emphasized mitigations issued by the company are only a stopgap solution and that they can "become insufficient to protect against all variations of an attack," necessitating that users install necessary security updates to secure the servers. Exchange Server has been proven to be a lucrative attack vector in recent years, what with a number of security flaws in the software weaponized as zero-d

The Hacker News

January 28, 2023 – Solution

Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Charge Full Text

Abstract The use of software as a service (SaaS) is experiencing rapid growth and shows no signs of slowing down. Its decentralized and easy-to-use nature is beneficial for increasing employee productivity, but it also poses many security and IT challenges. Keeping track of all the SaaS applications that have been granted access to an organization's data is a difficult task. Understanding the risks that SaaS applications pose is just as important, but it can be challenging to secure what cannot be seen. Many organizations have implemented access management solutions, but these are limited in visibility to only pre-approved applications. The average medium-sized organization has hundreds, and sometimes thousands, of SaaS applications that have been adopted by employees who needed a quick and easy solution or found a free version, completely bypassing IT and security. This leads to a significant risk as many of these applications do not have the necessary security and/or compliance standard

The Hacker News

January 28, 2023 – Vulnerabilities

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities Full Text

Abstract The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an advisory released Friday. The open source software is used by major financial firms, national and international carriers, internet service providers (ISPs), retailers, manufacturers, educational institutions, and government entities, according to its  website . All four flaws reside in  named , a  BIND9 service  that functions as an authoritative nameserver for a fixed set of DNS zones or as a recursive resolver for clients on a local network. The list of the bugs, which are rated 7.5 on the CVSS scoring system, is as follows -

The Hacker News

January 28, 2023 – Attack

Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack Full Text

Abstract Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed  SwiftSlicer . ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "Once executed it deletes shadow copies, recursively overwrites files located in %CSIDL_SYSTEM%\drivers, %CSIDL_SYSTEM_DRIVE%\Windows\NTDS and other non-system drives and then reboots computer," ESET  disclosed  in a series of tweets. The overwrites are achieved by using randomly generated byte sequences to fill 4,096 byte-length blocks. The intrusion was discovered on January 25, 2023, the Slovak cybersecurity company added. Sandworm, also tracked under the monikers BlackEnergy, Electrum, Iridium, Iron Viking, TeleBots, and Voodoo Bear, has a history of staging  disruptive and destructive cyber campaigns  target

The Hacker News

January 27, 2023 – Malware

Aurora Infostealer Malware Deploys Shapeshifting Tactics Full Text

Abstract Cyble researchers determined that, in order to target a variety of well-known applications, the attackers are actively changing and customizing their phishing websites. Aurora targets data from web browsers and crypto wallets, among others.

Cyware

January 27, 2023 – Criminals

Justice Department Thwarts ‘Hive’ Ransomware Scheme Full Text

Abstract The Justice Department announces a successful campaign countering ransomware attacks by the Hive cybercriminal network.

Lawfare

January 27, 2023 – Vulnerabilities

Patch management is crucial to protect Exchange servers, Microsoft warns Full Text

Abstract Microsoft warns customers to patch their Exchange servers because attackers always look to exploit unpatched installs. Microsoft published a post to urge its customers to protect their Exchange servers because threat actors actively attempt to exploit...

Security Affairs

January 27, 2023 – Attack

New Wave of Database Injection Attacks Compromise WordPress Sites Full Text

Abstract The latest wave has been active since December 26, 2022, and over 5,600 websites are impacted by it so far. It has switched from fake CAPTCHA push notification scams to black hat ad networks.

Cyware

January 27, 2023 – Criminals

Hacker accused of having stolen personal data of all Austrians and more Full Text

Abstract A Dutch hacker who was arrested at the end of last year claims to have stolen the personal data of almost all Austrians.  At the end of November 2022, the Amsterdam police arrested a 25-year-old man from Almere who is suspected of having stolen...

Security Affairs

January 27, 2023 – Malware

Python-based PY#RATION RAT Stealthily Harvests Sensitive Information Full Text

Abstract PY#RATION can transfer files from the infected host machine to its C2 servers or vice versa. It uses WebSockets to avoid detection and for C2 communication and exfiltration.

Cyware

January 27, 2023 – Vulnerabilities

CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack Full Text

Abstract Lexmark released a security firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models. Lexmark has released a security firmware update to address a remote code execution vulnerability,...

Security Affairs

January 27, 2023 – Encryption

Chinese researchers: RSA is breakable. Others: Do not panic! Full Text

Abstract The basic claim of the paper, published last Christmas by 24 Chinese researchers, is that they have found an algorithm that enables 2,048-bit RSA keys to be broken even with the relatively low-power quantum computers available today.

Cyware

January 27, 2023 – Criminals

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer Full Text

Abstract The BlackCat Ransomware group claims to have hacked SOLAR INDUSTRIES INDIA and to have stolen 2TB of "secret military data." The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site. The company...

Security Affairs

January 27, 2023 – General

Three business application security risks businesses need to prepare for in 2023 Full Text

Abstract As ERP attacks increase this year, more organizations must ensure their security strategy takes these applications into account to keep their sensitive data and files. It's crucial to understand what risks are threatening their ERP applications.

Cyware

January 27,2023 – Criminals

Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service Full Text

Abstract Cybersecurity researchers have discovered the real-world identity of the threat actor behind  Golden Chickens  malware-as-a-service, who goes by the online persona "badbullzvenom." eSentire's Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation,  said  it "found multiple mentions of the badbullzvenom account being shared between two people." The second threat actor, known as Frapstar, is said to identify themselves as "Chuck from Montreal," enabling the cybersecurity firm to piece together the criminal actor's digital footprint. This includes his real name, pictures, home address, the names of his parents, siblings, and friends, along with his social media accounts and his interests. He is also said to be the sole proprietor of a small business that's run from his own home. Golden Chickens, also known as  Venom Spider , is a malware-as-a-service (MaaS) provider that's linked to a variet

The Hacker News

January 27,2023 – Malware

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices Full Text

Abstract Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system," Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn  said . "A user would not know their USB device is infected or possibly used to exfiltrate data out of their networks." The cybersecurity company said it uncovered the artifact during an incident response effort following a Black Basta ransomware attack against an unnamed victim. Among other tools discovered in the compromised environment include the  Gootkit  malware loader and the  Brute Ratel C4  red team framework. The use of Brute Ratel by the Black Basta group was previously  highlighted  by Trend Micro in October 2022, with the software delivered as a second-stage

The Hacker News

January 27,2023 – Malware

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox Full Text

Abstract Orcus  is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.RUN's top malware types in 2022 That's why you'll definitely come across this type in your practice, and the Orcus family specifically. To simplify your analysis, we have collected 3 lifehacks you should take advantage of. Here we go. What is Orcus RAT?  Definition . Orcus RAT is a type of malicious software program that enables remote access and control of computers and networks. It is a type of Remote Access Trojan (RAT) that has been used by attackers to gain access to and control computers and networks. Capabilities . Once downloaded onto a computer or network, it begins to execute its malicious code, allowing the attacker to gain access and control. It is capable of stealing data, conductin

The Hacker News

January 27,2023 – Government

British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries Full Text

Abstract The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. "The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists and activists," the NCSC  said . The agency attributed the intrusions to  SEABORGIUM  (aka Callisto, COLDRIVER, and TA446) and  APT42  (aka ITG18, TA453, and Yellow Garuda). The similarities in the modus operandi aside, there is no evidence the two groups are collaborating with each other. The activity is typical of spear-phishing campaigns, where the threat actors send messages tailored to the targets, while also taking enough time to research their interests and identify their social and professional circles. The initial contact is designed to appear innocuous in an attempt to gain their trust and c

The Hacker News

January 26, 2023 – General

Multicloud Security Challenges Will Persist in 2023 Full Text

Abstract Multicloud offers numerous benefits, from avoiding vendor lock-in to reliability, agility, and cost-efficiency. At the same time, however, it brings additional layers of complexity, particularly regarding security management.

Cyware

January 26,2023 – Criminals

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort Full Text

Abstract In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals," Europol  said  in a statement. The U.S. Department of Justice (DoJ)  said  the Federal Bureau of Investigation (FBI) covertly infiltrated the Hive database servers in July 2022 and captured 336 decryption keys that were then handed over to companies compromised by the gang, effectively saving $130 million in ransom payments. The FBI also distributed more than 1,000 additional decryption keys to previous Hive victims, the DoJ noted, stating the agency gained access to two dedicated servers and one virtual private server at a hosting provider in California that were leased using three em

The Hacker News

January 26, 2023 – Government

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups Full Text

Abstract The U.K. National Cyber Security Centre (NCSC) warns of a surge in the number of attacks from Russian and Iranian nation-state actors. The U.K. National Cyber Security Centre (NCSC) is warning of targeted phishing attacks conducted by threat actors...

Security Affairs

January 26, 2023 – Criminals

Dutch police arrest man who ‘stole private info belonging to tens of millions’ Full Text

Abstract The 25-year-old now faces charges of violating data privacy and computer trespassing laws, and laundering cryptocurrency valued at around $491,000, according to media reports.

Cyware

January 26,2023 – Disinformation

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation Full Text

Abstract Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the company's Threat Analysis Group (TAG)  said  in a  report  shared with The Hacker News. "However, a small fraction of DRAGONBRIDGE accounts also post about current events with messaging that pushes pro-China talking points." DRAGONBRIDGE  was first exposed by Google-owned Mandiant in July 2022, calling out its unsuccessful efforts in targeting rare earth mining companies in Australia, Canada, and the U.S. with the goal of triggering environmental protests against the firms. Also known by the name Spamouflage Dragon, the spammy influence network is known to have a presence across multiple platforms, including YouTube, Blogger, Facebook, and Twitter, primarily dissem

The Hacker News

January 26, 2023 – Insider Threat

An unfaithful employee leaked Yandex source code repositories Full Text

Abstract A source code repository allegedly stolen by a former employee of the Russian tech giant Yandex has been leaked online. A Yandex source code repository allegedly stolen by a former employee of the Russian IT giant has been leaked on a popular cybercrime...

Security Affairs

January 26, 2023 – Government

GSA seeks nominations for new FedRAMP cloud advisory committee Full Text

Abstract The General Services Administration announced Tuesday that it is accepting advisory board member nominations for the FedRAMP cybersecurity authorization program, marking the first step in implementing recent legislation that reformed the program.

Cyware

January 26,2023 – Vulnerabilities

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA Full Text

Abstract Proof-of-concept (Poc) code signing as the targeted certificate," Microsoft  said  in an advisory released at the time. The  Windows CryptoAPI  offers an interface for developers to add cryptographic services such as encryption/decryption of data and authentication using digital certificates to their applications. Web security company Akamai, which  released  the PoC,  said  CVE-2022-

The Hacker News

January 26, 2023 – Criminals

Hive Ransomware Tor leak site apparently seized by law enforcement Full Text

Abstract The leak site of the Hive ransomware gang was seized due to an international operation conducted by law enforcement in ten countries. The Tor leak site used by Hive ransomware operators has been seized as part of an international operation conducted...

Security Affairs

January 26, 2023 – General

Reported Data Breaches in US Reach Near-Record Highs Full Text

Abstract In 2022, U.S. organizations issued 1,802 data breach notifications, reporting the exposure of records or personal information affecting more than 400 million individuals, the Identity Theft Resource Center reports.

Cyware

January 26,2023 – Hacker

Researchers Uncover Connection b/w Moses Staff and Emerging Abraham’s Ax Hacktivists Group Full Text

Abstract New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named  Abraham's Ax  that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups, suggesting they are likely operated by the same entity," Secureworks Counter Threat Unit (CTU)  said  in a report shared with The Hacker News. Moses Staff, tracked by the cybersecurity firm under the moniker  Cobalt Sapling , made its  first appearance  on the threat landscape in September 2021 with the goal of primarily targeting Israeli organizations. The geopolitical group is believed to be  sponsored  by the Iranian government and has since been linked to a string of espionage and sabotage attacks that make use of tools like  StrifeWater RAT  and open source utilities such as  DiskCryptor  to harvest sensitive information and lock victim data on infected hosts. The cr

The Hacker News

January 26, 2023 – Vulnerabilities

Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394) Full Text

Abstract Experts warn of a spike in the attacks that between August and October 2022 attempted to exploit a Realtek Jungle SDK RCE (CVE-2021-35394). Palo Alto Networks researchers reported that between August and October 2022 the number of attacks that attempted...

Security Affairs

January 26, 2023 – Government

CISA Releases Guide to Help Safeguard K-12 Schools from Cyber Threats Full Text

Abstract The CISA released a report outlining a variety of steps that K-12 schools and districts should take to enhance their cybersecurity practices, amid an increase in ransomware attacks and other digital threats targeting education institutions.

Cyware

January 26,2023 – Education

Is Once-Yearly Pen Testing Enough for Your Organization? Full Text

Abstract Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development: Security:  Web applications are constantly evolving, and new vulnerabilities are being discovered all the time. Pen testing helps identify vulnerabilities that could be exploited by hackers and allows you to fix them before they can do any damage. Compliance:  Depending on your industry and the type of data you handle, you may be required to comply with certain security standards (e.g., PCI DSS, NIST, HIPAA). Regular pen testing can help you verify that your web applications meet these standards and avoid penalties for non-compliance. How Often Should You Pentest? Many organizations, big and small,  have once a year pen testing cycle . But what

The Hacker News

January 26, 2023 – Government

FTC Marks Identity Theft Awareness Week for 2023 on January 30-February 3 Full Text

Abstract The Federal Trade Commission will mark its annual Identity Theft Awareness Week with a series of free events January 30-February 3 focused on how identity theft affects people of every community and ways to reduce your risk.

Cyware

January 26,2023 – Malware

PY#RATION: New Python-based RAT Uses WebSocket for C2 and Data Exfiltration Full Text

Abstract Cybersecurity researchers have unearthed a new attack campaign that leverages a Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022. "This malware is unique in its utilization of  WebSockets  to avoid detection and for both command-and-control (C2) communication and exfiltration," Securonix  said  in a report shared with The Hacker News. The malware, dubbed PY#RATION by the cybersecurity firm, comes with a host of capabilities that allows the threat actor to harvest sensitive information. Later versions of the backdoor also sport anti-evasion techniques, suggesting that it's being actively developed and maintained. The attack commences with a phishing email containing a ZIP archive, which, in turn, harbors two shortcut (.LNK) files that masquerade as front and back side images of a seemingly legitimate U.K. driver's license. Opening each of the .LNK files retrieves two text files from a remote server that a

The Hacker News

January 26, 2023 – Government

British Cyber Agency Issues Warning Over Russian and Iranian Espionage Campaigns Full Text

Abstract The U.K NCSC warned that instead of sending surprise phishing emails, the Russia-based SEABORGIUM and Iran-based APT42 (or Charming Kitten) are contacting their targets in a benign fashion and attempting to build a rapport and a sense of trust.

Cyware

January 26,2023 – Breach

U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software Full Text

Abstract At least two federal agencies in the U.S. fell victim to a "widespread cyber campaign" that involved the use of legitimate remote monitoring and management (RMM) software to perpetuate a phishing scam. "Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software – ScreenConnect (now ConnectWise Control) and AnyDesk – which the actors used in a refund scam to steal money from victim bank accounts," U.S. cybersecurity authorities  said . The joint advisory comes from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC). The attacks, which took place in mid-June and mid-September 2022, have financial motivations, although threat actors could weaponize the unauthorized access for conducting a wide range of activities, including selling that access to other hacking crews. Usage of remote software by criminal grou

The Hacker News

January 26, 2023 – Government

Avoid TikTok for government work, Dutch officials told Full Text

Abstract Public authorities in the Netherlands are being told to steer clear of TikTok amid growing concerns across the EU and U.S. that the Chinese-owned video-sharing platform poses privacy risks.

Cyware

January 25, 2023 – Business

EGERIE raises $32.7 million to help quantify the financial impact of shabby cyber security Full Text

Abstract The capital will be used to help Egerie further develop its automated data recovery technology while at the same time opening the doors to an insurer-specific reporting functionality as the company ramps up pan-European expansion plans.

Cyware

January 25,2023 – Breach

Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages Full Text

Abstract A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017. According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named "track[.]violetlovelines[.]com" that's designed to redirect visitors to unwanted sites. The latest  operation  is said to have been active since December 26, 2022, according to  data  from urlscan.io. A prior wave seen in  early December 2022  impacted more than 3,600 sites, while another set of attacks recorded in  September 2022  ensnared more than 7,000 sites. The rogue code is inserted in the WordPress index.php file, with Sucuri noting that it has removed such changes from more than 33,000 files on the compromised sites in the past 60 days. "In recent months, this malware campaign has gradually switched from the notorious fake CAPTCHA push notification scam pages to black

The Hacker News

January 25, 2023 – Breach

Zacks Investment Research data breach impacted hundreds of thousands of customers Full Text

Abstract Zacks Investment Research (Zacks) disclosed a data breach, the security may have exposed the data of 820K customers. Zacks Investment Research (Zacks) disclosed a data breach, the security incident may have affected the personal information of its 820,000...

Security Affairs

January 25, 2023 – Policy and Law

Australian man given two-year jail sentence for $69K phishing scams Full Text

Abstract Sydney Local Court found the man guilty of obtaining and supplying data with intent to commit a computer offense. It dished out a jail term of 32 months to a man who stole more than AU$100,000 ($69,751) in an SMS phishing scam impacting 450 victims.

Cyware

January 25,2023 – General

The Definitive Browser Security Checklist Full Text

Abstract Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore, more and more security teams are now turning to the emerging category of purpose-built  Browser Security Platform  as the answer to the browser's security challenges. However, as this security solution category is still relatively new, there is not yet an established set of browser security best practices, nor common evaluation criteria. LayerX, the User-First Browser Security Platform, is addressing security teams' need with the downable  Browser Security Checklist ,  that guides its readers through the essentials of choosing the best solution and provides them with an actionable che

The Hacker News

January 25, 2023 – Vulnerabilities

Google Chrome 109 update addresses six security vulnerabilities Full Text

Abstract Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild. Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities....

Security Affairs

January 25, 2023 – General

Advancing Medical Technology Requires More Medical Device Regulation Full Text

Abstract Medical device regulation is an important part of the healthcare industry as it also helps protect patients by ensuring that any device used for diagnosis, treatment or prevention of a medical condition meets certain standards of safety and quality.

Cyware

January 25,2023 – Hacker

North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks Full Text

Abstract A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy. The state-aligned threat actor is being tracked by Proofpoint under the name  TA444 , and by the larger cybersecurity community as APT38,  BlueNoroff , Copernicium, and Stardust Chollima. TA444 is "utilizing a wider variety of delivery methods and payloads alongside blockchain-related lures, fake job opportunities at prestigious firms, and salary adjustments to ensnare victims," the enterprise security firm  said  in a report shared with The Hacker News. The advanced persistent threat is something of an aberration among state-sponsored groups in that its operations are financially motivated and geared towards generating illicit revenue for the Hermit Kingdom. To that end, the attacks employ  phishin

The Hacker News

January 25, 2023 – APT

North Korea-linked TA444 group turns to credential harvesting activity Full Text

Abstract North Korea-linked TA444 group is behind a credential harvesting campaign targeting a number of industry verticals. Proofpoint researchers reported that North Korea-linked TA444 APT group (aka APT38, BlueNoroff, Copernicium, and Stardust Chollima)...

Security Affairs

January 25, 2023 – Vulnerabilities

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats Full Text

Abstract As of December 2022, Unit 42 researchers observed 134 million exploit attempts in total leveraging this vulnerability, and about 97% of these attacks occurred after the start of August 2022. At the time of writing, the attack is still ongoing.

Cyware

January 25,2023 – Breach

LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised Full Text

Abstract LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information," GoTo's Paddy Srinivasan  said . Additionally, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted, although there is no evidence that the encrypted databases associated with the two services were exfiltrated. The company did not disclose how many users were impacted, but said it's directly contacting the victims to

The Hacker News

January 25, 2023 – Breach

French rugby club Stade Français leaks source code Full Text

Abstract Prestigious club Stade Français potentially endangered its fans for over a year after leaking its website’s source code. Stade Français is a professional rugby union club based in Paris. Founded in 1883 and competing in France’s premier rugby...

Security Affairs

January 25, 2023 – General

Why CISOs Make Great Board Members Full Text

Abstract Businesses that invest in cybersecurity as a competitive advantage are transforming their business models. Every company is or will become a technology company, and those doing it faster are winning.

Cyware

January 25,2023 – Vulnerabilities

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities Full Text

Abstract VMware on Tuesday released software to remediate four security vulnerabilities affecting  vRealize Log Insight  (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway. "An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," the company  said  of the two shortcomings. A third vulnerability relates to a deserialization flaw (CVE-2022-31710, CVSS score: 7.5) that could be weaponized by an unauthenticated attacker to trigger a denial-of-service (DoS) conditi

The Hacker News

January 25, 2023 – Hacker

DragonSpark threat actor avoids detection using Golang source code Interpretation Full Text

Abstract Chinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade detection. SentinelOne researchers spotted a Chinese-speaking actor, tracked as DragonSpark, that is targeting organizations in East Asia. The...

Security Affairs

January 25, 2023 – Attack

Massive Attack Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network Full Text

Abstract PublicWWW results show over 4,500 websites impacted by this malware at the time of writing, while urlscan.io shows evidence of the campaign operating since December 26, 2022.

Cyware

January 25, 2023 – Encryption

Fujitsu: Quantum computers no threat to encryption just yet Full Text

Abstract Fujitsu said it ran trials using its 39-qubit quantum simulator hardware to assess how difficult it would be for quantum computers to crack data encrypted with the RSA cipher, using a Shor's algorithm approach.

Cyware

January 25, 2023 – Breach

DuoLingo Investigating Dark Web Post Offering Data From 2.6 Million Accounts Full Text

Abstract A spokesperson for the company said they are aware of the post, which was created on Tuesday morning and offers emails, phone numbers, courses taken, and other information on how customers use the platform.

Cyware

January 25, 2023 – Botnet

Ticketmaster Blames Bots in Taylor Swift ‘Eras’ Tour Debacle Full Text

Abstract This week, Ticketmaster testified in Senate Judiciary Committee hearings that it's not the company's monopoly on the live music market that caused the Swifty sales collapse — it was instead a cyberattack, executives said.

Cyware

January 25, 2023 – Outage

Pakistan hit by nationwide power outage, is it the result of a cyber attack? Full Text

Abstract On Monday, a nationwide blackout in Pakistan left millions of people in the darkness, and the authorities are investigating if it was caused by a cyberattack. The power outage impacted all the major cities in Pakistan.

Cyware

January 24,2023 – Hacker

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection Full Text

Abstract Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation," SentinelOne  said  in an analysis published today. A striking aspect of the intrusions is the consistent use of SparkRAT to conduct a variety of activities, including stealing information, obtaining control of an infected host, or running additional PowerShell instructions. The threat actor's end goals remain unknown as yet, although espionage or cybercrime is likely to be the motive. DragonSpark's ties to China stem from the use of the  China Chopper  web shell to deploy malware – a widely used attack pathway among Chinese threat actors. Furthermore, not only do the open source tools used in the cyber assaults originate from develope

The Hacker News

January 24, 2023 – Vulnerabilities

VMware warns of critical code execution bugs in vRealize Log Insight Full Text

Abstract A critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take full control of a target system. VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710,...

Security Affairs

January 24,2023 – Criminals

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft Full Text

Abstract The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from  Harmony Horizon Bridge  in June 2022. The law enforcement agency attributed the hack to the  Lazarus Group  and APT38 (aka BlueNoroff, Copernicium, and Stardust Chollima), the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber operations. The FBI further stated the Harmony intrusion leveraged an attack campaign dubbed  TraderTraitor  that was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in April 2022. The modus operandi entailed utilizing social engineering tricks to deceive employees of cryptocurrency companies into downloading rogue applications as part of a seemingly benign recruitment effort. "On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of

The Hacker News

January 24, 2023 – Outage

Pakistan hit by nationwide power outage, is it the result of a cyber attack? Full Text

Abstract Pakistan suffered a nationwide blackout, local authorities are investigating the cause and suspect it was the result of a cyberattack. On Monday, a nationwide blackout in Pakistan left millions of people in the darkness, and the authorities are investigating...

Security Affairs

January 24,2023 – Vulnerabilities

Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium Full Text

Abstract Vulnerability analysis results in  Orange Cyberdefenses' Security Navigator  show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an Asset, and when a given finding on that Asset was reported. We can call that the finding 'Age'. If the findings first reported are not addressed, they will occur in more scans over time with increasing Age, and so we can track how the Age of reported findings changes over time. As the chart below clearly illustrates, the majority of real findings in our dataset, across all Severity levels, are between 75 and 225 days old. There is a second 'peak' at around 300 days, which we suspect has more to do with the age of the data in the dataset and can therefore be ignored. Finally, there is a fascinating 

The Hacker News

January 24, 2023 – Breach

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them Full Text

Abstract GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers' backups and encryption key. GoTo, formerly LogMeIn Inc, is a flexible-work provider of software as a service (SaaS)...

Security Affairs

January 24,2023 – Malware

Emotet Malware Makes a Comeback with New Evasion Techniques Full Text

Abstract The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially  reemerged  in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that's distributed via phishing emails. Attributed to a cybercrime group tracked as  TA542  (aka Gold Crestwood or Mummy Spider), the virus has  evolved  from a banking trojan to a malware distributor since its first appearance in 2014. The malware-as-a-service (MaaS) is also modular, capable of deploying an array of proprietary and freeware components that can exfiltrate sensitive information from compromised machines and carry out other post-exploitation activities. Two latest additions to Emotet's module arsenal comprise an  SMB spreader  that's designed to facilitate lateral movement using a list of h

The Hacker News

January 24, 2023 – APT

FBI confirms that North Korea-linked Lazarus APT is behind Harmony Horizon Bridge $100 million cyber heist Full Text

Abstract The U.S. FBI attributes the $100 million cyber heist against Harmony Horizon Bridge to North Korea-linked Lazarus APT. The U.S. Federal Bureau of Investigation (FBI) this week confirmed that in June 2022 the North Korea-linked Lazarus APT group and APT38...

Security Affairs

January 24, 2023 – Solution

Meta Platforms expands features for EE2E on Messenger App Full Text

Abstract Meta Platforms announced the implementation of more features into its end-to-end encrypted Messanger App. Meta Platforms started gradually expanding testing default end-to-end encryption for Messenger. The company announced that over the next few months,...

Security Affairs

January 23, 2023 – Breach

Update: Companies Impacted by Recent Mailchimp Breach Start Notifying Customers Full Text

Abstract Companies affected by the recent Mailchimp data breach have started notifying affected customers. The list includes WooCommerce, FanDuel, Yuga Labs, and the Solana Foundation.

Cyware

January 23,2023 – Vulnerabilities

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud Full Text

Abstract Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as  CVE-2023-21433 and CVE-2023-21434 , were  discovered  by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung  classified  the bugs as moderate risk and released fixes in version 4.5.49.8 shipped earlier this month. Samsung Galaxy Store, previously known as Samsung Apps and Galaxy Apps, is a dedicated app store used for Android devices manufactured by Samsung. It was launched in September 2009. The first of the two vulnerabilities is CVE-2023-21433, which could enable an already installed rogue Android app on a Samsung device to install any application available on the Galaxy Store. Samsung described it as a case of improper access control that it said has been patched with proper permiss

The Hacker News

January 23, 2023 – Vulnerabilities

Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads Full Text

Abstract Apple has backported the security updates for the zero-day vulnerability CVE-2022-42856 to older iPhones and iPads. On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively...

Security Affairs

January 23, 2023 – Criminals

PLAY Ransomware Group Claims Attack on Britain’s Arnold Clark Full Text

Abstract Sensitive personal data allegedly stolen from Arnold Clark, one of the United Kingdom’s largest car dealerships, has been posted online by the PLAY ransomware group on its extortion site.

Cyware

January 23,2023 – Education

SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric Full Text

Abstract The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access.  The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those pressures are only increasing. Decentralized IT, evolving threats, and zero-trust tools are pushing many IAM tools to their limits.  To maintain their effectiveness, IAM are shifting to operating as an agile, interconnected identity fabric rather than just siloed IAM tools. The demands of today's IT operating environment are forcing IAM to support decentralized IT environments while still providing centralized management and governance for its users. Interestingly, many of the identity fabric principles they define are currently found in leading SSPM tools. It's important to note that identity fabr

The Hacker News

January 23, 2023 – Vulnerabilities

Two flaws in Samsung Galaxy Store can allow to install Apps and execute JS code Full Text

Abstract Researchers found two flaws in Samsung Galaxy Store that could be exploited to install applications or achieve code execution on the devices. Researchers from cybersecurity firm NCC Group published technical details on two vulnerabilities, tracked...

Security Affairs

January 23, 2023 – Malware

Malicious Apps Masquerade as Government Agencies to Distribute Gigabud RAT Full Text

Abstract A new Android malware, named Gigabud, was found impersonating government agencies, financial institutions, and other organizations from Thailand, Peru, and the Philippines to harvest user banking credentials. Gigabud leverages a server-side verification process to ensure that the mobile number ... Read More

Cyware

January 23,2023 – Hacker

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks Full Text

Abstract The legitimate command-and-control (C2) framework known as Sliver is  gaining   more traction  from threat actors as it emerges as an open source alternative to  Cobalt Strike  and Metasploit. The findings come from Cybereason, which  detailed  its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation framework that's designed to be used by security professionals in their red team operations. Its myriad features for adversary simulation – including dynamic code generation, in-memory payload execution, and process injection – have also made it an appealing tool for threat actors looking to gain elevated access to the target system upon gaining an initial foothold. In other words, the software is used as a second-stage to conduct next steps of the attack chain after already compromising a machine using one of the initial intrusion vectors such as spear-phishing or exploitatio

The Hacker News

January 23, 2023 – Breach

Companies impacted by Mailchimp data breach warn their customers Full Text

Abstract The recent Mailchimp data breach has impacted multiple organizations, some of them are already notifying their customers. The popular email marketing and newsletter platform Mailchimp recently disclosed a news data breach, the incident exposed the data...

Security Affairs

January 23, 2023 – Hacker

Chinese Group Targeting Vulnerable Cloud Providers, Apps Full Text

Abstract Cybersecurity researchers say a Chinese for-profit threat group tracked as 8220 Gang is targeting cloud providers and poorly secured applications with a custom-built crypto miner and IRC bot.

Cyware

January 23,2023 – Phishing

Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps Full Text

Abstract Researchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices.  "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views," fraud prevention firm HUMAN  said . The operation gets its name from the use of a DNS evasion technique called  Fast Flux  and  VAST , a Digital Video Ad Serving Template that's employed to serve ads to video players. The sophisticated operation particularly exploited the restricted in-app environments that run ads on iOS to place bids for displaying ad banners. Should the auction be won, the hijacked ad slot is leveraged to inject rogue JavaScript that establishes contact with a remote server to retrieve the list of apps to be targeted. This includes the  bundle IDs  that belong to leg

The Hacker News

January 23, 2023 – Phishing

Massive Ad fraud scheme VASTFLUX targeted over 11 million devices Full Text

Abstract Researchers dismantled a sophisticated ad fraud scheme, dubbed VASTFLUX, that targeted more than 11 million devices. HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated ad fraud operation dubbed VASTFLUX. The...

Security Affairs

January 23, 2023 – Government

International Counter Ransomware Task Force kicks off Full Text

Abstract An international counter-ransomware task force first announced at a White House event in November officially commenced operations on Monday, according to the Australian government which is the inaugural chair of the group.

Cyware

January 23, 2023 – Outage

Video game firm Riot Games hacked, now it faces problems to release content Full Text

Abstract Video game developer and publisher Riot Games announced that it will delay the release of game patches after a security incident. Riot Games is an American video game developer, publisher and esports tournament organizer...

Security Affairs

January 23, 2023 – Business

Exterro acquires Zapproved to address critical business challenges Full Text

Abstract Exterro’s acquisition of Zapproved is the latest step in furthering Exterro’s vision to empower customers to proactively and defensibly manage their legal governance, risk, and compliance obligations.

Cyware

January 23, 2023 – Ransomware

New CrySIS/Dharma Ransomware Variants Budding like Mushrooms Full Text

Abstract Following the leak of the source code of the CrySIS/Dharma ransomware family, cybercriminals worldwide continue to spin variants of it and deliver them via phishing attacks masked as genuine software. To gain access to the victim’s machine, CrySIS/Dharma operators abuse exposed RDP servers and also ... Read More

Cyware

January 23, 2023 – General

Email is our greatest productivity tool. That’s why phishing is so dangerous to everyone Full Text

Abstract Cybercriminals know that our time is tight and we're not going to have a chance to carefully analyze every message which reaches our inbox – one of the reasons why phishing is still so successful.

Cyware

January 23, 2023 – Breach

Hacktivist Discovered U.S. No Fly List on Unsecured Airline Server Full Text

Abstract A copy of the No Fly List from 2019 has leaked, uncovered by a Swiss cybersecurity researcher and hacktivist who claims to have discovered it on an unsecured internet server belonging to an airline.

Cyware

January 22, 2023 – Vulnerabilities

Expert found critical flaws in OpenText Enterprise Content Management System Full Text

Abstract The OpenText enterprise content management (ECM) system is affected by multiple vulnerabilities, including a critical RCE. Armin Stock (Atos), researcher at cybersecurity firm Sec Consult, discovered multiple vulnerabilities in the OpenText enterprise...

Security Affairs

January 22, 2023 – Malware

Roaming Mantis uses new DNS changer in its Wroba mobile malware Full Text

Abstract Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware...

Security Affairs

January 22, 2023 – General

Security Affairs newsletter Round 403 by Pierluigi Paganini Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. The...

Security Affairs

January 21, 2023 – Policy and Law

The Irish DPC fined WhatsApp €5.5M for violating GDPR Full Text

Abstract The Irish Data Protection Commission (DPC) fined Meta's WhatsApp €5.5 million for violating data protection laws. The popular messaging app WhatsApp has been fined €5.5m by the Irish Data Protection Commission (DPC) for violating the General Data...

Security Affairs

January 21, 2023 – Vulnerabilities

Around 19,500 end-of-life Cisco routers are exposed to hack Full Text

Abstract Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. Cisco recently warned of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0),...

Security Affairs

January 21, 2023 – Vulnerabilities

Critical Manufacturing Sector in the Bull’s-eye Full Text

Abstract More than three-quarters of manufacturing organizations harbor unpatched high-severity vulnerabilities in their systems. New telemetry from SecurityScorecard shows a year-over-year increase in high-severity vulnerabilities in those organizations.

Cyware

January 21, 2023 – Malware

Attackers Crafted Custom Malware for Fortinet Zero-Day Full Text

Abstract Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet's FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet's FortiGate firewalls.

Cyware

January 20,2023 – Malware

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings Full Text

Abstract Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System ( DNS ) hijacking. Kaspersky, which carried out an  analysis  of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea. Roaming Mantis, also known as Shaoye, is a long-running financially motivated operation that singles out Android smartphone users with malware capable of stealing bank account credentials as well as harvesting other kinds of sensitive information. Although primarily  targeting the Asian region  since 2018, the hacking crew was detected  expanding  its  victim range  to include France and Germany for the first time in early 2022 by camouflaging the malware as the Google Chrome web browser application. The attacks leverage smishing messages as the initial intrusion vector of choice to deliver

The Hacker News

January 20, 2023 – Breach

T-Mobile suffered a new data breach, 37 million accounts have been compromised Full Text

Abstract Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid...

Security Affairs

January 20,2023 – Attack

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram Full Text

Abstract The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location, and then finally leads the victim to the next stage server for the final payload," the BlackBerry Research and Intelligence Team  said  in a report shared with The Hacker News. "This kind of technique to infect target systems is new." Gamaredon , also known by names such as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder, is known for its assaults aimed at Ukrainian entities since at least 2013. Last month, Palo Alto Networks Unit 42  disclosed  the threat actor's unsuccessful attempts to break into an unnamed petrol

The Hacker News

January 20, 2023 – Breach

PayPal notifies 34942 users of data breach over credential stuffing attack Full Text

Abstract PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers' accounts have been compromised between December 6 and December...

Security Affairs

January 20, 2023 – Ransomware

Playing Whack-a-Mole with New CrySIS/Dharma Variants Full Text

Abstract The CrySIS/Dharma ransomware family has been around for several years – dating back to at least 2016. At least one version of the ransomware had its source code leaked, allowing anyone to purchase and repurpose it for their own ends.

Cyware

January 20,2023 – Policy and Law

WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws Full Text

Abstract The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta's WhatsApp for violating data protection laws when processing users' personal information. At the heart of the ruling is an update to the messaging platform's Terms of Service that was imposed in the days leading to the enforcement of the General Data Protection Regulation ( GDPR ) in May 2018, requiring that users agree to the revised terms in order to continue using the service or risk losing access. The complaint, filed by privacy non-profit NOYB, alleged that WhatsApp breached the regulation by compelling its users to "consent to the processing of their personal data for service improvement and security" by "making the accessibility of its services conditional on users accepting the updated Terms of Service." "WhatsApp Ireland is not entitled to rely on the contract legal basis for the delivery of service improvement and security," th

The Hacker News

January 20, 2023 – Hacker

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October Full Text

Abstract An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability...

Security Affairs

January 20, 2023 – Vulnerabilities

Critical Vulnerabilities Patched in OpenText Enterprise Content Management System Full Text

Abstract Several vulnerabilities described as having a critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product.

Cyware

January 20,2023 – Vulnerabilities

Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware Full Text

Abstract A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were released. "This incident continues China's pattern of exploiting internet facing devices, specifically those used for managed security purposes (e.g., firewalls, IPS\IDS appliances etc.)," Mandiant researchers  said  in a technical report. The attacks entailed the use of a sophisticated backdoor dubbed  BOLDMOVE , a Linux variant of which is specifically designed to run on Fortinet's FortiGate firewalls. The intrusion vector in question relates to the exploitation of  CVE-2022-42475 , a heap-based buffer overflow vulnerability in FortiOS SSL-VPN that could result in unauthenti

The Hacker News

January 20, 2023 – Vulnerabilities

Cisco fixes SQL Injection flaw in Unified CM Full Text

Abstract A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified...

Security Affairs

January 20, 2023 – Vulnerabilities

Researchers claim XSS vulnerability in Ghost CMS Full Text

Abstract The vulnerabilities can be triggered when a higher-level user simply previews or visits any post by the malicious user, as these social links seem to be included in all of a user's posts.

Cyware

January 20, 2023 – Government

HHS CIO Mathias says tree-based AI models helping to combat Medicare fraud Full Text

Abstract The HHS has launched a pilot program to tackle Medicare fraud using tree-based artificial intelligence models and deep learning approaches, HHS Chief Information Officer Karl Mathias said Wednesday.

Cyware

January 19, 2023 – APT

BackdoorDiplomacy APT Uses Turian Backdoor to Targets Iranian Government Full Text

Abstract BackdoorDiplomacy is continuously evolving its TTPs during cyberespionage campaigns. Unit 42 spotted the new campaign by the group that targeted Iranian government entities between July and December 2022. Historically, it has targeted government and diplomatic entities in the Middle East and A ... Read More

Cyware

January 19,2023 – Vulnerabilities

New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks Full Text

Abstract A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through  CSRF  (cross-site request forgery) on the ubiquitous SCM service Kudu," Ermetic researcher Liv Matan  said  in a report shared with The Hacker News. "By abusing the vulnerability, attackers can deploy malicious ZIP files containing a payload to the victim's Azure application." The Israeli cloud infrastructure security firm, which dubbed the shortcoming  EmojiDeploy , said it could further enable the theft of sensitive data and lateral movement to other Azure services. Microsoft has since fixed the vulnerability as of December 6, 2022, following responsible disclosure on October 26, 2022, in addition to awarding a bug bounty of $30,000. The Windows maker  describes  Kudu as the "engine behind a number of feat

The Hacker News

January 19, 2023 – General

A Federal Cyber Insurance Backstop Is Premature Full Text

Abstract A cyber backstop is unnecessary because firms conduct online activity regardless of whether insurance is available. Worryingly, a backstop could undermine insurers in incentivizing improved cybersecurity.

Lawfare

January 19, 2023 – Vulnerabilities

Experts released PoC exploit for critical Zoho ManageEngine RCE flaw Full Text

Abstract Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple...

Security Affairs

January 19, 2023 – Malware

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022 Full Text

Abstract Roaming Mantis (aka Shaoye) is well-known campaign that uses malicious APK files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation.

Cyware

January 19,2023 – Malware

Android Users Beware: New Hook Malware with RAT Capabilities Emerges Full Text

Abstract The threat actor behind the  BlackRock  and  ERMAC  Android banking trojans has unleashed yet another malware for rent called  Hook  that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a  report  shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring "all the capabilities of its predecessor." "In addition, it also adds to its arsenal Remote Access Tooling (RAT) capabilities, joining the ranks of families such as  Octo  and  Hydra , which are capable performing a full Device Take Over (DTO), and complete a full fraud chain, from PII exfiltration to transaction, with all the intermediate steps, without the need of additional channels," the Dutch cybersecurity firm said. A majority of the financial apps targeted by the malware are located in the U.S., Spain, Australia, Poland, Canada, Turkey, the U.K., Fran

The Hacker News

January 19, 2023 – Malware

Critical Microsoft Azure RCE flaw impacted multiple services Full Text

Abstract Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure. Researchers from Ermetic found a remote code execution flaw, dubbed EmojiDeploy, that impacts Microsoft Azure services and other...

Security Affairs

January 19, 2023 – Policy and Law

Meta Slapped With 5.5 Million Euro Fine for EU Data Breach Full Text

Abstract Social media giant Meta has been fined an additional 5.5 million euros ($5.9 million) for violating EU data protection regulations with its instant messaging platform WhatsApp, Ireland's regulator announced Thursday.

Cyware

January 19,2023 – Hacker

New Research Delves into the World of Malicious LNK Files and Hackers Behind Them Full Text

Abstract Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the specific tools and techniques used by different groups of cybercriminals, as well as potential links between seemingly unrelated attacks. "With the increasing usage of LNK files in attack chains, it's logical that threat actors have started developing and using tools to create such files," Cisco Talos researcher Guilherme Venere said in a report shared with The Hacker News. This comprises tools like  NativeOne 's  mLNK Builder  and  Quantum Builder , which allow subscribers to generate rogue shortcut files and evade security solutions. Some of the major malware families that have used LNK file

The Hacker News

January 19, 2023 – Breach

Mailchimp discloses a new security breach, the second one in 6 months Full Text

Abstract Popular email marketing and newsletter platform Mailchimp was hacked and the data of dozens of customers were exposed.  The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security...

Security Affairs

January 19, 2023 – Malware

Batloader Abused Legitimate Tools in Q4 2022 Full Text

Abstract Trend Micro laid bare details of Batloader malware in a report that has anti-sandboxing capabilities and can fingerprint hosts for legitimacy. The modular malware abuses legitimate tools such as NirCmd.exe and Nsudo.exe to escalate privileges. First observed in the last quarter of 2022, it was foun ... Read More

Cyware

January 19,2023 – Education

6 Types of Risk Assessment Methodologies + How to Choose Full Text

Abstract An organization's sensitive information is under constant threat. Identifying those security risks is critical to protecting that information. But some risks are bigger than others. Some mitigation options are more expensive than others. How do you make the right decision? Adopting a formal  risk assessment  process gives you the information you need to set priorities. There are many ways to perform a risk assessment, each with its own benefits and drawbacks. We will help you find which of these six risk assessment methodologies works best for your organization. What is Risk Assessment? Risk assessment is the way organizations decide what to do in the face of today's complex security landscape. Threats and vulnerabilities are everywhere. They could come from an external actor or a careless user. They may even be built into the network infrastructure. Decision-makers need to understand the urgency of the organization's risks as well as how much mitigation efforts will cost. Risk as

The Hacker News

January 19, 2023 – Government

US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog Full Text

Abstract US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited...

Security Affairs

January 19, 2023 – Vulnerabilities

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services Full Text

Abstract A web-based Git repository manager, Kudu is the engine behind several Azure App Service features, supporting the deployment and management of code in Azure. The service is used by Functions, App Service, Logic Apps, and other Azure services.

Cyware

January 19,2023 – Criminals

Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals Full Text

Abstract The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of Anatoly Legkodymov (aka Gandalf and Tolik), the cofounder of Hong Kong-registered cryptocurrency exchange Bitzlato, for allegedly processing $700 million in illicit funds. The 40-year-old Russian national, who was arrested in Miami, was charged in a U.S. federal court with "conducting a money transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards, including anti-money laundering requirements," the DoJ  said . According to court documents, Bitzlato is said to have advertised itself as a virtual currency exchange with minimal identification requirements for its users, breaking the rules requiring the vetting of customers. This lack of know your customer (KYC) enforcement led to the service becoming a "haven for criminal proceeds" and facilitating transactions worth more than $700 million on the Hydra darknet marketplace prior

The Hacker News

January 19,2023 – Breach

Mailchimp Suffers Another Security Breach Compromising Some Customers’ Information Full Text

Abstract Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack," the Intuit-owned company  said  in a disclosure. The development was  first reported  by TechCrunch. Mailchimp said it identified the lapse on January 11, 2023, and noted that there is no evidence the unauthorized party breached Intuit systems or other customer information beyond the 133 accounts. It further said the primary contacts for all those affected accounts were notified within 24 hours, and that it has since assisted those users in regaining access to their accounts. The Atlanta-based company, however, did not reveal the duration for which

The Hacker News

January 18, 2023 – Breach

FTX says $415 million of crypto was hacked Full Text

Abstract Bankrupt crypto firm FTX said on Tuesday that $415 million worth of crypto was hacked from the exchange’s accounts, representing a sizable portion of the identified assets the company is trying to recover.

Cyware

January 18,2023 – Malware

Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa Full Text

Abstract An ongoing campaign dubbed  Earth Bogle  is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro  said  in a report published Wednesday. Phishing emails, typically tailored to the victim's interests, are loaded with malicious attachments to activate the infection routine. This takes the form of a Microsoft Cabinet (CAB) archive file containing a Visual Basic Script dropper to deploy the next-stage payload. Alternatively, it's suspected that the files are distributed via social media platforms such as Facebook and Discord, in some cases even creating bogus accounts to serve ads on pages impersonating legitimate news outlets. The CAB files, hosted on cloud storage services, also masquerade as sensitive voice calls to entice

The Hacker News

January 18, 2023 – General

Putting the Tech into Cybersecurity Policy: A Workshop for Social Science and Legal Scholars Full Text

Abstract June 19-22, 2023

Lawfare

January 18, 2023 – General

The Lingering Power of Cyber Brandishing Full Text

Abstract Though many are quick to oversimplify cyber brandishing as counterproductive, the power of cyber brandishing is much more nuanced and useful.

Lawfare

January 18, 2023 – Vulnerabilities

Two critical flaws discovered in Git source code version control system Full Text

Abstract The maintainers of the Git source code version control system urge to update the software to fix two critical vulnerabilities. The maintainers of the Git source code version control system announced to have fixed a couple of critical vulnerabilities,...

Security Affairs

January 18, 2023 – Vulnerabilities

WAGO fixes config export flaw threatening data leak from industrial devices Full Text

Abstract Tracked as CVE-2022-3738, the vulnerability is described as a PHP error in the WAGO web admin interface file download.php, as some lines are commented on using a multi-line comment.

Cyware

January 18,2023 – Attack

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks Full Text

Abstract The threat actor known as  BackdoorDiplomacy  has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its  constellation-themed  moniker  Playful Taurus , said it observed the government domains attempting to connect to malware infrastructure previously identified as associated with the adversary. Also known by the names APT15, KeChang, NICKEL, and Vixen Panda, the Chinese APT group has a history of cyber espionage campaigns aimed at government and diplomatic entities across North America, South America, Africa, and the Middle East at least since 2010. Slovak cybersecurity firm ESET, in June 2021,  unpacked  the intrusions mounted by hacking crew against diplomatic entities and telecommunication companies in Africa and the Middle East using a custom implant known as Turian. Then in December 2021, Microsoft  announced  the seizure of 42 domains operated by t

The Hacker News

January 18, 2023 – Vulnerabilities

A couple of bugs can be chained to hack Netcomm routers Full Text

Abstract A couple of critical vulnerabilities have been discovered in Netcomm rourers, experts warn of their potential exploitation in the wild. The vulnerabilities discovered in the Netcomm routers are a a stack based buffer overflow and an authentication...

Security Affairs

January 18, 2023 – Business

ProArch Acquires Data Protection Firm Trum & Associates Full Text

Abstract The acquisition expands ProArch’s cybersecurity and governance, risk, and compliance (GRC) practices to secure enterprise data to prevent data breaches and establish a culture that values safeguarding corporate data.

Cyware

January 18,2023 – General

Guide: How MSSPs and vCISOs can extend their services into compliance readiness without increasing cost Full Text

Abstract Compliance services are emerging as one of the hottest areas of cybersecurity.  While compliance used to be mainly the province of large enterprises, times have changed, and it is now a day-to-day concern for a growing number of small and medium businesses.  Even when these organizations are not regulated, SMEs often aim to follow compliance and/or security frameworks either for their own risk mitigation or in order to comply with the standards required by their customers. The driver is often their customers' supply chain concerns and requirements. As large businesses adopt cybersecurity and compliance frameworks and agree to certain standards, they impose similar demands on their suppliers. This is a major opportunity for providers of virtual CISO (vCISO) services assuming they can broaden their offerings to encompass compliance. MSSPs, MSPs, consultanies and other vCISO service providers perform a vital role in building a comprehensive cybersecurity program for their SME customer

The Hacker News

January 18, 2023 – Breach

Myrocket HR platform’s data leak turns into privacy nightmare for employees Full Text

Abstract HR management platform myrocket.co has exposed the personal information of hundreds of thousands of employees and millions of job candidates. Original post at CyberNews On December 12, 2022, the Cybernews research team discovered a publicly accessible...

Security Affairs

January 18, 2023 – Malware

Abuse of GitHub Codespaces may Turn it into Malware Distribution Center Full Text

Abstract New research revealed that a feature in GitHub Codespaces could be exploited by threat actors to deliver malware of their choice to a compromised device. Experts at Trend Micro demonstrated a scenario where they could serve malicious content at a rapid rate by exposing ports to the public.

Cyware

January 18,2023 – Vulnerabilities

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers Full Text

Abstract Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as  CVE-2022-4873  and  CVE-2022-4874 , concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running firmware versions earlier than R6B035 . "The two vulnerabilities, when chained together, permit a remote, unauthenticated attacker to execute arbitrary code," the CERT Coordination Center (CERT/CC)  said  in an advisory published Tuesday. "The attacker can first gain unauthorized access to affected devices, and then use those entry points to gain access to other networks or compromise the availability, integrity, or confidentiality of data being transmitted from the internal network." Security researcher  Brendan Scarvell  has been credited with discovering and reporting the issues in October 2022. In a related developme

The Hacker News

January 18, 2023 – Vulnerabilities

Experts found SSRF flaws in four different Microsoft Azure services Full Text

Abstract SSRF vulnerabilities in four Microsoft Azure services could be exploited to gain unauthorized access to cloud resources. Researchers at the security firm Orca discovered that four different Microsoft Azure services were vulnerable to server-side request...

Security Affairs

January 18, 2023 – Vulnerabilities

Oracle’s First Security Update for 2023 Includes 327 New Patches Full Text

Abstract Among the 327 new patches, more than 70 fixes address critical-severity vulnerabilities. Over 200 of the patches resolve security defects that can be exploited remotely without authentication. Some of the resolved bugs impact multiple products.

Cyware

January 18,2023 – Vulnerabilities

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks Full Text

Abstract The maintainers of the  Git  source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as  CVE-2022-23521  and  CVE-2022-41903 , impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0. Patched versions include v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, v2.38.3, and v2.39.1. X41 D-Sec security researchers Markus Vervier and Eric Sesterhenn as well as GitLab's Joern Schneeweisz have been credited with reporting the bugs. "The most severe issue discovered allows an attacker to trigger a heap-based memory corruption during clone or pull operations, which might result in code execution," the German cybersecurity company  said  of CVE-2022-23521. CVE-2022-41903, also a critical vulnerability, is triggered during an archive operatio

The Hacker News

January 18, 2023 – Business

Hypori Secures $10.5M in Series B Funding Full Text

Abstract The round, part of a total fundraising round with commitments to invest up to $18M, was led by Hale Capital Partners with participation from GreatPoint Ventures, and GEN David Petraeus.

Cyware

January 18,2023 – Government

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  published  four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw ( CVE-2022-45092 , CVSS score: 9.9) and command injection ( CVE-2022-2068 , CVSS score: 9.8). Also patched by Siemens is an authentication bypass vulnerability in llhttp parser ( CVE-2022-35256 , CVSS score: 9.8) as well as an out-of-bounds write bug in the OpenSSL library ( CVE-2022-2274 , CVSS score: 9.8) that could be exploited to trigger remote code execution. The German automation company, in December 2022,  released  Service Pack 2 Update 1 software to mitigate the flaws. Separately, a critical flaw has also been revealed in GE Digital's Proficy Historian solution that could result in code execution regardless of

The Hacker News

January 18, 2023 – Breach

Data Leak at Myrocket HR Platform Turns Into Privacy Nightmare for 200K Employees, 9M Job Candidates Full Text

Abstract Researchers found about 435,000 payslips, 300 tax filings, 3,800 insurance payment documents, and 21,000 salary sheets belonging to various companies using the HR platform’s services.

Cyware

January 18, 2023 – Business

Cybersecurity firm Blackpanda closes $15M Series A to deepen its Asia presence Full Text

Abstract The Series A round for the Singapore-based cybersecurity firm, which specializes in incident response and digital forensics, was led by Primavera Venture Partners and Gaw Capital Partners, with participation from San Francisco-based WI Harper.

Cyware

January 17, 2023 – Malware

Rhadamanthys Stealer Spreads via Spam Emails and Google Ads Full Text

Abstract Cybercriminals are using phishing websites to mimic popular software, and raking it better via Google Ads, to trick users into downloading Rhadamanthys Stealer. The stealer spreads using spam emails, including an attachment to drop the malicious payload. The stealer targets several applications, in ... Read More

Cyware

January 17,2023 – Vulnerabilities

Microsoft Azure Services Flaws Could’ve Exposed Cloud Resources to Unauthorized Access Full Text

Abstract Four different Microsoft Azure services have been found vulnerable to server-side request forgery ( SSRF ) attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft. "The discovered Azure SSRF vulnerabilities allowed an attacker to scan local ports, find new services, endpoints, and sensitive files - providing valuable information on possibly vulnerable servers and services to exploit for initial entry and the location of sensitive information to target," Orca researcher By Lidor Ben Shitrit  said  in a report shared with The Hacker News. Two of the vulnerabilities affecting Azure Functions and Azure Digital Twins could be abused without requiring any authentication, enabling a threat actor to seize control of a server without

The Hacker News

January 17, 2023 – Attack

1,000 ships impacted by a ransomware attack on maritime software supplier DNV Full Text

Abstract A ransomware attack against the maritime software supplier DNV impacted approximately 1,000 vessels. About 1,000 vessels have been impacted by a ransomware attack against DNV, one of the major maritime software suppliers.  DNV GL provides solutions...

Security Affairs

January 17, 2023 – Malware

Massive Network of Hundreds of Fake Websites Distributing Raccoon and Vidar Stealers Full Text

Abstract Attackers have been using a large and resilient infrastructure to distribute two prominent info-stealers—Raccoon and Vidar—possibly since early 2020, revealed security experts. Experts found that the intrusion sets are implementing defense evasion techniques to increase the chances of successfully ... Read More

Cyware

January 17,2023 – Hacker

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware Full Text

Abstract New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces  is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code. It also comes with a port forwarding feature that makes it possible to access a web application that's running on a particular port within the codespace directly from the browser on a local machine for testing and debugging purposes. "You can also forward a port manually, label forwarded ports, share forwarded ports with members of your organization, share forwarded ports publicly, and add forwarded ports to the codespace configuration," GitHub  explains  in its documentation. It's  important  to note here that any forwarded port that's made public will also permit any party with knowledge of the URL

The Hacker News

January 17, 2023 – Vulnerabilities

How to abuse GitHub Codespaces to deliver malicious content Full Text

Abstract Researchers demonstrated how to abuse a feature in GitHub Codespaces to deliver malware to victim systems. Trend Micro researchers reported that it is possible to abuse a legitimate feature in the development environment GitHub Codespaces to deliver...

Security Affairs

January 17, 2023 – Malware

Google Ads Malware Wipes NFT Influencer’s Crypto Wallet Full Text

Abstract An NFT influencer with the Twitter handle @NFT_GOD claims to have lost thousands of dollars worth of non-fungible tokens (NFTs) and crypto in a Google Ads-delivered malware attack.

Cyware

January 17,2023 – Education

4 Places to Supercharge Your SOC with Automation Full Text

Abstract It's no secret that the job of SOC teams continues to become increasingly difficult. Increased volume and sophistication of attacks are plaguing under-resourced teams with false positives and analyst burnout. However, like many other industries, cybersecurity is now beginning to lean on and benefit from advancements in automation to not only maintain the status quo, but to attain better security outcomes. Automation across multiple phases of the SOC workflow The need for automation is clear, and it is apparent that it is becoming table stakes for the industry. Of all cyber resilient organizations, IBM estimates that  62%  have deployed automation, AI and machine learning tools and processes.  Up until now, much of these advancements in automation have been focused on response, with SOAR and incident response tools playing an instrumental role in tackling the most urgent phase of the SOC workflow.  Centering the focus only on response, however, means we're treating the sym

The Hacker News

January 17, 2023 – Vulnerabilities

Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon Full Text

Abstract A PoC exploit code for the unauthenticated remote code execution vulnerability CVE-2022-47966 in Zoho ManageEngine will be released soon. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho...

Security Affairs

January 17, 2023 – Malware

This banking virus is ‘December 2022’s Most Wanted Malware’ Full Text

Abstract According to Check Point's Global Threat Index for December 2022 report, Qbot was the most prevalent malware last month impacting 7% of organizations worldwide, followed by Emotet with a global impact of 4% and XMRig with a global impact of 3%.

Cyware

January 17,2023 – Malware

Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It’s Too Late! Full Text

Abstract Users of Zoho ManageEngine are being urged to patch their instances against a critical security vulnerability ahead of the release of a proof-of-concept ( PoC ) exploit code. The issue in question is  CVE-2022-47966 , an unauthenticated remote code execution vulnerability affecting several products due to the use of an outdated third-party dependency, Apache Santuario. "This vulnerability allows an unauthenticated adversary to execute arbitrary code," Zoho  warned  in an advisory issued late last year, noting that it affects all ManageEngine setups that have the SAML single sign-on (SSO) feature enabled, or had it enabled in the past. Horizon3.ai has now released Indicators of Compromise (IOCs) associated with the flaw, stating that it was able to successfully reproduce the exploit against ManageEngine ServiceDesk Plus and ManageEngine Endpoint Central products. "The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' acr

The Hacker News

January 17, 2023 – Malware

Fortinet observed three rogue PyPI packages spreading malware Full Text

Abstract Researchers discovered three malicious packages that have been uploaded to the Python Package Index (PyPI) repository by Lolip0p group. FortiGuard Labs researchers discovered three malicious PyPI packages (called ‘colorslib’, ‘httpslib’,...

Security Affairs

January 17, 2023 – Attack

Danish Consumers Targeted by Smishing Attack Wave Full Text

Abstract Contacted by an anonymous reader, Heimdal was made aware that numerous Danish smartphone owners have been flooded by cryptic messages from a user that goes by the moniker of “Dansk-game.”

Cyware

January 17,2023 – Malware

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems Full Text

Abstract A threat actor by the name  Lolip0p  has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named  colorslib  (versions 4.6.11 and 4.6.12),  httpslib  (versions 4.6.9 and 4.6.11), and  libhttps  (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023. They have since been yanked from PyPI but not before they were cumulatively downloaded over 550 times. The modules come with identical setup scripts that are designed to invoke PowerShell and run a malicious binary (" Oxzy.exe ") hosted on Dropbox, Fortinet  disclosed  in a report published last week. The executable, once launched, triggers the retrieval of a next-stage, also a binary named  update.exe , that runs in the Windows temporary folder ("%USER%\AppData\Local\Temp\"). update.exe is flagged by antivirus vendors on VirusTotal as an information stealer that's also capable of

The Hacker News

January 17, 2023 – Education

Managing Asset Risks During Healthcare M&As Full Text

Abstract How healthcare delivery organizations (HDOs) can manage the IT asset risks during a healthcare M&A process. Mergers and Acquisitions (M&A), you’ve probably heard the term before. An M&A is often associated with the “business world”;...

Security Affairs

January 17, 2023 – Policy and Law

Hacked evidence and stolen data swamp English courts Full Text

Abstract A multimillion-pound high court case between an authoritarian Gulf emirate and an Iranian-American businessman has revealed how hacked evidence is being used by leading law firms to advance their clients’ claims.

Cyware

January 17, 2023 – Phishing

Hackers use fear of mobilization to target Russians with phishing attacks Full Text

Abstract In a phishing campaign described by the Russian cybersecurity channel In2security on Telegram and confirmed by researchers from Kaspersky Lab, attackers used a phishing website and Telegram bot to collect personal data from Russian users.

Cyware

January 16, 2023 – Malware

EyeSpy Spyware Targets Iranian VPN Users Full Text

Abstract Bitdefender security analysts stumbled across a malware threat campaign dropping EyeSpy spyware. It is originally considered to be a part of a monitoring application called SecondEye. The campaign appears to have begun in May last year from Iran, with infections detected across Germany and the U.S. ... Read More

Cyware

January 16,2023 – Malware

Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software Full Text

Abstract A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such as  Raccoon  and  Vidar  since early 2020. The infection chain "uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub," cybersecurity firm SEKOIA  said  in an analysis published earlier this month. The French cybersecurity company assessed the domains to be operated by a threat actor running a traffic direction system ( TDS ), which allows other cybercriminals to rent the service to distribute their malware. The attacks target users searching for cracked versions of software and games on search engines like Google, surfacing fraudulent websites on top by leveraging a technique called search engine optimization (SEO) poisoning to lure victims into downloading and executing the malicious payloads. The poisoned result

The Hacker News

January 16, 2023 – Ransomware

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware Full Text

Abstract Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover...

Security Affairs

January 16, 2023 – Breach

Medical Imaging Firm Faces 2 Class Actions in 2022 Breach Full Text

Abstract Shields Health Care Group, a prominent Massachusetts-based medical imaging services provider, is facing proposed class action lawsuits in federal and state court stemming from a 2022 breach that affected 2 million individuals.

Cyware

January 16,2023 – Solution

A Secure User Authentication Method – Planning is More Important than Ever Full Text

Abstract When considering authentication providers, many organizations consider the ease of configuration, ubiquity of usage, and technical stability. Organizations cannot always be judged on those metrics alone. There is an increasing need to evaluate company ownership, policies and the stability, or instability, that it brings. How Leadership Change Affects Stability In recent months, a salient example is that of Twitter. The Twitter platform has been around since 2006 and is used by millions worldwide. With many users and a seemingly robust authentication system, organizations used Twitter as a primary or secondary authentication service. Inconsistent leadership and policies mean the stability of a platform is subject to change, which is especially true with Twitter as of late. The ownership change to Elon Musk precipitated widespread changes to staffing and policies. Due to those changes,  a large portion of staff was let go , but this included many individuals responsible for the techn

The Hacker News

January 16, 2023 – Malware

Experts spotted a backdoor that borrows code from CIA’s Hive malware Full Text

Abstract Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA's Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA's Project Hive...

Security Affairs

January 16, 2023 – Phishing

Address Poisoning Scam Hits MetaMask Users Full Text

Abstract MetaMask, the cryptocurrency wallet provider, disclosed a new scam baiting its users into sending funds to scammers’ wallet addresses. The address poisoning technique used by scammers relies on similarity to the original recipients’ addresses. Creating an address that closely matches a target addre ... Read More

Cyware

January 16,2023 – Government

CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS)  advisories  warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio, which could be exploited by an attacker to "obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code,"  according to CISA . This includes CVE-2022-45444 (CVSS score: 10.0), a case of hard-coded passwords for select users in the application's database that potentially grant remote adversaries unrestricted access. Also notable are two command injection flaws (CVE-2022-47911 and CVE-2022-43483, CVSS scores: 9.1) and an out-of-bounds write vulnerability (CVE-2022-41989, CVSS score: 9.1) that could result in denial-of-service condition or code execution. The vulnerabilities

The Hacker News

January 16, 2023 – Vulnerabilities

T95 Android TV Box sold on Amazon hides sophisticated malware Full Text

Abstract Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected...

Security Affairs

January 16, 2023 – Business

SailPoint acquires SecZetta to help companies validate non-employee identities Full Text

Abstract With SecZetta, SailPoint will be able to expand its capabilities to help companies gain better visibility into all types of identities, across both employee and non-employee identities all from a single, market-leading identity security platform.

Cyware

January 16,2023 – Malware

New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild Full Text

Abstract Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s  Hive  multi-platform  malware suite , the source code of which was  released  by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive attack kit in the wild, and we named it  xdr33  based on its embedded Bot-side certificate CN=xdr33," Qihoo Netlab 360's Alex Turing and Hui Wang  said  in a technical write-up published last week. xdr33 is said to be propagated by exploiting an unspecified N-day security vulnerability in F5 appliances. It communicates with a command-and-control (C2) server using SSL with forged Kaspersky certificates. The intent of the backdoor, per the Chinese cybersecurity firm, is to harvest sensitive information and act as a launchpad for subsequent intrusions. It improves upon Hive by adding new C2 instructions and functionalities, among other implementation changes. The  ELF

The Hacker News

January 16, 2023 – Criminals

Europol arrested cryptocurrency scammers that stole millions from victims Full Text

Abstract An international police operation led by Europol led to the arrest of cryptocurrency scammers targeting users all over the world. An international law enforcement operation conducted by authorities from Bulgaria, Cyprus, Germany and Serbia, supported...

Security Affairs

January 16, 2023 – Ransomware

Cuba Ransomware Exploits Microsoft SSRF Vulnerability Full Text

Abstract Sophos reported that the Cuba ransomware group used malicious hardware devices certified by Microsoft’s Windows Hardware Developer Program in an attack that abuses OWASSRF vulnerability.

Cyware

January 16, 2023 – Criminals

Undercover with the Leader of Lockbit Full Text

Abstract LockBitSupp’s focus on professionalizing the group is part of the reason why Lockbit has found such success in the cybercriminal world – the group accounted for 44 percent of the total ransomware attacks launched last year.

Cyware

January 16, 2023 – Outage

Hackers disrupt 24 Hours of Le Mans Virtual esports event Full Text

Abstract The five-round championship, which culminates in a live 24-hour finale, is ending on a sour note after server problems saw Verstappen - who was leading the race by over a minute - thrown out of the game and disconnected.

Cyware

January 16, 2023 – General

Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems Full Text

Abstract The US Department of Defense (DoD) is getting ready to launch the third installment of its ‘Hack the Pentagon’ bug bounty program, which will focus on the Facility Related Controls System (FRCS) network.

Cyware

January 15, 2023 – Breach

CircleCI says hackers stole encryption keys and customers’ secrets Full Text

Abstract CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month.

Cyware

January 15, 2023 – Breach

1.7 TB of data stolen from digital intelligence firm Cellebrite leaked online Full Text

Abstract 1.7 TB of data stolen from Cellebrite, a digital intelligence company that provides tools for law enforcement, were leaked online. The Israeli mobile forensics firm Cellebrite is one of the leading companies in the world in the field of digital...

Security Affairs

January 15, 2023 – Criminals

Hacker stole credit cards from the website of Canada’s largest alcohol retailer LCBO Full Text

Abstract The Canadian Liquor Control Board of Ontario (LCBO), the largest beverage alcohol retailer in the country, disclosed Magecart attack. Canadian Liquor Control Board of Ontario (LCBO), the largest beverage alcohol retailer in the country, disclosed...

Security Affairs

January 15, 2023 – General

Security Affairs newsletter Round 402 by Pierluigi Paganini Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Most...

Security Affairs

January 14,2023 – Attack

Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident Full Text

Abstract DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus software. "The malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems," Rob Zuber, CircleCI's chief technology officer,  said  in an incident report. Further analysis of the security lapse revealed that the unauthorized third-party pilfered data from a subset of its databases by abusing the elevated permissions granted to the targeted employee. This included customer environment variables, tokens, and keys. The threat actor is believed t

The Hacker News

January 14,2023 – Vulnerabilities

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability Full Text

Abstract A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which  found  only 26 out of a total of 6,427 servers to be running a  patched version  of Cacti (1.2.23 and 1.3.0). The  issue  in question relates to  CVE-2022-46169  (CVSS score: 9.8), a combination of authentication bypass and command injection that enables an unauthenticated user to execute arbitrary code on an affected version of the open-source, web-based monitoring solution. Details about the flaw, which impacts versions 1.2.22 and below, were first revealed by SonarSource. The flaw was reported to the project maintainers on December 2, 2022. "A hostname-based authorization check is not implemented safely for most installations of Cacti," SonarSource researcher Stefan Schiller  noted  earlier this month, adding "uns

The Hacker News

January 14, 2023 – Vulnerabilities

Most internet-exposed Cacti servers exposed to hacking Full Text

Abstract Most internet-exposed Cacti servers are vulnerable to the critical vulnerability CVE-2022-46169 which is actively exploited in the wild. Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management...

Security Affairs

January 14, 2023 – Policy and Law

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023 – Denial Of Service

Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries Full Text

Abstract A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

Cyware

January 14,2023 – Policy and Law

TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws Full Text

Abstract Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after  Amazon, Google, Meta , and  Microsoft  since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in a sufficiently precise way of the objectives of the different cookies," the Commission nationale de l'informatique et des libertés (CNIL)  said  in a statement. The regulator said it conducted several audits between May 2020 and June 2022, finding that the ByteDance-owned company did not offer a straightforward option to refuse all cookies as opposed to just one click for accepting them. The option to "refuse all" cookies was introduced by TikTok in February 2022. "Making the opt-out mechanism more complex is in fact discouraging users from refusing cookies and

The Hacker News

January 14, 2023 – Vulnerabilities

Most Cacti Installations Unpatched Against Exploited Vulnerability Full Text

Abstract In December 2022, the tool’s maintainers announced patches for CVE-2022-46169, a critical-severity command injection flaw that could allow unauthenticated attackers to execute code on the server running Cacti, if a specific data source was used.

Cyware

January 14,2023 – Vulnerabilities

Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers Full Text

Abstract Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The  issues  are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious commands on the underlying operating system. The most severe of the two is CVE-2023-20025 (CVSS score: 9.0), which is the result of improper validation of user input within incoming HTTP packets. A threat actor could exploit it remotely by sending a specially crafted HTTP request to vulnerable routers' web-based management interface to bypass authentication and obtain elevated permissions. The lack of adequate validation is also the reason behind the second flaw tracked as CVE-2023-20026 (CVSS score: 6.5), permitting an attacker with valid admin credentials to achieve root-level privi

The Hacker News

January 13, 2023 – Breach

NortonLifeLock: threat actors breached Norton Password Manager accounts Full Text

Abstract Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton...

Security Affairs

January 13, 2023 – Hacker

Pro-Russia group NoName057(16) targets Ukraine and NATO countries Full Text

Abstract A Pro-Russian group named NoName057(16) is targeting organizations in Ukraine and NATO countries with DDoS attacks. A Pro-Russian cybercrime group named NoName057(16) (aka 05716nnm or Nnm05716) is behind a wave of DDoS attacks against organizations...

Security Affairs

January 13, 2023 – General

Cyber Jobs of the Future: Sleuth, Bodyguard, ‘Immunity’ Developer Full Text

Abstract Positions in outer space cybersecurity, AI mentoring, and digital footprint consulting may sound unusual at first glance, but the rapid development of technology could make them a reality in just a few years.

Cyware

January 13,2023 – Privacy

Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware Full Text

Abstract Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed  EyeSpy  as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender  said  in an analysis. A majority of the infections are said to originate in Iran, with smaller detections in Germany and the U.S., the Romanian cybersecurity firm added. SecondEye, according to  snapshots  captured via the Internet Archive, claims to be a commercial monitoring software that can work as a "parental control system or as an online watchdog." As of November 2021, it's offered for sale anywhere between $99 to $200. It comes with a wide range of features that allows it to take screenshots, record microphone, log keystrokes, gather files and saved passwords from web browsers, and remotely control the machines to run arbitrary c

The Hacker News

January 13, 2023 – Attack

LockBit ransomware operation behind the Royal Mail cyberattack Full Text

Abstract The cyberattack on Royal Mail, Britain’s postal service, is a ransomware attack that was linked to the LockBit ransomware operation. Royal Mail, the British multinational postal service and courier company, this week announced...

Security Affairs

January 13, 2023 – Government

New York state adds $35 million to 2023 cybersecurity budget as attacks soar Full Text

Abstract New York Governor Kathy Hochul is adding an additional $35 million in funding to the state’s $61.9 million cybersecurity budget for this year, while also creating a new team focusing on protecting critical infrastructure.

Cyware

January 13,2023 – Criminals

Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar Full Text

Abstract Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive ( JAR ) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher Simon Kenin  said  in a report. Polyglot files  are files that combine syntax from two or more different formats in a manner such that each format can be parsed without raising any error. One such 2022 campaign spotted by the cybersecurity firm is the use of JAR and MSI formats – i.e., a file that's valid both as a JAR and an MSI installer – to deploy the StrRAT payload. This also means that the file can be executed by both Windows and Java Runtime Environment (JRE) based on how it's interpreted. Another instance involves the use of CAB and JAR polyglots to deliver bot

The Hacker News

January 13, 2023 – Attack

Threat actors target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 bug Full Text

Abstract Recently patched Fortinet FortiOS SSL-VPN zero-day exploited in attacks against government organizations and government-related targets. Fortinet researchers reported how threat actors exploited the recently patched FortiOS SSL-VPN vulnerability (CVE-2022-42475)...

Security Affairs

January 13, 2023 – Privacy

Long data privacy notices on social media sites Full Text

Abstract Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed case documents in which Meta was fined $414 million.

Cyware

January 13,2023 – General

Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023! Full Text

Abstract As the new year begins, it's more important than ever to protect your business from the constantly evolving cyber threats that could compromise your valuable assets.  But who wants to pay an arm and a leg for top-tier security? With this Uptycs introductory offer, you do not have to. Kickstart the new year by securing your business with Uptycs. Starting now, for just $1, you can get comprehensive agentless and runtime cloud security coverage for all of 2023, covering up to 1,000 eligible assets. That's right, for just $1 —  Learn more about the 'Uptycs Secret Dollar Menu.' But that's not all. This offer also includes: Professionally managed onboarding and unlimited customer support to ensure seamless setup and ongoing assistance Advanced security features such as Unified CNAPP (Cloud-Native Application Protection Platform) and XDR (eXtended Detection and Response) that provide state-of-the-art threat protection Automated CI/CD image and registry scans to e

The Hacker News

January 13,2023 – Attack

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations Full Text

Abstract A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers  said  in a post-mortem analysis published this week. The attacks entailed the exploitation of  CVE-2022-42475 , a heap-based buffer overflow flaw that could enable an unauthenticated remote attacker to execute arbitrary code via specifically crafted requests. The infection chain analyzed by the company shows that the end goal was to deploy a generic Linux implant modified for FortiOS that's equipped to compromise Fortinet's intrusion prevention system ( IPS ) software and establish connections with a remote server to download additional malware and execute commands. Fortinet said it was unable to recover the payloads used in the su

The Hacker News

January 12, 2023 – Policy and Law

Lawsuit accuses Apple of tracking iPhone users who opted out Full Text

Abstract Apple "unlawfully records and uses consumers' personal information and activity," claims a new lawsuit accusing the company of tracking iPhone users' device data even when they've asked for tracking to be switched off.

Cyware

January 12,2023 – Breach

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours Full Text

Abstract A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers  said  in a report published this week. IcedID , also known by the name BokBot, started its life as a banking trojan in 2017 before evolving into a  dropper for other malware , joining the likes of  Emotet ,  TrickBot ,  Qakbot ,  Bumblebee , and  Raspberry Robin . Attacks involving the delivery of IcedID have  leveraged a variety of methods , especially in the wake of  Microsoft's decision to block macros  from Office files downloaded from the web. The intrusion detailed by Cybereason is no different in that the infection chain begins with an ISO image file contained within a ZIP a

The Hacker News

January 12, 2023 – Vulnerabilities

Critical bug in Cisco EoL Small Business Routers will receive no patch Full Text

Abstract Cisco warns of a critical flaw in small business RV016, RV042, RV042G, and RV082 routers, which have reached end of life (EoL). Cisco is warning of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business...

Security Affairs

January 12, 2023 – Vulnerabilities

Asus router access, information disclosure, denial of service vulnerabilities discovered Full Text

Abstract Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also support mesh networking with other Asus routers.

Cyware

January 12,2023 – Vulnerabilities

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover Full Text

Abstract Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon Security , the issues are tracked as  CVE-2022-38773  (CVSS score: 4.6), with the low severity stemming from the prerequisite that exploitation requires physical tampering of the device. The flaws "could allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data," the company  said . More than 100 models are susceptible. Put differently, the weaknesses are the result of a lack of asymmetric signature verifications for firmware at bootup, effectively permitting the attacker to load tainted bootloader and firmware while undermining integrity protections. A more severe consequence of loading such modified firmw

The Hacker News

January 12, 2023 – Vulnerabilities

Threat actors actively exploit Control Web Panel RCE following PoC release Full Text

Abstract Threat actors are actively exploiting a recently patched critical remote code execution (RCE) vulnerability in Control Web Panel (CWP). Threat actors are actively exploiting a recently patched critical vulnerability, tracked as CVE-2022-44877 (CVSS...

Security Affairs

January 12, 2023 – Breach

Hundreds of SugarCRM servers infected with critical in-the-wild exploit Full Text

Abstract For the past two weeks, hackers have been exploiting a critical vulnerability in the SugarCRM software to infect users with malware that gives them full control of their servers.

Cyware

January 12,2023 – Vulnerabilities

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk Full Text

Abstract Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with  symlinks  when processing files and directories," Imperva researcher Ron Masas  said . "Specifically, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files." Google characterized the medium-severity issue (CVE-2022-3656) as a case of insufficient data validation in File System,  releasing   fixes  for it in versions 107 and 108 released in October and November 2022. Dubbed SymStealer, the vulnerability, at its core, relates to a type of weakness known as symbolic link (aka symlink) following, which  occurs  when an attacker abuses the feature to bypass the file system restrictions of a progra

The Hacker News

January 12, 2023 – Insider Threat

Threat actors claim access to Telegram servers through insiders Full Text

Abstract Researchers reported that a threat actor claims to provide access to internal servers at Telegram for $20,000. SafetyDetectives reported that a member of a dark web marketplace is claiming to provide access to internal servers at Telegram for $20,000. The...

Security Affairs

January 12, 2023 – General

Health3PT Council unites healthcare CISOs to solve third-party cyber risk Full Text

Abstract Amid heightened threats to healthcare systems, more than 20 leading healthcare organizations have come together to identify effective, efficient, and new innovative approaches to reduce cyber risk across the industry’s third-party ecosystem.

Cyware

January 12,2023 – General

Patch Where it Hurts: Effective Vulnerability Management in 2023 Full Text

Abstract A recently published  Security Navigator  report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to correct the most significant flaws and reduce the company's attack surface the most. Company data and threat intelligence need to be correlated and automated. This is essential to enable internal teams focus their remediation efforts. Suitable technologies can take the shape of a global Vulnerability Intelligence Platform. Such a platform can help to prioritize vulnerabilities using a risk score and let companies focus on their real organizational risk.  Getting Started Three facts to have in mind before establishing an effective vulnerability management program:  1. The number of discov

The Hacker News

January 12, 2023 – Breach

Twitter: 200M dataset was not obtained through the exploitation of flaws in its systems Full Text

Abstract Twitter said that its investigation revealed that users' data offered for sale online was not obtained from its systems. Twitter provided an update on its investigation launched after data of 200 Million users were offered for sale online. The company...

Security Affairs

January 12, 2023 – Outage

Royal Mail Overseas Post Badly Disrupted After Cybersecurity Incident Full Text

Abstract Royal Mail has asked customers to stop sending parcels and letters to overseas destinations after a cyber incident caused “severe service disruption” to international exports.

Cyware

January 12,2023 – Breach

Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System Full Text

Abstract Twitter on Wednesday said that its investigation found "no evidence" that users' data sold online was obtained by exploiting any security vulnerabilities in its systems. "Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems," the company  said  in a statement. "The data is likely a collection of data already publicly available online through different sources." The disclosure comes in the wake of  multiple   reports  that Twitter data belonging to millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been made available for sale on online criminal forums. The social media giant further said the breach "could not be correlated with the previously reported incident, nor with any new incident," adding no passwords were exposed. The two datasets published in

The Hacker News

January 12, 2023 – Breach

Social marketplace Trustanduse exposes nearly half a million users Full Text

Abstract Security loopholes on social marketplace website trustanduse.com exposed data of around 439,000 users including many businesses for at least six months. Disclosing personal data on platforms providing digital services is always risky. The Cybernews...

Security Affairs

January 12, 2023 – Breach

Social Marketplace Trustanduse Exposes Nearly Half a Million Users Full Text

Abstract The discovered database included sensitive data such as usernames, full personal names, Facebook IDs, phone numbers, and passwords hashed with the BCrypt algorithm, which is considered safe.

Cyware

January 12,2023 – Vulnerabilities

Alert: Hackers Actively Exploiting Critical “Control Web Panel” RCE Vulnerability Full Text

Abstract Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as  CVE-2022-44877  (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was  patched  by its maintainers on October 25, 2022. Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems. "login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter," according to  NIST . Gais Security researcher Numan Turle has been credited with discovering and reporting the flaw to the Control Web Panel developers. Exploitation of the flaw is said to have commenced on January 6, 2023, following the  availability  of a proof

The Hacker News

January 11, 2023 – Vulnerabilities

Microsoft Exchange bugs top list of exploited vulnerabilities affecting financial sector Full Text

Abstract Researchers at LookingGlass examined public internet-facing assets from over 7 million IP addresses belonging to the sector in November 2022 – finding that a seven-year-old RCE vulnerability affecting Microsoft Windows topped the list.

Cyware

January 11,2023 – Malware

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors Full Text

Abstract A new analysis of Raspberry Robin's attack infrastructure has  revealed  that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is malware that has  increasingly   come under the radar  for being used in attacks aimed at finance, government, insurance, and telecom entities. Given its use multiple threat actors to drop a wide range of payloads such as SocGholish , Bumblebee ,  TrueBot ,  IcedID , and  LockBit  ransomware, it's suspected to be a pay-per-install (PPI) botnet capable of serving next-stage payloads. Raspberry Robin, notably, employs infected USB drives as a propagation mechanism and leverages breached QNAP network-attached storage (NAS) devices as first-level command-and-control (C2). Cybersecurity firm SEKOIA said it was able to identify at least eight virtual private servers (VPSs) hosted

The Hacker News

January 11, 2023 – Outage

Royal Mail is suffering service disruption due to a ‘cyber incident’ Full Text

Abstract Royal Mail, Britain’s postal service, announced it has suffered a “cyber incident” that caused a "severe service disruption.” Royal Mail, the British multinational postal service and courier company, announced this week that a “cyber...

Security Affairs

January 11, 2023 – Attack

New Info-Stealer Malware Campaign Targets Italian Users Full Text

Abstract The multi-stage infection sequence begins with a phishing email containing a link that downloads a password-protected ZIP archive file with two files: a shortcut (.LNK) file and a batch (.BAT) file.

Cyware

January 11,2023 – Attack

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks Full Text

Abstract A wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit , also called Gootloader, is  known  to  employ  search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common keywords. Like other malware of its kind, Gootkit is capable of stealing data from the browser, performing adversary-in-the-browser (AitB) attacks, keylogging, taking screenshots, and other malicious actions. Trend Micro's  new findings  reveal that the keywords "hospital," "health," "medical," and "enterprise agreement" have been paired with various city names in Australia, marking the malware's expansion beyond accounting and law firms. The starting point of the cyber assault is to direct users searching for the same keywords to an infected Wo

The Hacker News

January 11, 2023 – Attack

Gootkit Loader campaign targets Australian Healthcare Industry Full Text

Abstract Threat actors are targeting organizations in the Australian healthcare sector with the Gootkit malware loader. Trend Micro researchers warn that Gootkit Loader is actively targeting the Australian healthcare industry. The experts analyzed a series...

Security Affairs

January 11, 2023 – Ransomware

Ransomware tracker: the latest figures [January 2023] Full Text

Abstract The number of victims posted on ransomware extortion sites rose more than 20% in December to 241 organizations — the highest monthly count since April, according to data collected by Recorded Future.

Cyware

January 11,2023 – Education

Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99 Full Text

Abstract Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle ! This unparalleled offer grants you lifetime access to nine comprehensive courses in information security, hacking, and cybersecurity at a remarkable price of just $49.99. Yes, you heard me right. Instead of paying the full price of $1,791.00, you can now get access to all of these exceptional courses for a fraction of the original price. These courses cover everything from fundamental cybersecurity concepts to advanced hacking and vulnerability assessment methods, and are taught by industry experts with years of experience. But why should you invest in this package? First, with the increasing reliance on technology and the Internet, information security has become an important issue for individuals and businesses. The bundle provides in-depth knowledge and skills to protect against cyber threats. As a result, you will

The Hacker News

January 11, 2023 – Government

US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog Full Text

Abstract US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities...

Security Affairs

January 11, 2023 – APT

StrongPity APT Uses Trojanized Telegram App to Backdoor its Victims Full Text

Abstract According to ESET researchers , attackers use a fake Shagle website that tricks victims into downloading the malicious APK file. In reality, the app is a trojanized version of the standard Telegram app for Android.

Cyware

January 11,2023 – APT

Dark Pink APT Group Targets Governments and Military in APAC Region Full Text

Abstract Government and military organizations in the Asia-Pacific region are being targeted by a previously unknown advanced persistent threat (APT) actor, per the latest research conducted by Albert Priego of Group-IB Singapore-headquartered Group-IB, in a  report  shared with The Hacker News, said it's tracking the ongoing campaign under the name  Dark Pink  and attributed seven successful attacks to the adversarial collective between June and December 2022. The bulk of the attacks have singled out military bodies, government ministries and agencies, and religious and non-profit organizations in Cambodia, Indonesia, Malaysia, Philippines, Vietnam, and Bosnia and Herzegovina, with one unsuccessful intrusion reported against an unnamed European state development body based in Vietnam. The threat actor is estimated to have commenced its operations way back in mid-2021, although the attacks ramped up only a year later using a never-before-seen custom toolkit designed to plunder valuable

The Hacker News

January 11, 2023 – Vulnerabilities

Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day Full Text

Abstract Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components;...

Security Affairs

January 11, 2023 – Attack

Lorenz Ransomware Completes its Attack After Five Months Full Text

Abstract S-RM researchers identified a Lorenz ransomware attack that was completed months after the attackers gained initial access. They exploited CVE-2022-29499, a vulnerability in Mitel telephony infrastructure.

Cyware

January 11,2023 – Vulnerabilities

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit Full Text

Abstract The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of  98 security flaws , including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with one of the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release updates for its Chromium-based Edge browser.  The vulnerability that's under attack relates to  CVE-2023-21674  (CVSS score: 8.8), a privilege escalation flaw in Windows Advanced Local Procedure Call ( ALPC ) that could be exploited by an attacker to gain SYSTEM permissions. "This vulnerability could lead to a browser sandbox escape," Microsoft noted in an advisory, crediting Avast researchers Jan Vojtěšek, Milánek, and Przemek Gmerek for reporting the bug. While details of the vulnerability are still under wraps, a successful exploit requires an attacker to have alrea

The Hacker News

January 11, 2023 – Breach

Data Leak Impacts Information of 10,000 French Social Security Beneficiaries Full Text

Abstract More than 10,000 beneficiaries of a local branch of the French social security agency CAF, or Family Allowance Fund, saw their data exposed for about 18 months, after a file containing personal information was sent to a service provider.

Cyware

January 10, 2023 – Vulnerabilities

Prototype pollution-like bug variant discovered in Python Full Text

Abstract Security researcher Abdulraheem Khaled has discovered a coding scheme that can allow attackers to perform prototype pollution-like attacks on Python programs. He calls it ‘class pollution’ in a blog post documenting his findings.

Cyware

January 10,2023 – Hacker

StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users Full Text

Abstract The advanced persistent threat (APT) group known as  StrongPity  has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle . "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko  said  in a technical report. "The app is a modified version of the open source Telegram app, repackaged with StrongPity backdoor code." StrongPity , also known by the names APT-C-41 and Promethium, is a cyberespionage group active since at least 2012, with a majority of its operations focused on Syria and Turkey. The existence of the group was first publicly reported by Kaspersky in October 2016. The threat actor's  campaigns  have since expanded to encompass more targets across Africa, Asia, Europe, and North America, with the intrusions leveraging watering hole attacks and phishing messages to ac

The Hacker News

January 10, 2023 – General

Gentlemen’s Rules for Reading Each Other’s Mail: The New OECD Principles on Government Access to Personal Data Held by Private Sector Entities Full Text

Abstract For the first time, major world democracies have gone public with a set of common protections that they apply when accessing individuals’ personal data for intelligence or law enforcement purposes.

Lawfare

January 10, 2023 – APT

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site Full Text

Abstract The StrongPity APT group targeted Android users with a trojanized version of the Telegram app served through a website impersonating a video chat service called Shagle. ESET researchers reported that StrongPity APT group targeted Android...

Security Affairs

January 10, 2023 – Attack

British Company That Supports Semiconductor Manufacturing Hit by Cyber Incident Full Text

Abstract No explanation of the attack’s impact on its business operations has yet been disclosed, nor has the nature of the attack. The company stated it is “taking steps to ensure that its businesses can continue to trade with its customers and suppliers.”

Cyware

January 10,2023 – Vulnerabilities

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App Full Text

Abstract A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat models,  according  to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong, who reported the issues to Threema on October 3, 2022. The weaknesses have since been addressed as part of  updates  released by the company on November 29, 2022. Threema is an encrypted messaging app that's used by more than 11 million users as of October 2022. "Security and privacy are deeply ingrained in Threema's DNA," the company  claims  on its website. Officially used by the Swiss Government and the Swiss Army, it's also advertised as a secure alternative alongside other services such as Signal, Meta-owned WhatsApp, and Telegram. While Threema has been sub

The Hacker News

January 10, 2023 – Vulnerabilities

Zoom Rooms was affected by four “high” severity vulnerabilities Full Text

Abstract Zoom addressed four "high" severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four "high" severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs...

Security Affairs

January 10, 2023 – Education

How DNSChanger Changed Cybersecurity Full Text

Abstract In November 2011, the FBI-led Operation Ghost Click raided malicious servers run by the Rove Digital cyber group. This was only after it had used the DNSChanger Trojan to infect over four million computers and generate $14 million in illicit profits.

Cyware

January 10,2023 – Attack

Italian Users Warned of Malware Attack Targeting Sensitive Information Full Text

Abstract A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines," Uptycs security researcher Karthickkumar Kathiresan  said  in a report. Details of the campaign were first  disclosed  by Milan-based IT services firm SI.net last month. The multi-stage infection sequence commences with an invoice-themed phishing email containing a link that, when clicked, downloads a password-protected ZIP archive file, which harbors two files: A shortcut (.LNK) file and a batch (.BAT) file. Irrespective of which file is launched, the attack chain remains the same, as opening the shortcut file fetches the same batch script designed to install the information stealer payload from a GitHub repository. This is achieved by leveraging

The Hacker News

January 10, 2023 – Vulnerabilities

Remote code execution bug discovered in the popular JsonWebToken library Full Text

Abstract The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken (JWT) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS...

Security Affairs

January 10, 2023 – Breach

Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it Full Text

Abstract American investigative reporter Emma Best, a founder of the whistleblower site Distributed Denial of Secrets (DDoSecrets), told The Record in July that hackers had leaked over 12 million Russian documents to the organization since February.

Cyware

January 10,2023 – Vulnerabilities

Severe Security Flaw Found in “jsonwebtoken” Library Used by 22,000+ Projects Full Text

Abstract A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this  vulnerability , attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur Oleyarsh  said  in a Monday report. Tracked as  CVE-2022-23529  (CVSS score: 7.6), the issue impacts all versions of the library, including and below 8.5.1, and has been addressed in  version 9.0.0  shipped on December 21, 2022. The flaw was reported by the cybersecurity company on July 13, 2022. jsonwebtoken, which is  developed and maintained  by Okta's Auth0, is a JavaScript module that allows users to decode, verify, and generate JSON web tokens as a means of securely transmitting information between two parties for authorization and authentication. It has over  10 million weekl

The Hacker News

January 10, 2023 – Malware

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL Full Text

Abstract Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments. Researchers at Microsoft Defender for Cloud observed threat actors behind the Kinsing cryptojacking operation...

Security Affairs

January 10, 2023 – Attack

San Francisco Bay Area Rapid Transit Investigating Vice Society Ransomware Attack Full Text

Abstract While the attack did not cause any damage and no riders were put at risk, city officials raised alarms in a report because the attackers could have reached critical systems and may have left backdoors inside.

Cyware

January 10, 2023 – Policy and Law

Facebook to pay $725 Million Settlement For Security Breach Full Text

Abstract Meta Platforms has agreed to pay $725 million to settle a long-running lawsuit that allowed third parties, including Cambridge Analytica, to access users’ personal information without their consent for political advertising.

Cyware

January 9, 2023 – Ransomware

Tactics of Four Ransomware Targeting macOS Full Text

Abstract Microsoft has laid bare four ransomware families, namely KeRanger, FileCoder, MacRansom, and EvilQuest, that are targeting macOS systems worldwide. The initial vector for all these malware is a user-assisted method, where the victim downloads and installs trojanized apps. The attackers rely on ... Read More

Cyware

January 09,2023 – Attack

Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL Full Text

Abstract The threat actors behind the  Kinsing  cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud,  said  in a report last week. Kinsing has a  storied history  of targeting  containerized environments , often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software. The threat actor, in the past, has also been discovered  employing a rootkit  to hide its presence, in addition to terminating and uninstalling competing resource-intensive services and processes. Now according to Microsoft, misconfigurations in  PostgreSQL servers  have been co-opted by the Kinsing actor to gain an initial foothold, with the company observing a "large amount of clusters" infe

The Hacker News

January 9, 2023 – Policy and Law

One Small Legislative Step for Cybersecurity Full Text

Abstract Legislation granting the FDA express regulatory authority over the cybersecurity of medical devices points the way to incremental improvements in other sectors and products.

Lawfare

January 9, 2023 – Breach

Airline company Air France-KLM discloses security breach Full Text

Abstract Airline company Air France-KLM is notifying the customers of its loyalty program Flying Blue of a data breach. Airline company Air France-KLM announced it has suffered a data breach, data belonging to customers of its loyalty program Flying Blue were...

Security Affairs

January 9, 2023 – Hacker

Automated Libra Group Adopts New Tricks For Long Running Campaign Full Text

Abstract Automated Libra, a South African threat actor, has improved its technique that includes leveraging cloud platform resources for cryptocurrency mining. The group has been evolving its capabilities with CAPTCHA bypass and Play and Run techniques to abuse free cloud resources. Users are suggested to a ... Read More

Cyware

January 09,2023 – Vulnerabilities

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks Full Text

Abstract A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks. "To better interact with users, a wide range of database applications employ AI techniques that can translate human questions into SQL queries (namely  Text-to-SQL ),"  Xutan Peng , a researcher at the University of Sheffield, told The Hacker News. "We found that by asking some specially designed questions, crackers can fool Text-to-SQL models to produce malicious code. As such code is automatically executed on the database, the consequence can be pretty severe (e.g., data breaches and DoS attacks)." The  findings , which were validated against two commercial solutions  BAIDU-UNIT  and  AI2sql , mark the first empirical instance where natural language processing (NLP) models have been exploited as an attack vector in the wild. The black box attacks a

The Hacker News

January 9, 2023 – Phishing

Phishing campaign targets government institution in Moldova Full Text

Abstract The government institutions of Moldova have been hit by a wave of phishing attacks since the country offered support to Ukraine. The government institutions of Moldova have been hit by a wave of phishing attacks, threat actors sent more than 1,330...

Security Affairs

January 9, 2023 – Phishing

Facebook Termination Notices Leads to Phishing Full Text

Abstract In this phishing attack campaign, hackers purporting to be from Facebook are sending fake copyright infringement notices in the hopes of luring users to give their credentials.

Cyware

January 09,2023 – Education

Why Do User Permissions Matter for SaaS Security? Full Text

Abstract Earlier this year, threat actors infiltrated  Mailchimp , the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp's customers' end users. Three months later, Mailchimp was hit with  another attack . Once again, an employee's account was breached following a successful phishing attempt. While the identity of the Mailchimp accounts that had been compromised wasn't released, it's easy to see how user permission settings could have played a role in the attack. Once threat detectors breached the system, they had the access needed to utilize an internal tool that enabled them to find the data they were looking for. The attack ended when security teams were able to terminate user access, although data which had already been downloaded remained in the threat actor's hands. Introducing user permissions, throu

The Hacker News

January 9, 2023 – APT

Russia-linked Cold River APT targeted US nuclear research laboratories Full Text

Abstract Russia-linked Cold River APT targeted three nuclear research laboratories in the United States in 2022 summer, Reuters reported. Reuters reported that the Russia-linked APT group Cold River (aka Calisto) targeted three nuclear research laboratories...

Security Affairs

January 9, 2023 – Denial Of Service

Serbian Government Reports ‘Massive DDoS Attack’ Amid Heightened Tensions in Balkans Full Text

Abstract The Serbian government announced on Saturday that the website and IT infrastructure of its Ministry of Internal Affairs had been hit by several “massive” distributed denial-of-service (DDoS) attacks.

Cyware

January 09,2023 – Vulnerabilities

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands Full Text

Abstract Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The  security vulnerabilities  were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in software from Reviver, SiriusXM, and Spireon. The flaws run a wide gamut, ranging from those that give access to internal company systems and user information to weaknesses that would allow an attacker to remotely send commands to achieve code execution. The research builds on earlier findings from late last year, when Yuga Labs researcher Sam Curry et al  detailed  security flaws in a connected vehicle service provided by SiriusXM that could potentially put cars at risk of remote attacks. The most serious of the issues, which concern Spireon's telematics solution, could have been exploited

The Hacker News

January 9, 2023 – General

Resecurity Released a Status Report on Drug Trafficking in the Dark Web (2022-2023) Full Text

Abstract Cybersecurity firm Resecurity published report on drug trafficking marketplaces currently operating in the Dark Web Resecurity, a Los Angeles-based cybersecurity and risk management provider has released an eye-opening report on drug trafficking marketplaces...

Security Affairs

January 9, 2023 – Encryption

Chinese researchers’ claimed quantum encryption crack looks unlikely Full Text

Abstract Briefly this week, it appeared that quantum computers might finally be ready to break 2048-bit RSA encryption, but that moment has passed. An academic paper was released by two dozen authors affiliated with seven research institutions in China.

Cyware

January 09,2023 – Malware

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls Full Text

Abstract In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were  discovered  by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles. The malicious code, as is  increasingly the case , is concealed in the setup script (setup.py) of these libraries, meaning running a "pip install" command is enough to activate the malware deployment process. The malware is designed to launch a PowerShell script that retrieves a ZIP archive file, install invasive dependencies such as pynput, pydirectinput, and pyscreenshot, and run a Visual Basic Script extracted from the archive to execute more PowerShell code. "These libraries allow one to control and monitor mouse and keyboard input and capture screen contents," Phylum said in a technical report published

The Hacker News

January 9, 2023 – Vulnerabilities

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices Full Text

Abstract Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. Some of the flaws were reported...

Security Affairs

January 9, 2023 – Vulnerabilities

CISA Notifies Hitachi Energy Customers of High-Severity Vulnerabilities Full Text

Abstract The US Cybersecurity and Infrastructure Security Agency (CISA) published advisories last week to inform organizations using Hitachi Energy products about several recently addressed critical and high-severity vulnerabilities.

Cyware

January 09,2023 – General

Top SaaS Cybersecurity Threats in 2023: Are You Ready? Full Text

Abstract Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be.  1 — Web application weaknesses Web applications are at the core of what SaaS companies do and how they operate, and they can store some of your most sensitive information such as valuable customer data.  SaaS applications are often multi-tenanted, so your applications need to be secure against attacks where one customer could access the data of another customer, such as logic flaws, injection flaws, or access control weaknesses. These are easy to exploit by hackers, and easy mistakes to make when writing code.  Security testing with an automated vulnerability scanner in combination with regular pentesting can help you design and build secure web applications by integrating with your existing environment, catching vulnerabilit

The Hacker News

January 9, 2023 – Solution

inSicurezzaDigitale launches the Dashboard Ransomware Monitor Full Text

Abstract The cybersecurity blog inSicurezzaDigitale has launched the Italian Dashboard Ransomware Monitor to analyze the principal RaaSs' activities. Here it comes, inSicurezzaDigitale announced the Dashboard Ransomware Monitor, it is the second project after...

Security Affairs

January 9, 2023 – Criminals

Hive Ransomware Gang Leaked 550 GB Stolen From Consulate Health Care Full Text

Abstract The Hive ransomware gang this week added the company to its Tor leak site, threatening to publish the stolen data. The gang states that the attack took place on December 3rd, 2022 and the attack was disclosed on January 6, 2023.

Cyware

January 09,2023 – Hacker

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions Full Text

Abstract A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique "could act as an entry point for an attack on many organizations," Aqua security researcher Ilay Goldman  said  in a report published last week. VS Code extensions, curated via a  marketplace  made available by Microsoft, allow developers to add programming languages, debuggers, and tools to the VS Code source-code editor to augment their workflows.  "All extensions run with the privileges of the user that has opened the VS Code without any sandbox," Goldman said, explaining the potential risks of using VS Code extensions. "This means that the extension can install any program on your computer including ransomwares, wipers, and more." To that end, Aqua found that not only is it possible for a threat actor to impersonate a po

The Hacker News

January 08,2023 – Hacker

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors Full Text

Abstract The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker  UNC4210 , said the hijacked servers correspond to a variant of a commodity malware called  ANDROMEDA  (aka Gamarue) that was uploaded to VirusTotal in 2013. "UNC4210 re-registered at least three expired ANDROMEDA command-and-control (C2) domains and began profiling victims to selectively deploy KOPILUWAK and QUIETCANARY in September 2022," Mandiant researchers  said  in an analysis published last week. Turla, also known by the names Iron Hunter, Krypton, Uroburos, Venomous Bear, and Waterbug, is an elite nation-state outfit that primarily targets government, diplomatic, and military organizations using a large set of custom malware. Since the onset of Russia's  milit

The Hacker News

January 8, 2023 – Policy and Law

Russian and Belarusian men charged with spying for Russian GRU Full Text

Abstract Polish authorities charged Russian and Belarusian individuals with spying for the Russian military intelligence service (GRU). Polish authorities charged Russian and Belarusian individuals, who were arrested in April, with spying for the Russian military...

Security Affairs

January 8, 2023 – Malware

Dridex targets MacOS users with a new delivery technique Full Text

Abstract Experts warn of a new variant of the Dridex banking malware that is targeting systems using the macOS operating system. Trend Micro experts discovered a new variant of the Dridex banking malware that targets the MacOS platform and that used a new technique...

Security Affairs

January 8, 2023 – General

Security Affairs newsletter Round 401 by Pierluigi Paganini Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Chick-fil-A...

Security Affairs

January 7, 2023 – Hacker

Reuters: Russian hackers targeted U.S. nuclear scientists Full Text

Abstract A Russian hacking team known as Cold River targeted three nuclear research laboratories in the United States this past summer, according to internet records reviewed by Reuters and five cyber security experts.

Cyware

January 7, 2023 – Malware

Vidar Stealer Operators Exploit SM Platforms to Evade Detection Full Text

Abstract Information-stealer Vidar is once again found exploiting social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. One advantage of this tactic is that such traffic is really difficult to identify and block using trivial security solutio ... Read More

Cyware

January 7, 2023 – General

Texas County EMS Agency Says Ransomware Breach Hit 612,000 Full Text

Abstract A municipal ambulance services provider that serves 15 cities in a Texas county has reported to federal regulators a ransomware attack potentially affecting 612,000 individuals, equivalent to nearly 30% of the county's 2.1 million population.

Cyware

January 7, 2023 – Attack

Attackers Abuse Genuine Windows Tool to Deliver Pupy RAT Full Text

Abstract Researchers unearthed an interesting technique used by threat actors wherein they use WerFault.exe, the Windows Error Reporting tool, to execute Pupy RAT on the victims’ machine. The use of ISO files and abuse of genuine Windows tools to deliver Pupy RAT indicates that the operators of this ca ... Read More

Cyware

January 7, 2023 – Attack

Chick-fil-A launched an investigation into “suspicious activity” Full Text

Abstract American fast food restaurant chain Chick-fil-A informed its customers of having launched an investigation into "suspicious activity." Chick-fil-A is an American fast food restaurant chain, it is the country's largest which specializes in chicken...

Security Affairs

January 7, 2023 – Policy and Law

Software Engineer Charged With ‘Office Space-Inspired’ Fraud Full Text

Abstract More signs truth may be stranger than fiction: Seattle police have charged a software programmer with engineering a fraud scheme inspired by the online heist in the 1999 black comedy film "Office Space."

Cyware

January 7, 2023 – Malware

IcedID malware campaign targets Zoom users Full Text

Abstract Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online...

Security Affairs

January 7, 2023 – Malware

Can You Trust Your VSCode Extensions? Full Text

Abstract Aqua Nautilus researchers have recently discovered that attackers can easily impersonate popular Visual Studio Code extensions and trick unknowing developers into downloading them.

Cyware

January 7, 2023 – Breach

Hive Ransomware gang leaked 550 GB stolen from Consulate Health Care Full Text

Abstract The Hive ransomware gang just leaked 550 GB of data stolen from the Consulate Health Care, including customer and employee PII data. Consulate Health Care is a leading provider of senior healthcare services, specializing in post-acute care. The Hive...

Security Affairs

January 7, 2023 – Vulnerabilities

Exploit drops for remote code execution bug in Control Web Panel Full Text

Abstract The Proof of Concept (PoC) was posted to GitHub and YouTube yesterday (January 5) by Numan Türle, security engineer at Turkish infosec outfit Gais Security. The flaw has now been designated as CVE-2022-44877 with a CVSS severity rating still pending.

Cyware

January 7, 2023 – General

Poland Warns About the Rise in Russian Cyberattacks Full Text

Abstract The Polish government warned against a rise in cyberattacks linked to Russian threat groups. According to the government, the state-sponsored hacking group GhostWriter, active since at least 2017, is among the top attacker groups targeting the country. The threat group targets official email accoun ... Read More

Cyware

January 6, 2023 – Vulnerabilities

Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Devices to Attacks Full Text

Abstract According to Binarly, the Qualcomm vulnerabilities have been confirmed to impact — in addition to Lenovo devices — Arm-based Microsoft Surface and the Windows Dev Kit 2023 (Project Volterra) computers, as well as Samsung products.

Cyware

January 06,2023 – Attack

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub Full Text

Abstract A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist  said . PURPLEURCHIN first came to light in October 2022 when Sysdig  disclosed  that the adversary created as many as 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts to scale its operation. Now according to Unit 42, the cloud threat actor group created three to five GitHub accounts every minute at the height of its activity in November 2022, totally setting up over 130,000 bogus accounts across Heroku, Togglebox, and GitHub. More than 22,000 GitHub accounts are estimated to have been created between September and Novemb

The Hacker News

January 6, 2023 – General

The Cyber Liability Fight Begins Full Text

Abstract Third-party liability for cybersecurity failures just got a lot more real.

Lawfare

January 6, 2023 – Attack

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack Full Text

Abstract The Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack in December that is still impacting medical activity. The Saint Gheorghe Recovery Hospital in Botoşani, in northeastern Romania, was hit by a ransomware attack in December...

Security Affairs

January 6, 2023 – Hacker

Russian Turla Cyberspies Leveraged Other Hackers’ USB-Delivered Malware Full Text

Abstract Active since at least 2006 and linked to the Russian government, the cyberespionage group is also tracked as Snake, Venomous Bear, Krypton, and Waterbug, and has been historically associated with the use of the ComRAT malware.

Cyware

January 06,2023 – Ransomware

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS Full Text

Abstract Microsoft has shed light on four different ransomware families –  KeRanger , FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team  said  in a Thursday report. The initial vector for these ransomware families involves what the Windows maker calls "user-assisted methods," wherein the victim downloads and installs trojanized applications. Alternatively, it can also arrive as a second-stage payload that's dropped by an already existing malware on the infected host or as part of a supply chain attack. Irrespective of the modus operandi employed, the attacks proceed along similar lines, with the threat actors relying on legitimate operating system features and exploiting vulnerabilities to break into the systems and encrypt files of interest. This i

The Hacker News

January 6, 2023 – Ransomware

Microsoft details techniques of Mac ransomware Full Text

Abstract Microsoft warns of different ransomware families (KeRanger, FileCoder, MacRansom, and EvilQuest) targeting Apple macOS systems. Microsoft Security Threat Intelligence team warns of four different ransomware families (KeRanger, FileCoder, MacRansom,...

Security Affairs

January 6, 2023 – Government

FBI warns of imposter ads in search results Full Text

Abstract It’s no secret that rogue ads have been a particular plague on the Internet for as far back as we can remember. The FBI warning concerns fake ads impersonating the real thing and diverting potential victims off to parts unknown.

Cyware

January 06,2023 – Malware

Dridex Malware Now Attacking macOS Systems with Novel Infection Method Full Text

Abstract A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel Pedragoza  said  in a technical report. Dridex , also called Bugat and Cridex, is an information stealer that's known to harvest sensitive data from infected machines and deliver and execute malicious modules. It's attributed to an e-crime group known as Evil Corp (aka Indrik Spider). The malware is also considered to be a successor of  Gameover Zeus , itself a follow-up to another banking trojan called Zeus. Previous Dridex campaigns targeting Windows have  leveraged  macro-enabled Microsoft Excel documents sent via phishing emails to deploy the payload. Trend Micro's a

The Hacker News

January 6, 2023 – Attack

Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment Full Text

Abstract Cloud services provider Rackspace confirmed that the recent data breach was the result of the Play Ransomware gang's attack. Cloud services provider Rackspace announced this week that the recent data breach was the result of an attack conducted by the Play ransomware...

Security Affairs

January 6, 2023 – Attack

Software provider denied insurance payout after ransomware attack Full Text

Abstract The Supreme Court of Ohio issued a ruling that EMOI Services shouldn't be covered by insurance against a ransomware attack as it didn't cause direct or physical harm to tangible components of software, as it doesn’t have any.

Cyware

January 06,2023 – Breach

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach Full Text

Abstract Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. "This zero-day exploit is associated with  CVE-2022-41080 ," the Texas-based company  said . "Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a remote code execution chain that was exploitable." Rackspace's forensic investigation found that the threat actor accessed the Personal Storage Table ( .PST ) of 27 customers out of a total of nearly 30,000 customers on the Hosted Exchange email environment. However, the company said there is no evidence the adversary viewed, misused, or distributed the customer's emails or data from those personal storage folders. It furt

The Hacker News

January 6, 2023 – Ransomware

Bitdefender released a free decryptor for the MegaCortex ransomware Full Text

Abstract Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware, which can allow victims of the group...

Security Affairs

January 6, 2023 – Attack

PurpleUrchin Campaign Bypasses CAPTCHA and Steals Cloud Platform Resources for Cryptomining Full Text

Abstract Automated Libra is a South African-based freejacking group that primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their cryptomining operations.

Cyware

January 06,2023 – Solution

WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship Full Text

Abstract Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. "Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely," the Meta-owned company  said . Proxies act as an intermediary between end users and the service provider by routing requests originating from a client to the server and forwarding the response back to the device. Users can  access the option  by navigating to Settings > Storage and Data > Proxy > Use Proxy and entering a trusted proxy server address. WhatsApp, which is used by more than two billion users across the world, has also made available a  reference implementation  that can be used to set up a proxy server to help others connect to the service. The company emphasized that

The Hacker News

January 6, 2023 – Malware

Dridex Returns With New Variant, Targets MacOS Using New Entry Method Full Text

Abstract The variant analyzed by Trend Micro has made its way into the MacOS platform and has adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files.

Cyware

January 5, 2023 – Malware

Shc-based Linux Malware Used to Install XMRig Miner Full Text

Abstract The ASEC analysis team uncovered a new shell script compiler (shc)-based Linux malware dropping XMRig miner on compromised systems. The hackers pulled off the attack through a dictionary attack on mismanaged Linux SSH servers. An attack chain spotted in the campaign included both the shc downloader ... Read More

Cyware

January 05,2023 – Hacker

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain Full Text

Abstract A financially motivated threat actor tracked as  Blind Eagle  has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's  latest research  offers new insights into the Spanish-speaking group's tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the killchain. Also tracked under the name APT-C-36, Blind Eagle is notable for its narrow geographical focus and launching indiscriminate attacks against South American nations since at least 2018. Blind Eagle's operations have been  documented  by Trend Micro in September 2021, uncovering a spear-phishing campaign primarily aimed at Colombian entities designed to deliver a commodity malware known as  BitRAT , with a lesser focus towards targets in Ecuador, Spain, and Panama. Attacks chains commence with phishing emails containing a booby-trapped link that, when clicked, leads t

The Hacker News

January 5, 2023 – Criminals

Threat actors stole Slack private source code repositories Full Text

Abstract Enterprise collaboration platform Slack disclosed a data breach, hackers stole some of its private source code repositories. The enterprise collaboration platform Slack has announced to have suffered a security breach, threat actors have stolen some...

Security Affairs

January 5, 2023 – Phishing

Flipper Zero Phishing Attacks Eye Infosec Community Full Text

Abstract A phishing campaign by an actor group has been spotted taking advantage of the increasing interest of the security community in the Flipper Zero tool, a multi-functional portable cybersecurity tool. They are creating fake shops to fool security experts into giving up their personal details and cryp ... Read More

Cyware

January 05,2023 – Criminals

Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations Full Text

Abstract A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. "The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom malware deployed in this campaign," Symantec, a division of Broadcom Software,  said  in a report shared with The Hacker News. The cybersecurity firm said the activity shares overlaps with a threat cluster tracked by Group-IB under the name  OPERA1ER , which has carried out dozens of attacks aimed at banks, financial services, and telecom companies in Africa, Asia, and Latin America between 2018 and 2022. The attribution stems from similarities in the toolset used, the attack infrastructure, the absence of bespoke malware, and the targeting of French-speaking nations in Africa. Three different unnamed financial institutions in three African nations were breached, although

The Hacker News

January 5, 2023 – Hacker

How hackers might be exploiting ChatGPT Full Text

Abstract The popular AI chatbot ChatGPT might be used by threat actors to hack easily hack into target networks. Original post at https://cybernews.com/security/hackers-exploit-chatgpt/ Cybernews research team discovered that the AI-based chatbot ChatGPT...

Security Affairs

January 5, 2023 – Hacker

Hackers Using a New Undetectable SaaS-to-SaaS Phishing Technique Full Text

Abstract Besides email, hackers are now shifting toward other delivery methods such as video conferencing platforms, workforce messaging apps, cloud-based file-sharing platforms, and SMSs. Hackers are actively using multi-stage cloud phishing techniques that combine traditional phishing with second-phase or ... Read More

Cyware

January 05,2023 – Malware

SpyNote Strikes Again: Android Spyware Targeting Financial Institutions Full Text

Abstract Financial institutions are being targeted by a new version of Android malware called  SpyNote  at least since October 2022. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public," ThreatFabric  said  in a report shared with The Hacker News. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions." Some of the notable institutions that are impersonated by the malware include Deutsche Bank, HSBC U.K., Kotak Mahindra Bank, and Nubank. SpyNote (aka SpyMax) is feature-rich and comes with a plethora of capabilities that allow it to install arbitrary apps; gather SMS messages, calls, videos, and audio recordings; track GPS locations; and even hinder efforts to uninstall the app. It also follows the modus operandi of other  banking   malware  by requesting for permissions to accessibility services to extract two-facto

The Hacker News

January 5, 2023 – Vulnerabilities

Zoho urges fixing a critical SQL Injection flaw in ManageEngine Full Text

Abstract Zoho is warning its customers of a critical vulnerability, tracked as CVE-2022-47523, affecting multiple ManageEngine products. Zoho is urging its customers to address a critical SQL Injection vulnerability, tracked as CVE-2022-47523, that affects...

Security Affairs

January 5, 2023 – General

Ransomware Attack Against U.S. Organizations Rises: Emsisoft Reports Full Text

Abstract Research by Emsisoft revealed that ransomware attacks in 2022 affected 105 counties, 45 school districts, 44 universities, and 24 healthcare providers in the U.S. Overall, the number of incidents and the overall impact was more than that observed in 2021. Organizations are encouraged to implement t ... Read More

Cyware

January 05,2023 – Solution

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool Full Text

Abstract The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there are very few organizations in which these practices are truly enforced. This puts security teams in the worst position, where exposure to compromise is almost certain, but pinpointing the users who created this exposure is almost impossible.  To assist them throughout this challenging time, Browser Security solution LayerX has launched a free offering of its platform, enabling security teams to gain visibility into all browsers on which the LastPass extension is installed and mitigate the potential impacts of the LastPass breach on their environments by informing vulnerable users and require t

The Hacker News

January 5, 2023 – Policy and Law

Irish Data Protection Commission fined Meta $414 Million Full Text

Abstract The Irish Data Protection Commission (DPC) fined Meta Platforms €390 million over data processing operations for the delivery of its services The Data Protection Commission (DPC) concluded two inquiries into the data processing operations of Meta...

Security Affairs

January 5, 2023 – Breach

Burger Chain Five Guys Discloses Data Breach Impacting Job Applicants Full Text

Abstract Five Guys appears to have started informing customers on December 29, when it also notified state authorities about the incident. The exposed information includes names, Social Security numbers, and driver’s license numbers.

Cyware

January 05,2023 – Attack

CircleCI Urges Customers to Rotate Secrets Following Security Incident Full Text

Abstract DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected to be shared in the coming days. "Immediately rotate any and all secrets stored in CircleCI," CircleCI's chief technology officer, Rob Zuber,  said  in a terse advisory. "These may be stored in project environment variables or in contexts." CircleCI is also recommending users to review internal logs for signs of any unauthorized access starting from December 21, 2022, to January 4, 2023, or until when the secrets are rotated. The software development service did not disclose any further specifics about the breach, but said it has also invalidated all  Project API tokens  and that they need to be replaced. The disclosure comes weeks after the company anno

The Hacker News

January 5, 2023 – Breach

Slack Says Hackers Stole Private Source Code Repositories Full Text

Abstract Slack suffered a security incident over the holidays affecting some of its private GitHub repositories. The incident involves threat actors gaining access to its externally hosted GitHub repositories via a "limited" number of stolen employee tokens.

Cyware

January 05,2023 – Malware

The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media Full Text

Abstract The notorious information-stealer known as  Vidar  is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. "When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated," AhnLab Security Emergency Response Center (ASEC) disclosed in a technical analysis  published  late last month. "Threat actors write identifying characters and the C2 address in parts of this page." In other words, the technique relies on actor-controlled throwaway accounts created on social media to retrieve the C2 address. An advantage to this approach is that should the C2 server be taken down or blocked, the adversary can trivially get around the restrictions by setting up a new server and editing the account pages to allow the previously distributed malware to communicate with the server. Vidar, first identified in 2018, is a  commer

The Hacker News

January 5, 2023 – Government

NIST Finalizes Cybersecurity Guidance for Ground Segment of Space Operations Full Text

Abstract The NIST has published the final version of its guidance on applying the Cybersecurity Framework to the ground segment of space operations, specifically satellite command and control.

Cyware

January 05,2023 – Vulnerabilities

Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities Full Text

Abstract Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests," the company  said  in an advisory. The vulnerability, tracked as CVE-2022-39947 (CVSS score: 8.6) and internally discovered by its product security team, impacts the following versions - FortiADC version 7.0.0 through 7.0.2 FortiADC version 6.2.0 through 6.2.3 FortiADC version 6.1.0 through 6.1.6 FortiADC version 6.0.0 through 6.0.4 FortiADC version 5.4.0 through 5.4.5 Users are recommended to upgrade to FortiADC versions 6.2.4 and 7.0.2 as and when they become available. The  January 2023 patches  also address a number of command injection vulnerabilities in Fo

The Hacker News

January 05,2023 – Policy and Law

Irish Regulators Fine Facebook $414 Million for Forcing Users to Accept Targeted Ads Full Text

Abstract The Irish Data Protection Commission (DPC) has  fined  Meta Platforms €390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines – a €210 million ($222.5 million) fine over violations of the E.U. General Data Protection Regulation ( GDPR ) related to Facebook, and a €180 million ($191 million) for similar violations in Instagram. The latest enforcement comes in the wake of concerns that the social media company used its Terms of Service to gain users' forced consent to allow targeted advertising based on their online activity. The complaints were filed on May 25, 2018, the date when GDPR came into effect in the region. It also arrives a month after the European Data Protection Board (EDPB), an independent body that oversees the consistent application of GDPR in the E.U.,  announced  that it had reached

The Hacker News

January 5, 2023 – Breach

Data of 235 million Twitter users leaked online Full Text

Abstract A database containing email addresses of 235,000,000 Twitter users has been offered on a popular hacker forum. A data leak containing email addresses for 235 million Twitter users has been published on a popular hacker forum. Many experts have immediately...

Security Affairs

January 4, 2023 – Vulnerabilities

High-Severity Command Injection Flaws Found in Fortinet’s FortiTester, FortiADC Full Text

Abstract Cybersecurity solutions provider Fortinet this week announced patches for several vulnerabilities across its product portfolio and informed customers about a high-severity command injection bug in FortiADC.

Cyware

January 04,2023 – Vulnerabilities

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws Full Text

Abstract Qualcomm on Tuesday  released patches  to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of flaws is as follows - CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520  (CVSS scores: 8.4) - Memory corruption in Core due to  stack-based buffer overflow CVE-2022-40518 & CVE-2022-40519  (CVSS scores: 6.8) - Information disclosure due to  buffer over-read  in Core Stack-based buffer overflow vulnerabilities can result in severe impacts, such as data corruption, system crashes, and arbitrary code execution. Buffer over-reads, on the other hand, can be weaponized to read out-of-bounds memory, leading to the exposure of secret data. Successful exploitation of the aforementioned flaw

The Hacker News

January 4, 2023 – Vulnerabilities

Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakers Full Text

Abstract BMW, Mercedes, Toyota, and other popular carmakers use vulnerable APIs that could have allowed attackers to perform malicious activities. Cybersecurity researcher Sam Curry and his colleagues discovered many vulnerabilities in the vehicles manufactured...

Security Affairs

January 4, 2023 – Vulnerabilities

Android’s First Security Updates for 2023 Patch 60 Vulnerabilities Full Text

Abstract The first part of the security update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components.

Cyware

January 04,2023 – Government

The FBI’s Perspective on Ransomware Full Text

Abstract Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the internet's most severe security crisis. The Ransomware Landscape Ransomware has existed for more than 30 years, but it became a lucrative source of income for cyber actors and gangs in the past decade. Since 2015, ransomware gangs have been targeting organizations instead of individuals. Consequently, ransom sums have increased significantly, reaching millions of dollars. Ransomware is effective because it pressures victims in two, complementary ways. First, by threatening victims to destroy their data. Second, by threatening to publicize the attack. The s

The Hacker News

January 4, 2023 – Breach

Database of the Cricketsocial.com platform left open online Full Text

Abstract CyberNews reported that Cricketsocial.com, a social platform for the cricket community, exposed private customer data and admin credentials. Cricketsocial.com, is a social platform developed for the cricket community online. CyberNews discovered that...

Security Affairs

January 4, 2023 – General

Attackers evolve strategies to outmaneuver security teams Full Text

Abstract Large corporations (41%) will be the top targeted sector for cyberattacks in 2023, favored over financial institutions (36%), government (14%), healthcare (9%), and education (8%), according to Titaniam.

Cyware

January 04,2023 – Malware

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner Full Text

Abstract A new Linux malware developed using the shell script compiler ( shc ) has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center (ASEC)  said  in a report published today. shc allows shell scripts to be converted directly into binaries, offering protections against unauthorized source code modifications. It's analogous to the  BAT2EXE utility  in Windows that's used to convert any batch file to an executable. In an attack chain detailed by the South Korean cybersecurity firm, a successful compromise of the SSH server leads to the deployment of an shc downloader malware along with a Perl-based DDoS IRC Bot. The shc downloader subsequently proceeds to fetch the XMRig miner software to mine cryptocurrency, with the IRC bot capable o

The Hacker News

January 4, 2023 – Vulnerabilities

Fortinet fixed multiple command injection bugs in FortiADC and FortiTester Full Text

Abstract Fortinet addressed multiple vulnerabilities impacting its products and warned of a high-severity command injection flaw in FortiADC. Cybersecurity vendor Fortinet addressed several vulnerabilities impacting its products. The compaby also warned customers...

Security Affairs

January 4, 2023 – Breach

Deezer Admits Third-Party Data Breach That Potentially Exposed Over 220 Million Users’ Information Full Text

Abstract The compromised information included Deezer users’ dates of birth, email addresses, genders, geographic locations, IP addresses, names, spoken languages, and/or usernames.

Cyware

January 04,2023 – Vulnerabilities

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers Full Text

Abstract Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as  CVE-2022-43931 , the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the issue "allows remote attackers to execute arbitrary commands via unspecified vectors," the Taiwanese company  said , adding it was internally discovered by its Product Security Incident Response Team (PSIRT). Users of VPN Plus Server for Synology Router Manager (SRM) 1.2 and VPN Plus Server for SRM 1.3 are advised to update to versions 1.4.3-0534 and 1.4.4-0635, respectively. The network-attached storage appliance maker, in a second advisory, also  warned  of several flaws in SRM that could permit remote attackers to execute arbitrary commands, conduct denial-of-service attack

The Hacker News

January 4, 2023 – Malware

New shc Linux Malware used to deploy CoinMiner Full Text

Abstract Researchers discovered a new Linux malware developed with the shell script compiler (shc) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler (shc) that...

Security Affairs

January 4, 2023 – General

Can these researchers help defend satellite systems targeted by hackers? Full Text

Abstract A new effort is attempting to improve cybersecurity awareness — and preparedness — in a sector that is only beginning to understand the threat it faces from malicious hackers.

Cyware

January 4, 2023 – Attack

US. rail and locomotive company Wabtec hit with Lockbit ransomware Full Text

Abstract US. rail and locomotive company Wabtec Corporation disclosed a data breach after it was hit with Lockbit ransomware attack. Wabtec Corporation is an American company formed by the merger of the Westinghouse Air Brake Company (WABCO)...

Security Affairs

January 4, 2023 – Policy and Law

Senior Healthcare Firm Pays Breach Settlement to States Full Text

Abstract A nursing and assisted living care firm that delayed reporting a data breach to authorities paid a $200,000 fine to two state attorneys general and pledged to implement a security incident response plan.

Cyware

January 4, 2023 – Cryptocurrency

New shc Linux Malware Used to Deploy Cryptominer Payload Full Text

Abstract The experts believe attackers initially compromised targeted devices through a dictionary attack on poorly protected Linux SSH servers, then they installed multiple malware on the target system.

Cyware

January 4, 2023 – Breach

Singapore-Based Cryptocurrency Firm BitKeep Lost Funds in Recent Hacking Incident Full Text

Abstract The company, which has not been named in reports, was targeted by skilled cybercriminals who were able to breach the firm’s security systems and gain access to its digital wallets.

Cyware

January 4, 2023 – Government

How Can the White House’s New IoT Labels Improve Security? Full Text

Abstract The White House’s National Security Council (NSC) is working on an ambitious project to improve consumer Internet of Things (IoT) security through industry-standard labeling.

Cyware

January 3, 2023 – Breach

Data of 42 Million Americans on the Dark Web - Revealed Research Full Text

Abstract A report by Jama Network stumbled across the medical information of approximately 42 million Americans being offered on underground marketplaces, since 2016. The study analyzed trends in ransomware attacks on U.S. healthcare institutions between 2016 and 2021. The number of attacks in that period h ... Read More

Cyware

January 03,2023 – Education

Enforcement vs. Enrollment-based Security: How to Balance Security and Employee Trust Full Text

Abstract Challenges with an enforcement-based approach An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an organization.  Most organizations exclusively use enforcement-based security controls, usually carried out at the network level with a Cloud Access Security Broker (CASB) or a Security Services Edge (SSE). CASBs secure data between on-premises and cloud architectures, validate authorization rules, and access controls against the company's security policy. Some organizations also use CASBs to block SaaS applications, but like SSEs, CASBs only support  some  applications. The applications these tools  don't  support are often the riskiest because they don't meet common industry and security standards, including SAML for authentication and SCIM for user management. At Cerby, these are called "unm

The Hacker News

January 3, 2023 – General

New Data Quantifies Ransomware Attacks on Healthcare Providers Full Text

Abstract Three recommendations to policymakers interested in supporting a data-driven approach to enhancing cybersecurity in healthcare.

Lawfare

January 3, 2023 – Vulnerabilities

Synology fixes multiple critical vulnerabilities in its routers Full Text

Abstract Synology fixed several critical flaws in its routers, including flaws likely demonstrated at the Pwn2Own 2022 hacking contest. Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most...

Security Affairs

January 3, 2023 – Ransomware

Newly Found CatB Ransomware Uses DLL Hijacking to Evade Detection Full Text

Abstract A newly identified CatB ransomware group has been found implementing several anti-VM and DLL hijacking techniques to evade detection. Before activating anti-evasion techniques, the malware checks for a processor's core, hard drive size, and physical memory of targeted machines. The ransomware is be ... Read More

Cyware

January 03,2023 – Hacker

Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware Full Text

Abstract A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called  BitRAT . The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments. The discovery comes from cybersecurity firm Qualys, which  found  evidence of a database dump comprising 418,777 records that's said to have been obtained by exploiting SQL injection faults. The leaked details include Cédula numbers (a national identity document issued to Colombian citizens), email addresses, phone numbers, customer names, payment records, salary details, and addresses, among others. There are no signs that the information has been previously shared on any forums in the darknet or clear web, suggesting that the threat actors themselves got access to customer data to mount the phi

The Hacker News

January 3, 2023 – Outage

Canadian Copper Mountain Mining Corporation (CMMC) shut down the mill after a ransomware attack Full Text

Abstract The Canadian Copper Mountain Mining Corporation (CMMC) was hit with a ransomware attack that impacted its operations. The Canadian Copper Mountain Mining Corporation (CMMC) announced to have suffered a ransomware attack late on December 27, 2022,...

Security Affairs

January 3, 2023 – Outage

Los Angeles Housing Authority Says Cyberattack Disrupting Systems Full Text

Abstract The Housing Authority of the City of Los Angeles (HACLA) has confirmed that it is dealing with a cyberattack after the agency appeared on the leak site of the LockBit ransomware group.

Cyware

January 03,2023 – Malware

Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe Full Text

Abstract Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes  said  in a new report published Monday. The intrusions, observed against Spanish and Portuguese-speaking organizations, are notable for collecting more victim machine data than previously documented, with the malware now exhibiting sophisticated techniques to resist analysis. Raspberry Robin, also called QNAP worm, is  being used  by several threat actors as a means to gain a foothold into target networks. Spread via infected USB drives and other methods, the framework has been recently put to use in attacks aimed at telecom and government sectors. Microsoft is tracking the operators of Raspberry Robin under the moniker  DEV-0856 . Security Joes' f

The Hacker News

January 3, 2023 – Malware

BitRAT campaign relies on stolen sensitive bank data as a lure Full Text

Abstract Experts warn of a new malware campaign using sensitive information stolen from a bank as a lure to spread the remote access trojan BitRAT. Qualys experts spotted a new malware campaign spreading a remote access trojan called BitRAT using sensitive...

Security Affairs

January 3, 2023 – Vulnerabilities

Critical Vulnerabilities Patched in Synology Routers Full Text

Abstract Taiwan-based networking and storage solutions provider Synology has informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently at the Pwn2Own hacking contest.

Cyware

January 3, 2023 – General

Does Volvo Cars suffer a new data breach? Full Text

Abstract A post published on a popular hacking forum claims Volvo Cars has suffered a new data breach, alleging stolen data available for sale. French cybersecurity Anis Haboubi yesterday first noticed that a threat actor was attempting to sell data allegedly...

Security Affairs

January 3, 2023 – Vulnerabilities

Nearly 300 Vulnerabilities Patched in Huawei’s HarmonyOS in 2022 Full Text

Abstract An analysis conducted by SecurityWeek shows that more than 290 vulnerabilities were patched in HarmonyOS in 2022, including nearly 100 security flaws affecting third-party libraries.

Cyware

January 3, 2023 – General

Ransomware attacks hit 105 US local governments in 2022 Full Text

Abstract In 2022, ransomware attacks targeted 105 state or municipal governments or agencies in the US, reads a report published by Emsisoft. According to the "The State of Ransomware in the US: Report and Statistics 2022" report published by Emsisoft, the number...

Security Affairs

January 3, 2023 – General

Does Volvo Cars suffer a new data breach? Full Text

Abstract Researcher Anis Haboubi yesterday first noticed that a threat actor was attempting to sell data allegedly stolen from Volvo Cars on a popular hacking forum. A forum member claimed on December 31, 2022, that it fell victim to a ransomware attack.

Cyware

January 3, 2023 – Hacker

Hackers Celebrated Chrismas Week with Malicious PyTorch Dependency Full Text

Abstract PyTorch team has identified a malicious dependency within its framework library. The package was the homonym for the torchtriton dependency. Exploiting it, a hacker could successfully trigger dependency confusion attacks, compromising multiple systems. PyTorch admins advised users to uninstall the ... Read More

Cyware

January 3, 2023 – General

You Cannot Escape Cybersecurity Full Text

Abstract Many companies don't realize just how intertwined we are with our suppliers nowadays. Most of the software and data we rely upon today are no longer on our devices; they are in someone else's server, data center or cloud.

Cyware

January 2, 2023 – Attack

Barbados: QEH progress report on cyberattack Full Text

Abstract The out-patients clinic remains open to the public. However, there may be delays and changes to their visit given the current situation. The cybersecurity incident has prevented the department from issuing appointment dates at this time.

Cyware

January 2, 2023 – General

SecurityAffairs Top 10 cybersecurity posts of 2022 Full Text

Abstract These are the most-read cybersecurity articles that have been published by SecurtiyAffairs in 2022. 1 - Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas Russian threat actors may be behind the explosion...

Security Affairs

January 2, 2023 – Attack

Possible Cyberattack at CentraState Prompts Hospital to Divert Ambulances Full Text

Abstract Spokeswoman Lori Palmer said critical care at the hospital has not been affected and the hospital is still taking some walk-in patients. Additionally, outpatient services were to be suspended at 1 PM Friday and remain that way until further notice.

Cyware

January 2, 2023 – Breach

PyTorch compromised to demonstrate dependency confusion attack on Python environments Full Text

Abstract Threat actors compromised the PyTorch Machine Learning Framework by adding a malicious dependency. The maintainers of the PyTorch package warn of a supply chain attack. Users who have installed PyTorch-nightly on Linux via pip between December 25, 2022...

Security Affairs

January 2, 2023 – Attack

Bristol Community College’s Computer Systems Hacked in Ransomware Attack Full Text

Abstract The college, which has a campus in Attleboro, said in a statement posted Friday on its website its computer network was hacked by a “criminal cyberattack” and “this incident involved ransomware encryption.”

Cyware

January 2, 2023 – Attack

Pro-Russia cyberattacks aim at destabilizing Poland, security agency warns Full Text

Abstract Poland security agency warns pro-Russian hackers that are continuously targeting the state since the start of the invasion of Ukraine. Since the beginning of the invasion of Ukraine, Poland has been a constant target of cyber attacks conducted by pro-Russian...

Security Affairs

January 2, 2023 – Government

Poland warns of pro-Kremlin cyberattacks aimed at destabilization Full Text

Abstract The cyberattacks on Poland’s government services, private companies, media organizations, and ordinary citizens have intensified over the past year, Poland’s security agency said.

Cyware

January 2, 2023 – Policy and Law

Google will pay $29.5M to settle two lawsuits over its location tracking practices Full Text

Abstract Google will pay $29.5 million to settle two different lawsuits in the US over its deceptive location tracking practices. Google decided to pay $29.5 million to settle two different lawsuits brought by the states of Indiana and Washington, D.C., over...

Security Affairs

January 2, 2023 – General

Attackers never let a critical vulnerability go to waste Full Text

Abstract “When it comes to cybersecurity, not all vulnerabilities are created equal, and many of the ones that garner media attention actually turn out to be insignificant,” said Bob Rudis, VP Research & Data Science, GreyNoise Intelligence.

Cyware

January 2, 2023 – Breach

3Commas API Database Leaked by Anonymous Hacker Full Text

Abstract The hack occurred in early December 2022, during which the hacker gained access to the trading service’s system via the Application Programming Interface (API). How they compromised and accessed the platform’s systems is still a mystery.

Cyware

January 2, 2023 – Phishing

RedZei Chinese Scammers Targeting Chinese Students in the U.K. Full Text

Abstract Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed  RedZei  (aka RedThief). "The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation," cybersecurity researcher Will Thomas (@BushidoToken)  said  in a write-up published last week. The most notable aspect about the operation is the steps taken by the threat actors to bypass steps taken by users to prevent scam calls, using a new pay-as-you-go U.K. phone number for each wave so as to render phone number-based blocking ineffective. Thomas, pointing out the meticulous tradecraft employed by the scammers, said the threat actor alternates between SIMs from several mobile carriers such as Three, O2, EE, Tesco Mobile, and Telia. Indications are that the lucrative RedZei campaign may have started as far back as August 2019, with a report from The

The Hacker News

January 2, 2023 – Breach

PyTorch Machine Learning Framework Compromised with Malicious Dependency Full Text

Abstract The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a  dependency confusion attack . "PyTorch-nightly Linux packages installed via pip during that time installed a dependency,  torchtriton , which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary," the PyTorch team  said  in an alert over the weekend. PyTorch, analogous to Keras and TensorFlow, is an open source Python-based machine learning framework that was originally developed by Meta Platforms. The PyTorch team said that it became aware of the malicious dependency on December 30, 4:40 p.m. GMT. The supply chain attack entailed uploading the malware-laced copy of a legitimate dependency named torchtriton to the Python Package Index (PyPI) code repository. Since package managers like pip check public code registr

The Hacker News

January 2, 2023 – Malware

WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws Full Text

Abstract WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web  said  in a report published last week. "As a result, when users click on any area of an attacked page, they are redirected to other sites." The attacks involve weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on a WordPress site, using it to deploy an implant that can target a specific website to further expand the network. It's also capable of injecting JavaScript code retrieved from a remote server in order to redirect the site visitors to an arbitrary website of the attacker's choice. Doctor Web said it identified a second version of the backdoor

The Hacker News

January 2, 2023 – Privacy

Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking Full Text

Abstract Google has agreed to pay a total of $29.5 million to settle two different lawsuits brought by Indiana and Washington, D.C., over its "deceptive" location tracking practices. The search and advertising giant is required to pay  $9.5 million to D.C.  and  $20 million to Indiana  after the states sued the company for charges that the company tracked users' locations without their express consent. The settlement adds to the  $391.5 million  Google agreed to pay to 40 states over similar allegations last month. The company is still facing two more location-tracking lawsuits in  Texas  and  Washington . The lawsuits came in response to revelations in 2018 that the internet company continued to track users' whereabouts on Android and iOS through a setting called  Web & App Activity  despite turning  Location History  options off. Google was also accused of employing  dark patterns , which refer to design choices intended to deceive users into carrying out actions t

The Hacker News

January 1, 2023 – Criminals

Lockbit apologized for the attack on the SickKids pediatric hospital and releases a free decryptor Full Text

Abstract The LockBit ransomware group formally apologized for the attack on the Hospital for Sick Children (SickKids) and gave to the victim a decryptor for free. The LockBit ransomware gang formally apologized for the attack on the Hospital for Sick Children...

Security Affairs

January 1, 2023 – General

Security Affairs newsletter Round 400 by Pierluigi Paganini Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Personal...

Security Affairs

More

Table of contents