July, 2022
July 31, 2022 – Criminals
Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals Full Text
Abstract
A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, while also administering the tool from 2013 until its shutdown in 2019 as part of a coordinated Europol-led exercise. "The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor (IM), to more than 14,500 individuals across 128 countries," the Australian Federal Police (AFP) alleged in a press release over the weekend. The defendant has been slapped with six counts of committing a computer offense by developing and supplying the malware, in addition to profiting off its illegal sale. Another woman, aged 42, who lives in the same home as the accused and is identified as his mother by The Guardian , has also been cThe Hacker News
July 31, 2022 – Malware
Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers Full Text
Abstract
The operators of the Gootkit access-as-a-service ( AaaS ) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The findings build on a previous report from eSentire, which disclosed in January of widespread attacks aimed at employees of accounting and law firms to deploy malware on infected systems. Gootkit is part of the proliferating underground ecosystem of access brokers, who are known to provide other malicious actors a pathway into corporate networks for a price, paving the way for actual damaging attacks such as ransomware. The loader utilizes malicious search engine results, a technique called SEO poisoning , to lure unsuspecting users into visiting compromised websites hosting malware-laced ZIP pacThe Hacker News
July 31, 2022 – Policy and Law
Australia charges dev of Imminent Monitor RAT used by domestic abusers Full Text
Abstract
An Australian man was charged for developing and selling the Imminent Monitor remote access trojan, used to spy on victims' devices remotely.BleepingComputer
July 31, 2022 – Malware
IIS Extensions Used as Backdoors for Exchange Servers Full Text
Abstract
Microsoft warned against threat actors increasingly using malicious IIS web server extensions to backdoor unpatched Exchange servers. Between January and May, the attackers targeted several servers to access victims' email mailboxes, steal credentials and sensitive data, and run commands. IIS modul ... Read MoreCyware Alerts - Hacker News
July 31, 2022 – Breach
Threat actor claims to have hacked European manufacturer of missiles MBDA Full Text
Abstract
Threat actors that go online with the moniker Adrastea claim to have hacked the multinational manufacturer of missiles MBDA. MBDA is a European multinational developer and manufacturer of missiles that was the result of the merger of the main French, British and Italian missile...Security Affairs
July 31, 2022 – Phishing
Huge network of 11,000 fake investment sites targets Europe Full Text
Abstract
Researchers have uncovered a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe.BleepingComputer
July 31, 2022 – Malware
DSIRF, Knotweed Jointly Abused Zero-day to Deploy Subzero Malware Full Text
Abstract
Microsoft connected the Knotweed threat actor to the Austrian surveillance firm DSIRF that has been targeting entities in Central America and Europe with the Subzero surveillance malware. Microsoft recommends patching the exploited flaws and confirming that Microsoft Defender is updated to det ... Read MoreCyware Alerts - Hacker News
July 31, 2022 – Malware
17 Android Apps on Google Play Store, dubbed DawDropper, were serving banking malware Full Text
Abstract
The researchers discovered over a dozen Android Apps on Google Play Store, collectively dubbed DawDropper, that were dropping Banking malware. Trend Micro researchers uncovered a malicious campaign that leveraged 17 seemingly harmless Android dropper...Security Affairs
July 31, 2022 – General
Security Affairs newsletter Round 376 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Reading...Security Affairs
July 31, 2022 – Privacy
North Korea-linked SharpTongue spies on email accounts with a malicious browser extension Full Text
Abstract
North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims' email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims'...Security Affairs
July 30, 2022 – General
Stop Putting Your Accounts At Risk, and Start Using a Password Manager Full Text
Abstract
Image via Keeper Right Now, Get 50% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it's no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest exploits is cracking a weak password. That's why using a strong, unique password for each individual account is so important. But creating and remembering strong, unique passwords for dozens of accounts is nearly impossible – unless you're using a top-rated password manager like Keeper . The Problem With Weak Passwords Image via Keeper A strong password should be a minimum of 12 characters long, with uppercase and lowercase letters, numbers, and one or more special characters. More importantly, it shouldn't contain dictionary words or personal information like birthdays or names. But the average American has 100 passwords . Maybe that's why 66% of people inThe Hacker News
July 30, 2022 – Hacker
Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers Full Text
Abstract
Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via infected USB devices containing malicious a .LNK files to other devices in the target network. The campaign, which was first spotted by Red Canary in September 2021, has been elusive in that no later-stage activity has been documented nor has there any concrete link tying it to a known threat actor or group. The disclosure, therefore, marks the first evidence of post-exploitation actions carried out by the threat actor upon leveraging the malware to gain initial access to a Windows machine. "The DEV-0206-associated FakeUpdates activity on affected systems has since led to follow-oThe Hacker News
July 30, 2022 – General
Facebook ads push Android adware with 7 million installs on Google Play Full Text
Abstract
Several adware apps promoted aggressively on Facebook as system cleaners and optimizers for Android devices are counting millions of installations on Google Play store.BleepingComputer
July 30, 2022 – Policy and Law
Meta, US hospitals sued for using healthcare data to target ads Full Text
Abstract
A class action lawsuit has been filed in the Northern District of California against Meta (Facebook), the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising.BleepingComputer
July 30, 2022 – Ransomware
Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report Full Text
Abstract
I'm proud to announce the release of the "ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS" report, Enjoy it! Ransomware has become one of the most dangerous threats for organizations worldwide. Cybercriminal organizations and ransomware gangs have...Security Affairs
July 30, 2022 – Government
CISA orders to patch an actively exploited flaw in Confluence servers Full Text
Abstract
US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. US CISA has added the recently disclosed Confluence vulnerability, tracked as CVE-2022-26138, to...Security Affairs
July 29, 2022 – Hacker
North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts Full Text
Abstract
A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue , which is said to share overlaps with an adversarial collective publicly referred to under the name Kimsuky . SharpTongue has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who "work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," researchers Paul Rascagneres and Thomas Lancaster said . Kimsuky 's use of rogue extensions in attacks is not new. In 2018, the actor was seen utilizing a Chrome plugin as part of a campaign called Stolen Pencil to infect victims and steal browser cookies and passwords. But the latest espionage effort is differentThe Hacker News
July 29, 2022 – Government
CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138 , concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center instances. "A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group," CISA notes in its advisory. Depending on the page restrictions and the information a company has in Confluence, successful exploitation of the shortcoming could lead to the disclosure of sensitive information. Although the bug was addressed by the Atlassian software company last week in versions 2.7.38 and 3.0.5, it has since come under active exploitation , cybersecurity firm Rapid7 disclosed this week. &quoThe Hacker News
July 29, 2022 – Ransomware
LockBit ransomware abuses Windows Defender to load Cobalt Strike Full Text
Abstract
Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems.BleepingComputer
July 29, 2022 – Government
CISA warns of critical Confluence bug exploited in attacks Full Text
Abstract
CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation.BleepingComputer
July 29, 2022 – Phishing
This phishing attack uses a countdown clock to panic you into handing over passwords Full Text
Abstract
A sneaky new phishing attack attempts to manipulate victims into entering their username and password by claiming their account will be deleted if they don't - and it uses a countdown timer to pile on the pressure.ZDNet
July 29, 2022 – Malware
Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware Full Text
Abstract
A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware . These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been removed from the app marketplace. "DawDropper uses Firebase Realtime Database, a third-party cloud service, to evade detection and dynamically obtain a payload download address," the researchers said . "It also hosts malicious payloads on GitHub." Droppers are apps designed to sneak past Google's Play Store security checks, following which they are used to download more potent and intrusive malware on a device, in this case, Octo (Coper), Hydra , Ermac , and TeaBot . Attack chains involved the DawDropper malware establishing connections with a Firebase ReThe Hacker News
July 29, 2022 – Malware
Microsoft experts linked the Raspberry Robin malware to Evil Corp operation Full Text
Abstract
Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. Raspberry...Security Affairs
July 29, 2022 – Government
US govt warns Americans of escalating SMS phishing attacks Full Text
Abstract
The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money.BleepingComputer
July 29, 2022 – Breach
OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms Full Text
Abstract
In a data breach notice on its website, OneTouchPoint lists 34 healthcare insurance carriers and healthcare services providers that have been impacted, but the number appears to be larger.Security Week
July 29, 2022 – Vulnerabilities
Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices Full Text
Abstract
Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum ( ONVIF ) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera," Nozomi Networks said in a Thursday report. The issue, which was addressed in a patch released on June 28, 2022, impacts the following products - Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620 Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614 Dahua IPC-HX2XXX: Versions prior to v2.820.0000000.48.R.220614 ONVIF governs the development and use of an open standard for how IP-based physical security products such as video surveillance cameras and access control systems can communicate with one anThe Hacker News
July 29, 2022 – General
Strong Authentication – Robust Identity and Access Management Is a Strategic Choice Full Text
Abstract
Passwords no longer meet the demands of today’s identity and access requirements. Therefore, strong authentication methods are needed. “Usernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential...Security Affairs
July 29, 2022 – Ransomware
LockBit operator abuses Windows Defender to load Cobalt Strike Full Text
Abstract
Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems.BleepingComputer
July 29, 2022 – Criminals
Microsoft experts linked the Raspberry Robin malware to Evil Corp operation Full Text
Abstract
The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file.Security Affairs
July 29, 2022 – Phishing
Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network Full Text
Abstract
The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS , short for InterPlanetary File System, is a peer-to-peer (P2P) network to store and share files and data using cryptographic hashes, instead of URLs or filenames, as is observed in a traditional client-server approach. Each hash forms the basis for a unique content identifier ( CID ). The idea is to create a resilient distributed file system that allows data to be stored across multiple computers. This would allow information to be accessed without having to rely on third parties such as cloud storage providers, effectively making it resistant to censorship. "Taking down phishing content stored on IPFS can be difficulThe Hacker News
July 29, 2022 – Vulnerabilities
Exploitation is underway for a critical flaw in Atlassian Confluence Server and Data Center Full Text
Abstract
Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data...Security Affairs
July 29, 2022 – Attack
Microsoft links Raspberry Robin malware to Evil Corp attacks Full Text
Abstract
Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.BleepingComputer
July 29, 2022 – Vulnerabilities
XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks Full Text
Abstract
A pair of vulnerabilities in Google Cloud, DevSite, and Google Play could have allowed attackers to achieve cross-site scripting (XSS) attacks, opening the door to account hijacks.The Daily Swig
July 29, 2022 – Education
How to Combat the Biggest Security Risks Posed by Machine Identities Full Text
Abstract
The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity debt, and increasing security risks. Let's take a look at three of the top security risks which machine identities create – and how you can combat them. Certificate renewal issues Machine identities are secured differently from human ones. While human IDs can be verified with login and password credentials, machine IDs use certificates and keys. A huge issue with these types of credentials is they have expiration dates. Generally, certificates remain valid for two years, but the rapid pace of technological improvement has reduced some lifespans to 13 months. Given that there areThe Hacker News
July 29, 2022 – Malware
Malware-laced npm packages used to target Discord users Full Text
Abstract
Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card...Security Affairs
July 29, 2022 – Breach
Billion-record Chinese data leak’s host booms Full Text
Abstract
The popularity of stolen data bazaar BreachForums surged after it was used to sell a giant database of stolen information describing Chinese citizens, threat intelligence firm Cybersixgill said on Thursday.The Register
July 29, 2022 – Criminals
Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System Full Text
Abstract
Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies ( DGPCE ) and used to monitor excessive radiation levels across the country. The reason for the attacks is unknown as yet. "The two detainees, former workers, attacked the computer system and caused the connection of the sensors to fail, reducing their detection capacity even in the environment of nuclear power plants," the Policía Nacional said . The law enforcement probe, dubbed Operation GAMMA, commenced in June 2021 in the aftermath of an attack perpetrated against the RAR network, which is a mesh of 800 gamma radiation detection sensors deployed in various parts of the country to detect surgesThe Hacker News
July 29, 2022 – Government
U.S. Justice Department Probing Cyber Breach of Federal Court Records System Full Text
Abstract
The U.S. Justice Department is investigating a cyber breach involving the federal court records management system, the department's top national security attorney told lawmakers on Thursday.Reuters
July 28, 2022 – Vulnerabilities
Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation Full Text
Abstract
A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138 , which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain unrestricted access to all pages in Confluence. The real-world exploitation follows the release of the hard-coded credentials on Twitter, prompting the Australian software company to prioritize patches to mitigate potential threats targeting the flaw. "Unsurprisingly, it didn't take long [...] to observe exploitation once the hard-coded credentials were released, given the high value of Confluence for attackers who often jump on Confluence vulnerabilities to execute ransomware attacks," Rapid7 security researcher Glenn Thorpe said . It's worth noting that the bug only existsThe Hacker News
July 28, 2022 – General
Ransom payments fall as fewer victims choose to pay hackers Full Text
Abstract
Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021.BleepingComputer
July 28, 2022 – Vulnerabilities
Threat Actors Exploit Zero-day in PrestaShop Full Text
Abstract
Researchers discovered a zero-day vulnerability affecting older versions of PrestaShop websites. The bug can be exploited to harvest customers’ payment information. After the attack, the remote attackers erase their traces that stops the site owner from knowing that they were breached. Experts sugg ... Read MoreCyware Alerts - Hacker News
July 28, 2022 – Privacy
Google Delays Blocking 3rd-Party Cookies in Chrome Browser Until 2024 Full Text
Abstract
Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, said . In keeping this in mind, the internet and ad tech giant said it's taking a "deliberate approach" and extending the testing window for its ongoing Privacy Sandbox initiatives prior to phasing out third-party cookies. Cookies are pieces of data planted on a user's computer or other device by the web browser as a website is accessed, with third-party cookies fueling much of the digital advertising ecosystem and its ability to track users across different sites to show targeted ads. Privacy Sandbox is Google's umbrella term for a set of technologiesThe Hacker News
July 28, 2022 – Denial Of Service
Akamai blocked the largest DDoS attack ever on its European customers Full Text
Abstract
This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai...Security Affairs
July 28, 2022 – General
Vulnerabilities are Beyond What You Think Full Text
Abstract
CVEs or Software vulnerabilities comprise only a part of security risks in the IT security landscape. Attack surfaces are massive with numerous security risks that must be treated equally as software vulnerabilities to reduce risk exposure and prevent cyberattacks at scaleThreatpost
July 28, 2022 – Breach
Microsoft SQL servers hacked to steal bandwidth for proxy services Full Text
Abstract
Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies that are rented through online proxy services.BleepingComputer
July 28, 2022 – APT
Things to Know About STIFF#BIZON Campaign Full Text
Abstract
APT37 is targeting high-value organizations in Poland, the Czech Republic, and other European countries, with Konni RAT. The campaign is dubbed STIFF#BIZON. The attacked phishing document is a decoy and seems to be a report from a Russian war correspondent, Olga Bozheva. Researchers have shared som ... Read MoreCyware Alerts - Hacker News
July 28, 2022 – Hacker
Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default Full Text
Abstract
With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The Hacker News. In its place, adversaries are increasingly pivoting away from macro-enabled documents to other alternatives, including container files such as ISO and RAR as well as Windows Shortcut (LNK) files in campaigns to distribute malware. "Threat actors pivoting away from directly distributing macro-based attachments in email represents a significant shift in the threat landscape," Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, said in a statement. "Threat actors are now adopting new tactics to deliver malware, and the increased use of files sucThe Hacker News
July 28, 2022 – Vulnerabilities
LibreOffice fixed 3 flaws, including a code execution issue Full Text
Abstract
LibreOffice maintainers addressed three security flaws in their productivity software, including an arbitrary code execution issue. LibreOffice is an open-source office productivity software suite, a project of The Document Foundation (TDF). LibreOffice...Security Affairs
July 28, 2022 – Vulnerabilities
LibreOffice addresses security issues with macros, passwords Full Text
Abstract
The LibreOffice suite has been updated to address several security vulnerabilities related to the execution of macros and the protection of passwords for web connections.BleepingComputer
July 28, 2022 – Malware
Amadey Bot’s New Version Spreads Using Software Cracks Full Text
Abstract
Software cracks and keygen sites could be attractive but it’s extremely unsafe. A malware campaign by SmokeLoader operators was spotted dropping the Amadey Bot, a rarely used malware since 2020, via similar lures. Users should avoid downloading from unauthenticated sources and double check dom ... Read MoreCyware Alerts - Hacker News
July 28, 2022 – Attack
Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits Full Text
Abstract
A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the development and attempted sale of a piece of cyberweapon referred to as Subzero , which can be used to hack targets' phones, computers, and internet-connected devices. "Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama," the tech giant's cybersecurity teams said in a Wednesday report. Microsoft is tracking the actor under the moniker KNOTWEED, continuing its trend of naming PSOAs using names given to trees and shrubs. The company previously designated the name SOURGThe Hacker News
July 28, 2022 – Hacker
Threat actors use new attack techniques after Microsoft blocked macros by default Full Text
Abstract
Threat actors are devising new attack tactics in response to Microsoft's decision to block Macros by default. In response to Microsoft's decision steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default in Microsoft...Security Affairs
July 28, 2022 – Malware
Cyberspies use Google Chrome extension to steal emails undetected Full Text
Abstract
A North Korean-backed threat group tracked as Kimsuky is using a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail.BleepingComputer
July 28, 2022 – APT
Kimsuky APT Deploys Clever Mail-Stealing Browser Extension Called SHARPEXT Full Text
Abstract
This actor is believed to be North Korean in origin and is often publicly referred to under the name Kimsuky. The definition of which threat activity comprises Kimsuky is a matter of debate amongst threat intelligence analysts.Volexity
July 28, 2022 – General
Top MSSP CEOs Share 7 Must-Do Tips for Higher MSSP Revenue and Margin Full Text
Abstract
MSSPs must find ways to balance the need to please existing customers, add new ones, and deliver high-margin services against their internal budget constraints and the need to maintain high employee morale. In an environment where there are thousands of potential alerts each day and cyberattacks are growing rapidly in frequency and sophistication, this isn't an easy balance to maintain. Customers want airtight security, but adding dozens of security tools to scan for and respond to any potential attack often means that specific analysts become experts in specific tools. It's left to the whole team to manually correlate their findings to discover and respond to multi-layered attacks, and hackers are always finding ways to exploit the gaps in coverage. This is a no-win situation where the analysts are frustrated, customers are dissatisfied, and costs can easily run out of control. To win in the marketplace, MSSPs must find ways to make their teams highly efficient while driving higherThe Hacker News
July 28, 2022 – General
ENISA provides data related to major telecom security incidents in 2021 Full Text
Abstract
ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021....Security Affairs
July 28, 2022 – Denial Of Service
Akamai blocked largest DDoS in Europe against one of its customers Full Text
Abstract
The largest distributed denial-of-service (DDoS) attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe.BleepingComputer
July 28, 2022 – General
ENISA provides data related to major telecom security incidents in 2021 Full Text
Abstract
Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to ENISA at the start of every calendar year.Security Affairs
July 28, 2022 – Attack
European firm DSIRF behind the attacks with Subzero surveillance malware Full Text
Abstract
Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat...Security Affairs
July 28, 2022 – Malware
Malicious npm packages steal Discord users’ payment card info Full Text
Abstract
Multiple npm packages are being used in an ongoing malicious campaign to infect Discord users with malware that steals their payment card information.BleepingComputer
July 28, 2022 – Phishing
IPFS: The New Hotbed of Phishing Full Text
Abstract
These websites have the capability to change their background and logo depending on the user’s domain. The phishing sites are stored in the InterPlanetary File System (IPFS).Trustwave
July 28, 2022 – Criminals
Spain police arrested two men accused of cyber attacks on radioactivity alert network (RAR) Full Text
Abstract
The Spanish police arrested two individuals accused to have hacked the country's radioactivity alert network (RAR) in 2021. The Spanish police have arrested two men suspected to be the hackers behind cyberattacks that hit the country's radioactivity...Security Affairs
July 28, 2022 – Attack
As Microsoft blocks Office macros, hackers find new attack vectors Full Text
Abstract
Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments.BleepingComputer
July 28, 2022 – Business
With $11.5M In Funding, Naoris Protocol Will Use Blockchain & Decentralization To Plug Web3 Security Gaps Full Text
Abstract
By creating a decentralized network of trusted devices that are incentivized to continuously validate each other to ensure no weak points, Naoris Protocol is on a mission to reinvent cybersecurity best practices.Hackread
July 28, 2022 – Vulnerabilities
Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks Full Text
Abstract
The two security holes, tracked as CVE-2022-2043 and CVE-2022-2044 and rated ‘high severity,’ affect Moxa’s NPort 5110 device servers, which are designed for connecting serial devices to Ethernet networks.Security Week
July 28, 2022 – Business
Human Security merges with PerimeterX to thwart bots and automated fraud Full Text
Abstract
Human Security, a bot mitigation and fraud detection platform for enterprises, is merging with PerimeterX, a company focused on safeguarding web apps from account takeover and automated fraud. The terms of the deal were not disclosed.Tech Crunch
July 27, 2022 – General
Messaging Apps Tapped as Platform for Cybercriminal Activity Full Text
Abstract
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.Threatpost
July 27, 2022 – Vulnerabilities
LibreOffice Releases Software Update to Patch 3 New Vulnerabilities Full Text
Abstract
The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected systems. Tracked as CVE-2022-26305 , the issue has been described as a case of improper certificate validation when checking whether a macro is signed by a trusted author, leading to the execution of rogue code packaged within the macros. "An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted," LibreOffice said in an advisory. Also resolved is the use of a static initialization vector ( IV ) during encryption ( CVE-2022-26306 ) that could have weakened the security should a bad actor have access to the user's configuration informThe Hacker News
July 27, 2022 – Government
U.S. Offers $10 Million Reward for Information on North Korean Hackers Full Text
Abstract
The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward," the department said in a tweet. The amount is double the bounty the agency publicized in March 2022 for specifics regarding the financial mechanisms employed by state-sponsored actors working on behalf of the North Korean government. The development comes a week after the Justice Department disclosed the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments by using a new rThe Hacker News
July 27, 2022 – Outage
Kansas MSP shuts down cloud services to fend off cyberattack Full Text
Abstract
A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services.BleepingComputer
July 27, 2022 – Education
Adversarial attacks can cause DNS amplification, fool network defense systems, machine learning study finds Full Text
Abstract
According to a study by researchers at the Citadel, South Carolina, deep learning models trained for network intrusion detection can be bypassed through adversarial attacks, specially crafted data that fools neural networks to change their behavior.The Daily Swig
July 27, 2022 – Malware
These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware Full Text
Abstract
As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While masquerading as innocuous apps, their primary goal is to request permissions to show windows over other apps and run in the background in order to serve intrusive ads. To make it difficult for the victims to detect and uninstall the apps, the adware trojans hide their icons from the list of installed apps in the home screen or replace the icons with others that are likely to be less noticed (e.g., SIM Toolkit). Some of these apps also offer the advertised features, as observed in the case of two apps: "Water Reminder- Tracker & Reminder" and "Yoga- For Beginner to Advanced." HoweverThe Hacker News
July 27, 2022 – Attack
Attackers increasingly abusing IIS extensions to establish covert backdoors Full Text
Abstract
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish...Security Affairs
July 27, 2022 – Phishing
New ‘Robin Banks’ phishing service targets BofA, Citi, and Wells Fargo Full Text
Abstract
A new phishing as a service (PhaaS) platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services.BleepingComputer
July 27, 2022 – Government
Ransomware Hackers Will Still Target Smaller Critical Infrastructure, CISA Director Warns Full Text
Abstract
Leadership at the Cybersecurity and Infrastructure Security Agency confirmed that ransomware hackers are not exclusively targeting large organizations and businesses, but smaller entities as well.Nextgov
July 27, 2022 – Malware
New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts Full Text
Abstract
Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation. "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure Business) said in a new report. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to." The attacks, attributed to a Vietnamese threat actor, are said to have begun in the latter half of 2021, with primary targets being individuals with managerial, digital marketing, digital media, and human resources roles in companies. The idea is to target employees with high-level accThe Hacker News
July 27, 2022 – Hacker
DUCKTAIL operation targets Facebook’s Business and Ad accounts Full Text
Abstract
Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals...Security Affairs
July 27, 2022 – Criminals
Spain arrests suspected hackers who sabotaged radiation alert system Full Text
Abstract
The Spanish police have announced the arrest of two hackers believed to be responsible for cyberattacks on the country's radioactivity alert network (RAR), which took place between March and June 2021.BleepingComputer
July 27, 2022 – General
Average cost of data breach surpasses $4 million for many organizations Full Text
Abstract
The average cost of a data breach hit an all-time high of $4.35 million this year, a gain of 2.6% from 2021 and 12.7% from 2020. In the United States, the average cost was $9.44 million, the highest amount in any country.Tech Republic
July 27, 2022 – Education
Taking the Risk-Based Approach to Vulnerability Patching Full Text
Abstract
Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation. Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or multiple reports, especially when many teams are involved in the organization. Even when a process for patching is in place, organizations still struggle to effectively patch vulnerabilities in their assets. This is generally because teams look at the severity of vulnerabilities and tend to apply patches to vulnerabilities in the following severity order: critical > high > medium > low > info. The following sections explain why this approach is flawed and how it can be improved. Why is Patching Difficult? While it is well known that vulnerability patching is extremely important, itThe Hacker News
July 27, 2022 – Ransomware
The strange similarities between Lockbit 3.0 and Blackmatter ransomware Full Text
Abstract
Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit...Security Affairs
July 27, 2022 – Malware
Microsoft: Windows, Adobe zero-days used to deploy Subzero malware Full Text
Abstract
Microsoft has linked a threat group known as Knotweed to an Austrian spyware vendor also operating as a cyber mercenary outfit named DSIRF that targets European and Central American entities using a malware toolset dubbed Subzero.BleepingComputer
July 27, 2022 – Policy and Law
US Credit Unions to Come Under Cyber Incident Reporting Rule Full Text
Abstract
U.S. federal credit union regulators plan to impose new cybersecurity incident reporting requirements, including a duty to relay reports of cyber incidents experienced by third-party vendors.Bank Info Security
July 27, 2022 – Malware
Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access Full Text
Abstract
Threat actors are increasingly abusing Internet Information Services ( IIS ) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target applications, and they follow the same code structure as clean modules." Attack chains taking this approach commence with weaponizing a critical vulnerability in the hosted application for initial access, using this foothold to drop a script web shell as the first stage payload. This web shell then becomes the conduit for installing a rogue IIS module to provide highly covert and persistent access to the server, in addition to monitoring incoming and outgoing requests as well as running remote commands. Indeed, earlier this month, Kaspersky researchers disclosed a camThe Hacker News
July 27, 2022 – Solution
GitHub introduces 2FA and quality of life improvements for npm Full Text
Abstract
GitHub has announced the general availability of three significant improvements to npm (Node Package Manager), aiming to make using the software more secure and manageable.BleepingComputer
July 27, 2022 – Breach
Fallout from massive Shanghai Police data breach reverberates on dark web Full Text
Abstract
The availability of supposedly hacked Chinese data on the dark web appears to have surged in recent weeks on the heels of the massive Shanghai National Police breach, which was one of the largest ever recorded.CyberScoop
July 27, 2022 – Denial Of Service
DDoS Attack Trends in 2022: Ultrashort, Powerful, Multivector Attacks Full Text
Abstract
The political situation in Europe and the rest of the world has degraded dramatically in 2022. This has affected the nature, intensity, and geography of DDoS attacks, which have become actively used for political purposes. Find out more in this summary of G-Core Lab's latest DDoS Trends report.BleepingComputer
July 27, 2022 – Privacy
European Lawmaker Targeted With Cytrox Predator Surveillance Spyware Full Text
Abstract
According to published reports out of Greece, the surveillance tool has been linked to an attempted hack of a phone belonging to Nikos Androulakis, a member of the European Parliament.Security Week
July 27, 2022 – General
Fedora ditches ‘No Rights Reserved’ software over patent concerns Full Text
Abstract
The Fedora Project has announced that it will no longer permit Creative Commons 'No Rights Reserved' aka CC0-licensed code in its Linux distro or the Fedora Registry.BleepingComputer
July 27, 2022 – General
Hackers start hunting for victims just 15 minutes after a bug is disclosed Full Text
Abstract
Palo Alto Networks warns in its 2022 report covering 600 incident response (IR) cases that attackers typically start scanning for vulnerabilities within 15 minutes of one being announced.ZDNet
July 27, 2022 – Vulnerabilities
Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite Full Text
Abstract
The latest patch release includes fixes for two remote code execution (RCE) vulnerabilities that were discovered in the software’s document converter component. CVE-2022-23100 and CVE-2022-24405 earned CVSS scores of 8.2 and 7.3, respectively.The Daily Swig
July 27, 2022 – Breach
Wawa Agrees to Payment, Security Changes for ‘19 Data Breach Full Text
Abstract
A Pennsylvania-based convenience store chain will pay $8 million to several states over a 2019 data breach that involved some 34 million payment cards, authorities announced Tuesday.Security Week
July 27, 2022 – Solution
GitGuardian launches ggcanary project to help detect open-source software risks Full Text
Abstract
According to the firm, security teams can use GitGuardian Canary Tokens (ggcanary) to create and deploy canary tokens in the form of Amazon Web Services (AWS) secrets to trigger alerts as soon as they are tampered with by attackers.CSO Online
July 26, 2022 – Attack
Microsoft Exchange servers increasingly hacked with IIS backdoors Full Text
Abstract
Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells.BleepingComputer
July 26, 2022 – General
Hackers scan for vulnerabilities within 15 minutes of disclosure Full Text
Abstract
System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.BleepingComputer
July 26, 2022 – Malware
Lightning Framework: Another Capable Linux Malware Full Text
Abstract
A previously undetected malware, dubbed Lightning Framework, was found targeting Linux systems. It can also serve as a backdoor for infected devices using SSH and can deploy an array of rootkits. Stay safe using a reliable anti-malware solution and let’s not skip on threat intel platforms to mitiga ... Read MoreCyware Alerts - Hacker News
July 26, 2022 – Ransomware
Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware Full Text
Abstract
Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter , a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit , called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what's the very first ransomware bug bounty program, alongside Zcash as a cryptocurrency payment option. Its encryption process involves appending the extension "HLJkNskOq" or "19MqZqZ0s" to each and every file and changing the icons of the locked files to that of the .ico file that's dropped by the LockBit sample to kick-start the infection. "The ransomware then drops its ransom note, which references 'Ilon Musk' and the European Union's General Data Protection Regulation (GDPR)," Trend Micro researchers said in a Monday report. "Lastly, it changes the wallpaper of the victim'sThe Hacker News
July 26, 2022 – General
U.S. increased rewards for info on North Korea-linked threat actors to $10 million Full Text
Abstract
The U.S. State Department increased rewards for information on any North Korea-linked threat actors to $10 million. In April 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released...Security Affairs
July 26, 2022 – Botnet
IoT Botnets Fuels DDoS Attacks – Are You Prepared? Full Text
Abstract
The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of a sophisticated DDoS attack and a prolonged service outage will prevent businesses from growing.Threatpost
July 26, 2022 – Vulnerabilities
Microsoft: IIS extensions increasingly used as Exchange backdoors Full Text
Abstract
Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells.BleepingComputer
July 26, 2022 – Ransomware
New Redeemer 2.0 Promoted on Hacker Forum Full Text
Abstract
A new strain of the free-to-use Redeemer ransomware builder is being promoted on hacker forums. The new version 2.0 is written in C++ and features support for Windows 11 and GUI tools, among others. The author has threatened that the project's source code will become public if they lose interest, m ... Read MoreCyware Alerts - Hacker News
July 26, 2022 – General
4 Steps Financial Industry Can Take to Cope With Their Growing Attack Surface Full Text
Abstract
The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report , for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile visitors in the first half of 2020. The same report found that four out of ten financial executives say that digital and mobile channels account for more than half of their sales – a trend that's only expected to continue in the next few years. As financial institutions expand their digital footprint, they have more opportunities to better serve their customers – but are also more exposed to security threats. Every new tool increases the attack surface. A higher number of potential security gaps, may potentially lead to a higher number of security breaches. According to the Cisco CISO BThe Hacker News
July 26, 2022 – Malware
Threat actors leverages DLL-SideLoading to spread Qakbot malware Full Text
Abstract
Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading...Security Affairs
July 26, 2022 – Malware
New Android malware apps installed 10 million times from Google Play Full Text
Abstract
A new batch of malicious Android apps filled with adware and malware was found on the Google Play Store that have been installed close to 10 million times on mobile devices.BleepingComputer
July 26, 2022 – Privacy
Chrome Zero-day Abused to Spread Spyware to Target Journalists Full Text
Abstract
Avast found DevilsTongue spyware, developed by an Israeli surveillance company, abusing a Chrome zero-day to attack journalists in the Middle East. Since the bug exists in WebRTC, it also impacts Safari browser but the exploit found only work on Windows. Always protect data with powerful encry ... Read MoreCyware Alerts - Hacker News
July 26, 2022 – Cryptocurrency
Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection Full Text
Abstract
As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This uncovered a compromise of a theme file to inject malicious JavaScript code from a remote server -- hxxps://wm.bmwebm[.]org/auto.js -- that's loaded whenever the website's page is accessed. "Once decoded, the contents of auto.js immediately reveal the functionality of a cryptominer which starts mining when a visitor lands on the compromised site," Sucuri malware researcher Cesar Anjos said . What's more, the deobfuscated auto.js code makes use of WebAssembly to run low-level binary code directly on the browser. WebAssembly , which is supported by all major browsers, is a bThe Hacker News
July 26, 2022 – Attack
Zero Day attacks target online stores using PrestaShop Full Text
Abstract
Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform...Security Affairs
July 26, 2022 – Breach
Hackers steal $6 million from blockchain music platform Audius Full Text
Abstract
The decentralized music platform Audius was hacked over the weekend, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million.BleepingComputer
July 26, 2022 – Malware
GoMet Backdoor Used in Attacks Targeting Ukraine Full Text
Abstract
An uncommon piece of malware was found targeting a large software development firm in Ukraine. The malware is a moderately altered version of the open-source backdoor GoMet. Two samples of the backdoor with minor differences have been discovered, believed to have the same source code. However ... Read MoreCyware Alerts - Hacker News
July 26, 2022 – Vulnerabilities
Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers Full Text
Abstract
FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty security researcher Noam Moshe said in a Monday report. FileWave MDM is a cross-platform mobile device management solution that allows IT administrators to manage and monitor all of an organization's devices, including mobile phones, tablets, laptops, workstations, and smart TVs. The platform functions as a channel to push mandatory software and updates, change device settings, and even remotely wipe devices, all of which is delivered from a central server. The two issues identified by the operational technology firm relate to an authentication bypass (CVE-2022-34907) aThe Hacker News
July 26, 2022 – Criminals
U.S. doubles reward for tips on North Korean-backed hackers Full Text
Abstract
The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups' members to $10 million.BleepingComputer
July 26, 2022 – Phishing
Google Ads Abused in Windows Support Scams Full Text
Abstract
An eerily realistic-seeming Google Search YouTube ad is redirecting visitors to tech support scams masquerading as security alerts from Windows Defender. In case a user is using a VPN connection, it is sent to the genuine YouTube site. Users are suggested to use a reliable anti-malware solution t ... Read MoreCyware Alerts - Hacker News
July 26, 2022 – Malware
SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware Full Text
Abstract
An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Security Emergency Response Center (ASEC) said in a report published last week. Amadey , a botnet that first appeared around October 2018 on Russian underground forums for $600, is equipped to siphon crendentials, capture screenshots, system metadata, and even information about antivirus engines and additional malware installed on an infected machine. While an update was spotted last July by Walmart Global Tech incorporated functionality for harvesting data from Mikrotik routers and Microsoft Outlook, the toolset has since been upgraded to capture information from FileZilla, Pidgin, Total Commander FTP Client, RealVNC, TightVNC, TigerVNC, and WinSCP. Its main goal, however, is to deployThe Hacker News
July 26, 2022 – Solution
Using Account Lockout policies to block Windows Brute Force Attacks Full Text
Abstract
A strong account lockout policy is one of the most effective tools for stopping brute force authentication attempts on Windows domains. Learn how to add one to your organization's Windows Active Directory.BleepingComputer
July 26, 2022 – Hacker
AIG Threat Group Emerges With Unique Business Model Full Text
Abstract
A threat group calling itself the Atlas Intelligence Group, or AIG, was spotted offering cybercriminals a broad range of services such as leaked databases and DDoS services, hacking scripts, and more. AIG’s approach and operational efficiency make them hard to detect and a constant source of threat ... Read MoreCyware Alerts - Hacker News
July 26, 2022 – Ransomware
No More Ransom helps millions of ransomware victims in 6 years Full Text
Abstract
The No More Ransom project celebrates its sixth anniversary today after helping millions of ransomware victims recover their files for free.BleepingComputer
July 26, 2022 – Cryptocurrency
TA4563 Uses Evilnum to Target Finance Industry Supporting Crypto Full Text
Abstract
TA4563 is once again targeting European financial and investment entities, especially those involved with cryptocurrency, foreign exchanges, and DeFi, with the Evilnum malware. As a method of testing the efficacy of the delivery methods, the updated version of Evilnum employs a diverse mix of ISO, ... Read MoreCyware Alerts - Hacker News
July 26, 2022 – Attack
LockBit claims ransomware attack on Italian tax agency Full Text
Abstract
Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L'Agenzia delle Entrate).BleepingComputer
July 26, 2022 – Phishing
LinkedIn phishing target employees managing Facebook Ad Accounts Full Text
Abstract
A new phishing campaign codenamed 'Ducktail' is underway, targeting professionals on LinkedIn to take over Facebook business accounts that manage advertising for the company.BleepingComputer
July 25, 2022 – Vulnerabilities
Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores Full Text
Abstract
Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is marketed as the leading open-source e-commerce solution in Europe and Latin America, used by nearly 300,000 online merchants worldwide. The goal of the infections is to introduce malicious code capable of stealing payment information entered by customers on checkout pages. Shops using outdated versions of the software or other vulnerable third-party modules appear to be the prime targets. The PrestaShop maintainers also said they found a zero-day flaw in its service that they said has been addressed in version 1.7.8.7 , although they cautioned that "we cannot be sureThe Hacker News
July 25, 2022 – Malware
CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards Full Text
Abstract
Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit.BleepingComputer
July 25, 2022 – Malware
Source code for Rust-based info-stealer released on hacker forums Full Text
Abstract
A malware author released the source code of their info-stealer for free on hacking forums earlier this month, and security analysts already report observing several samples being deployed in the wild.BleepingComputer
July 25, 2022 – APT
Chinese APT Group Taking Over Belgian Ministries Full Text
Abstract
The Minister for Foreign Affairs of Belgium claimed that several China-linked APT groups—APT27, APT30, and APT3—targeted the nation’s defense and interior ministries. However, the spokesperson of the Chinese Embassy in Belgium denied the accusations.Cyware Alerts - Hacker News
July 25, 2022 – Solution
Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11 Full Text
Abstract
Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise, said in a series of tweets last week. "This technique is very commonly used in Human Operated Ransomware and other attacks -- this control will make brute forcing much harder which is awesome!" It's worth pointing out that while this account lockout setting is already incorporated in Windows 10, it's not enabled by default. The fThe Hacker News
July 25, 2022 – General
Open-Source Security: How Digital Infrastructure Is Built on a House of Cards Full Text
Abstract
Log4Shell remains a national concern because the open-source community cannot continue to shoulder the responsibility of securing this critical asset and vendors are not exercising due care in incorporating open-source components into their products. A comprehensive institutional response to the incentives problem is needed.Lawfare
July 25, 2022 – Malware
CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China Full Text
Abstract
Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed...Security Affairs
July 25, 2022 – Education
Why Physical Security Maintenance Should Never Be an Afterthought Full Text
Abstract
SecuriThings’ CEO Roy Dagan tackles the sometimes overlooked security step of physical security maintenance and breaks down why it is important.Threatpost
July 25, 2022 – Breach
Hackers exploited PrestaShop zero-day to breach online stores Full Text
Abstract
Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information.BleepingComputer
July 25, 2022 – Hacker
Hackers Deceive Developers by Spoofing GitHub Commit Metadata Full Text
Abstract
Checkmarx warned against a new supply-chain attack that involves spoofing metadata commits to deceive GitHub developers into using malicious code. Commits are essential components in the GitHub system and have a unique hash or ID. Fake commits can be automatically generated and added to the use ... Read MoreCyware Alerts - Hacker News
July 25, 2022 – Malware
Experts Uncover New ‘CosmicStrand’ UEFI Firmware Rootkit Used by Chinese Hackers Full Text
Abstract
An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated UEFI firmware rootkit called CosmicStrand . "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today. "This suggests that a common vulnerability may exist that allowed the attackers to inject their rootkit into the firmware's image." Victims identified are said to be private individuals located in China, Vietnam, Iran, and Russia, with no discernible ties to any organization or industry vertical. The attribution to a Chinese-speaking threat actor stems from code overlaps between CosmicStrand and other malware such as the MyKings botnet and MoonBounce. Rootkits, which are malware implants that are capable of embedding themselves in the deepest layers of the operating system, are morphed from a rarity tThe Hacker News
July 25, 2022 – Vulnerabilities
Flaws in FileWave MDM could have allowed hacking +1000 organizzations Full Text
Abstract
Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks....Security Affairs
July 25, 2022 – Breach
T-Mobile Settles to Pay $350M to Customers in Data Breach Full Text
Abstract
In a Securities and Exchange Commission filing on Friday, the mobile phone company said the funds would pay for claims by class members, the legal fees of plaintiffs’ counsel, and the costs of administering the settlement.Security Week
July 25, 2022 – Criminals
Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants Full Text
Abstract
Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web. "The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using Harbortouch," cybersecurity firm Recorded Future revealed in a report. "InTouchPOS was targeted by a separate, unrelated Magecart campaign, resulting in e-skimmer infections on 157 restaurants using the platform." Magecart actors have a history of infecting e-commerce websites with JavaScript skimmers to steal online shoppers' payment card data, billing information, and other personally identifiable information (PII). The first set of actThe Hacker News
July 25, 2022 – Breach
Lockbit ransomware gang claims to have breached the Italian Revenue Agency Full Text
Abstract
The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added...Security Affairs
July 25, 2022 – Vulnerabilities
1,000 Organizations Exposed to Remote Attacks by FileWave MDM Vulnerabilities Full Text
Abstract
Claroty researchers discovered that the FileWave MDM product is affected by two critical security holes: an authentication bypass issue (CVE-2022-34907) and a hardcoded cryptographic key (CVE-2022-34906). The vendor quickly patched the flaws.Security Week
July 25, 2022 – Malware
Racoon Stealer is Back — How to Protect Your Organization Full Text
Abstract
The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of personal information ranging from basic contact data to credit card numbers. As if all of that were not enough, Racoon Stealer also had the ability to steal cryptocurrency and to steal (or drop) files on an infected system. As bad as Racoon Stealer might have been, its developers have recently created a new version that is designed to be far more damaging than the version that previously existed. New Racoon Stealer Capabilities The new version of Raccoon Stealer still has the ability to steal browser passwords, cookies, and auto-fill data. It also has the ability to steal any credit card numbeThe Hacker News
July 25, 2022 – Malware
Amadey malware spreads via software cracks laced with SmokeLoader Full Text
Abstract
Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads....Security Affairs
July 25, 2022 – Criminals
LockBit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Full Text
Abstract
The ransomware gang LockBit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site.Security Affairs
July 25, 2022 – Vulnerabilities
Drupal developers fixed a code execution flaw in the popular CMS Full Text
Abstract
Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security updates to address multiple vulnerabilities in the popular CMS: Drupal core - Moderately...Security Affairs
July 25, 2022 – General
Your biggest cyber-crime threat has almost nothing to do with technology Full Text
Abstract
The scale of business email compromise (BEC) attacks is clear: according to the FBI, the combined total lost to BEC attacks is $43 billion and counting, with attacks reported in at least 177 countries.ZDNet
July 25, 2022 – General
Visibility into runtime threats against mobile apps and APIs still lacking Full Text
Abstract
An attack against APIs that rendered a mobile app non-functional would have a significant effect on 45 percent of businesses and a major impact on an additional 30 percent, according to a new report.Help Net Security
July 25, 2022 – Breach
Oklahoma City Housing Authority Provides Notice of Data Breach Full Text
Abstract
The impacted information varied by individual but may include name, Social Security number, driver's license or government identification, financial account information, and medical or health information.Yahoo Finance
July 24, 2022 – Attack
Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France Full Text
Abstract
The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming Mantis , a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao (aka XLoader) or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page. "MoqHao (aka Wroba, XLoader for Android) is an Android remote access trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS," Sekoia researchers said . It all starts with a phishing SMS, a technique known as smishing, enticing users with package delivery-themed messages containing rogue links, that, when clicThe Hacker News
July 24, 2022 – Malware
Amadey malware pushed via software cracks in SmokeLoader campaign Full Text
Abstract
A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures.BleepingComputer
July 24, 2022 – APT
Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37? Full Text
Abstract
North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value...Security Affairs
July 24, 2022 – Phishing
QBot phishing uses Windows Calculator sideloading to infect devices Full Text
Abstract
The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers.BleepingComputer
July 24, 2022 – General
Security Affairs newsletter Round 375 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. FBI...Security Affairs
July 24, 2022 – Breach
A database containing data of 5.4 million Twitter accounts available for sale Full Text
Abstract
Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability...Security Affairs
July 23, 2022 – Government
TSA revises and reissues cybersecurity requirements for pipeline owners and operators Full Text
Abstract
The Transportation Security Administration (TSA) announced the revision of its Security Directive regarding oil and natural gas pipeline security that will continue the effort to build cybersecurity resiliency for the nation’s critical pipelines.tsa
July 23, 2022 – Breach
T-Mobile reaches $350M settlement in 2021 cyberattack and data breach impacting 76M people Full Text
Abstract
T-Mobile agreed to pay $350 million to settle class-action lawsuits brought over an August 2021 cyberattack in which a hacker infiltrated its computer systems to steal sensitive data relating to millions of customers.Geek Wire
July 23, 2022 – Attack
North Korean hackers attack EU targets with Konni RAT malware Full Text
Abstract
Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries.BleepingComputer
July 23, 2022 – Privacy
Chrome use subject to restrictions in Dutch schools over data security concerns Full Text
Abstract
The Ministry of Education in the Netherlands has decided to implement restrictions on the use of the Chrome OS and Chrome web browser until August 2023 over concerns about data privacy.BleepingComputer
July 23, 2022 – Policy and Law
FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks Full Text
Abstract
The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware...Security Affairs
July 23, 2022 – Vulnerabilities
SonicWall fixed critical SQLi in Analytics and GMS products Full Text
Abstract
Security company SonicWall released updates to address a critical SQL injection (SQLi) flaw in Analytics On-Prem and Global Management System (GMS) products. Security company SonicWall addressed a critical SQL injection (SQLi) vulnerability, tracked...Security Affairs
July 22, 2022 – Ransomware
The Week in Ransomware - July 22nd 2022 - Attacks abound Full Text
Abstract
New ransomware operations continue to be launched this week, with the new Luna ransomware found to be targeting both Windows and VMware ESXi servers.BleepingComputer
July 22, 2022 – Criminals
Hacker selling Twitter account data of 5.4 million users for $30k Full Text
Abstract
Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000.BleepingComputer
July 22, 2022 – Vulnerabilities
Atlassian Patches Servlet Filter Vulnerabilities Impacting Multiple Products Full Text
Abstract
Tracked as CVE-2022-26136, the first of the flaws could allow a remote, unauthenticated attacker to send specially crafted HTTP requests and authenticate to third-party apps, or to launch an XSS attack, to execute JavaScript code in a user’s browser.Security Week
July 22, 2022 – Vulnerabilities
SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products Full Text
Abstract
Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280 , is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in an SQL command that could lead to an unauthenticated SQL injection. "Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data," MITRE notes in its description of SQL injection. "This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands." H4lo and Catalpa of DBappSecurity HAT Lab have been credited with discovThe Hacker News
July 22, 2022 – General
Cybersecurity, the ECPA, Carpenter, and Government Transparency Full Text
Abstract
If the government fails to engage in some greater degree of transparency about how it interprets and applies its existing surveillance authorities, the U.S. risks significant and unnecessary diminution of national interests in both security and privacy and civil liberties.Lawfare
July 22, 2022 – Solution
Account lockout policy in Windows 11 is enabled by default to block block brute force attacks Full Text
Abstract
Starting with Windows 11 Microsoft introduce by default an account lockout policy that can block brute force attacks. Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute...Security Affairs
July 22, 2022 – Breach
Digital security giant Entrust breached by ransomware gang Full Text
Abstract
Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.BleepingComputer
July 22, 2022 – Vulnerabilities
Grafana patches vulnerability that could lead to admin account takeover Full Text
Abstract
The security flaw, tracked as CVE-2022-31107, is present in versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, and has been patched by Grafana in versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10.The Daily Swig
July 22, 2022 – General
Microsoft Resumes Blocking Office VBA Macros by Default After ‘Temporary Pause’ Full Text
Abstract
Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change. "Based on our review of customer feedback, we've made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios," the company said in an update on July 20. Earlier this February, Microsoft publicized its plans to disable macros by default in Office applications such as Access, Excel, PowerPoint, Visio, and Word as a way to prevent threat actors from abusing the feature to deliver malware. It's a known fact that a majority of the damaging cyberattacks today leverage email-based phishing lures to spread bogus documents containing malicious macros as a primary vector for initial access. "Macros can add a lot of functionality to Office, but they are often used by people with bad intentions to distribute malware toThe Hacker News
July 22, 2022 – Breach
Hackers breached Ukrainian radio station to spread fake news about Zelensky ‘s health Full Text
Abstract
Threat actors hacked the Ukrainian radio station TAVR Media and broadcasted fake news on the critical health condition of President Volodymyr Zelensky Threat actors breached the Ukrainian radio station TAVR Media this week, the attackers spread a fake...Security Affairs
July 22, 2022 – Vulnerabilities
SonicWall: Patch critical SQL injection bug immediately Full Text
Abstract
SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products.BleepingComputer
July 22, 2022 – Vulnerabilities
Code Execution and Other Vulnerabilities Patched in Drupal Full Text
Abstract
Patches for these vulnerabilities are included in Drupal 9.4.3 and 9.3.19. The information disclosure flaw also impacts Drupal 7 and a fix has been included in version 7.91.Security Week
July 22, 2022 – General
Google Bringing the Android App Permissions Section Back to the Play Store Full Text
Abstract
Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of tweets. "We heard your feedback that you find the app permissions section in Google Play useful, and we've decided to reinstate it. The app permissions section will be back shortly." To that end, in addition to showcasing the new Data safety section that offers users a simplified summary of an app's data collection, processing, and security practices, Google also intends to highlight all the permissions required by the app to make sense of its "ability to access specific restricted data and actions." The reinstatement comes as the internet giant moved to swap out the apps permission section with the newer Data safety labels last week ahead of theThe Hacker News
July 22, 2022 – Privacy
Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists Full Text
Abstract
The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance...Security Affairs
July 22, 2022 – Vulnerabilities
Atlassian: Confluence hardcoded password was leaked, patch now! Full Text
Abstract
Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers.BleepingComputer
July 22, 2022 – General
Leveling the field for federal cyber talent Full Text
Abstract
Kiran Ahuja, director of the Office of Personnel Management, told lawmakers on Thursday that her agency wants “to work with Congress to develop a government-wide cyber workforce plan that puts agencies on equal footing in competing for cyber talent.”FCW
July 22, 2022 – General
An Easier Way to Keep Old Python Code Healthy and Secure Full Text
Abstract
Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of problems. Whenever Python is updated, it means a big refactoring workload, which often gets dealt with poorly – or not at all. That leads to poor performance and security vulnerabilities. But maybe there is a better way: a tool to keep your Python tasks running smoothly and securely day in, day out. Let's take a look. It's slow, but it does the job Python isn't the fastest language around, but despite its comparative disadvantages, you'll often see it used for intensive data crunching operations. Think machine learning, computer vision, or even pure math in high-performThe Hacker News
July 22, 2022 – Breach
Hackers breach Ukrainian radio network to spread fake news about Zelenskiy Full Text
Abstract
On Thursday, Ukrainian media group TAVR Media confirmed that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care.BleepingComputer
July 22, 2022 – Phishing
India: Business Associations Warn Members Against ‘PSPCL’ Phishing Scam Full Text
Abstract
Several business associations have warned their members against this fraud after PSPCL issued a public notice regarding the same. Businessmen are also demanding that authorities take strict action against the people running this scam.The Times Of India
July 22, 2022 – Attack
Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy’s Health Full Text
Abstract
Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said in an update. The Kyiv-based holding company oversees nine major radio stations, including Hit FM, Radio ROKS, KISS FM, Radio RELAX, Melody FM, Nashe Radio, Radio JAZZ, Classic Radio, and Radio Bayraktar. In a separate post on Facebook, TAVR Media disclosed its servers and networks were targeted in a cyberattack and it's working to resolve the issue. The company also emphasized that "no information about the health problems of the President of Ukraine Volodymyr Zelenskyy isThe Hacker News
July 22, 2022 – Vulnerabilities
Zyxel firewall vulnerabilities left business networks open to abuse Full Text
Abstract
First on the list is CVE-2022-2030, an authenticated directory traversal vulnerability in the Common Gateway Interface (GLI) programs of some Zyxel firewalls. This was caused by specific character sequences within an improperly sanitized URL.The Daily Swig
July 22, 2022 – Policy and Law
Settlements Reached In 2 Large Healthcare Hack Lawsuits Full Text
Abstract
Settlements in class action lawsuits filed in the aftermath of two separate major breaches serve as the latest examples of threats and risks involving email hacks - as well as underlining the threat of litigation in the wake of such incidents.Bank Info Security
July 22, 2022 – APT
TA4563 group leverages EvilNum malware to target European financial and investment entities Full Text
Abstract
A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported....Security Affairs
July 21, 2022 – Privacy
Chrome zero-day used to infect journalists with Candiru spyware Full Text
Abstract
The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.BleepingComputer
July 21, 2022 – APT
APT29 Abuses Online Storage Services Google Drive and Dropbox Full Text
Abstract
Research by Unit 42 revealed that APT29, aka Nobelium and Cozy Bear, has resorted to leveraging cloud storage services, including Google Drive, to attack multiple Western diplomatic missions. Phishing messages within included a link to a malicious HTML file, EnvyScout, that acts as a dropper to sec ... Read MoreCyware Alerts - Hacker News
July 21, 2022 – Malware
New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems Full Text
Abstract
A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. "The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration," Intezer researcher Ryan Robinson said in a new report published today. Central to the malware is a downloader ("kbioset") and a core ("kkdmflush") module, the former of which is engineered to retrieve at least seven different plugins from a remote server that are subsequently invoked by the core component. In addition, the downloader is also responsible for establishing the persistence of tThe Hacker News
July 21, 2022 – General
Google blocks site of largest computing society for being ‘harmful’ Full Text
Abstract
Google Search and Drive are erroneously flagging links to Association for Computing Machinery (ACM) research papers and websites as malware. BleepingComputer has successfully reproduced the issue, first reported by researcher Maximilian Golla.BleepingComputer
July 21, 2022 – Ransomware
LockBit Ransomware Puts Servers in the Crosshairs Full Text
Abstract
In one attack observed by Symantec, LockBit was seen identifying domain-related information, creating a Group Policy for lateral movement, and executing a command on all systems within the same domain to forcefully update group policy.Symantec
July 21, 2022 – Attack
Hackers Target Ukrainian Software Company Using GoMet Backdoor Full Text
Abstract
A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network. "This access could be leveraged in a variety of ways including deeper access or to launch additional attacks, including the potential for software supply chain compromise," Cisco Talos said in a report shared with The Hacker News. Although there are no concrete indicators linking the attack to a single actor or group, the cybersecurity firm's assessment points to Russian nation-state activity. Public reporting into the use of GoMet in real-world attacks has so far uncovered only two documented cases to date: one in 2020, coinciding with the disclosure of CVE-2020-5902 , a critical remotThe Hacker News
July 21, 2022 – Attack
Threat actors target software firm in Ukraine using GoMet backdoor Full Text
Abstract
Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The...Security Affairs
July 21, 2022 – Ransomware
How Conti ransomware hacked and encrypted the Costa Rican government Full Text
Abstract
Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack's precision and the speed of moving from initial access to the final stage of encrypting devices.BleepingComputer
July 21, 2022 – Malware
Google ads lead to major malvertising campaign Full Text
Abstract
What makes this campaign stand out is the fact that it exploits a very common search behavior when it comes to navigating the web: looking up a website by name instead of entering its full URL in the address bar.Malwarebytes Labs
July 21, 2022 – Cryptocurrency
Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms Full Text
Abstract
The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade detection and modify infection paths based on identified antivirus software." Targets include organizations with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The latest spate of attacks are said to have commenced in late 2021. The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the U.K. Active since 2018, Evilnum is tracked by the wider cybersecurity community using the names TA4563 and DeathStalker, with infectionThe Hacker News
July 21, 2022 – Malware
Lightning Framework, a previously undetected malware that targets Linux systems Full Text
Abstract
Researchers discovered a previously undetected malware dubbed 'Lightning Framework' that targets Linux systems. Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework, which targets Linux systems. The malicious...Security Affairs
July 21, 2022 – Solution
Windows 11 now blocks RDP brute-force attacks by default Full Text
Abstract
Recent Windows 11 builds now come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 minutes.BleepingComputer
July 21, 2022 – Botnet
8220 Gang: A Group With Botnet of 30,000 Hosts Full Text
Abstract
8220 Gang, a cryptomining gang, has been exploiting Linux and cloud app vulnerabilities to grow their botnet network to more than 30,000 infected hosts. The low-skilled 8220 Gang is financially-motivated and targets Aliyun, AWS, QCloud, GCP, and Azure hosts. Botnet attacks can be controll ... Read MoreCyware Alerts - Hacker News
July 21, 2022 – General
The New Weak Link in SaaS Security: Devices Full Text
Abstract
Typically, when threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices, whether their phones or laptops, etc., to get their jobs done. If the device's hygiene is not up to par, it increases the risk for the organization and widens the attack surface for bad actors. And so, Endpoint (Device) Protection — through EDR, XDR, and vulnerability management solutions – has arisen as a critical factor in SaaS Security. The challenge in remediating the threats posed by endpoints and devices lies in the ability to correlate between the SaaS app users, their roles, and permissions with their associated devices' compliance and integrity levels. This end-to-end approach is what's needed for the organization to implement a holistic, zero-trust approach for their SaaS Security. Not a simple feat, however, automated SaaS Security Posture Management solutions, like AdThe Hacker News
July 21, 2022 – Vulnerabilities
Atlassian patched a critical Confluence vulnerability Full Text
Abstract
Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server...Security Affairs
July 21, 2022 – Malware
New ‘Lightning Framework’ Linux malware installs rootkits, backdoors Full Text
Abstract
A new and previously undetected malware dubbed 'Lightning Framework' targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits.BleepingComputer
July 21, 2022 – General
Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data Full Text
Abstract
The use of legitimate Windows tools as part of malicious actors’ malware arsenal has become a common observation in cyber incursions in recent years. Researchers uncovered two such Python tools, Impacket and Responder.Trend Micro
July 21, 2022 – Vulnerabilities
Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability Full Text
Abstract
Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138 , arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "disabledsystemuser." While this account, Atlassian says, is to help administrators migrate data from the app to Confluence Cloud, it's also created with a hard-coded password, effectively allowing viewing and editing all non-restricted pages within Confluence by default. "A remote, unauthenticated attacker with knowledge of the hard-coded password could exploit this to log into Confluence and access any pages the confluence-users group has access to," the company said in an advisory, adding that "the hard-coded password is trivial to obtain after downloading anThe Hacker News
July 21, 2022 – Vulnerabilities
Apple fixes multiple flaws in iOS, iPadOS, macOS, tvOS, and watchOS devices Full Text
Abstract
Apple released security updates to address multiple vulnerabilities that affect iOS, iPadOS, macOS, tvOS, and watchOS devices. Apple released security updates to fix 37 vulnerabilities impacting iOS, iPadOS, macOS, tvOS, and watchOS devices....Security Affairs
July 21, 2022 – General
Microsoft starts blocking Office macros by default, once again Full Text
Abstract
Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback.BleepingComputer
July 21, 2022 – Business
Huntress Acquires Security Awareness Training Startup Curricula for $22M Full Text
Abstract
Huntress, itself a startup that raised about $60 million in venture capital funding, said the acquisition adds another critical layer to its Managed Security Platform and brings an important security tool to small and medium-sized businesses.Security Week
July 21, 2022 – Criminals
FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers Full Text
Abstract
The U.S. Department of Justice (DoJ) has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. "The seized funds include ransoms paid by healthcare providers in Kansas and Colorado," the DoJ said in a press release issued Tuesday. The recovery of the bitcoin ransoms comes after the agency said it took control of two cryptocurrency accounts that were used to receive payments to the tune of $100,000 and $120,000 from the medical centers. The DoJ did not disclose where the rest of the payments originated from. "Reporting cyber incidents to law enforcement and cooperating with investigations not only protects the United States, it is also good business," said Assistant Attorney General Matthew G. Olsen of the DoJ's National Security Division. "The reimbursement to these victims of the ransom shows why it pays to work with law enThe Hacker News
July 21, 2022 – Botnet
8220 Gang Cloud Botnet infected 30,000 host globally Full Text
Abstract
The crimeware group known as 8220 Gang expanded over the last month their Cloud Botnet to roughly 30,000 hosts globally. Researchers from SentinelOne reported that low-skill crimeware 8220 Gang has expanded their Cloud Botnet over the last month...Security Affairs
July 21, 2022 – Ransomware
New Redeemer ransomware version promoted on hacker forums Full Text
Abstract
A threat actor is promoting a new version of their free-to-use 'Redeemer' ransomware builder on hacker forums, offering unskilled threat actors an easy entry to the world of encryption-backed extortion attacks.BleepingComputer
July 21, 2022 – Malware
EvilNum Malware Used to Target Entities Working with Cryptocurrency, Forex, Commodities Full Text
Abstract
TA4563 is a threat actor leveraging EvilNum malware to target European financial and investment entities, especially those with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi).Proof Point
July 21, 2022 – Solution
Cynomi Automated Virtual CISO (vCISO) Platform for Service Providers Full Text
Abstract
Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual, humanCISO expertise. This makes these services costly and tough to scale – leaving MSPs, MSSPs and consulting firms unable to add vCISO service to their portfolio or scale their existing vCISO services to meet the growing demand. This is the challenge Cynomi's Automated vCISO platform is trying to solve. The company's AI-powered vCISO platform automatically generates everything vCISO service providers need to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans wThe Hacker News
July 21, 2022 – Attack
Cyberattackers Target Ukrainian Organizations Using GoMet Backdoor Full Text
Abstract
The original GoMet author posted the code on GitHub on March 31, 2019, and had commits until April 2, 2019. The backdoor itself is a rather simple piece of software written in the Go programming language.Cisco Talos
July 20, 2022 – Criminals
Conti’s Reign of Chaos: Costa Rica in the Crosshairs Full Text
Abstract
Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica?Threatpost
July 20, 2022 – Breach
Neopets data breach exposes personal data of 69 million members Full Text
Abstract
Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members.BleepingComputer
July 20, 2022 – Attack
Elastix VoIP Systems Hacked to Serve Web shells Full Text
Abstract
A large-scale campaign was found targeting Elastix VoIP telephony servers with over 500,000 malware samples, over a period of three months. The campaign’s goal was to plant a PHP web shell to run arbitrary commands on infected communications servers. The operation systematically exploited SIP serve ... Read MoreCyware Alerts - Hacker News
July 20, 2022 – Solution
Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private Full Text
Abstract
Google on Tuesday officially announced support for DNS-over-HTTP/3 (DoH3) for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS (DoT), which was incorporated into the mobile operating system with Android 9.0. DoH3 is also an alternative to DNS-over-HTTPS ( DoH ), a mechanism for carrying out remote Domain Name System (DNS) resolution through an encrypted connection, effectively preventing third parties from snooping on users' browsing activities. HTTP/3 , the first major upgrade to the hypertext transfer protocol since HTTP/2 was introduced in May 2015, is designed to use a new transport layer protocol called QUIC that's already supported by major browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. The low-latency protocol, developed by Google in 2012, relies on the User Datagram ProtocThe Hacker News
July 20, 2022 – Ransomware
New Luna ransomware targets Windows, Linux and ESXi systems Full Text
Abstract
Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target...Security Affairs
July 20, 2022 – Privacy
Google boosts Android privacy with support for DNS-over-HTTP/3 Full Text
Abstract
Google has added support for the DNS-over-HTTP/3 (DoH3) protocol on Android 11 and later to increase the privacy of DNS queries while providing better performance.BleepingComputer
July 20, 2022 – Malware
U.S. Cyber Command Exposes Malware Targeting Ukrainian Entities Full Text
Abstract
Ukrainian officials shared the information with the U.S. government, Cyber Command said, and then the agency uploaded various technical details to VirusTotal, Pastebin and GitHub. The agency did not attribute the malware.CyberScoop
July 20, 2022 – Ransomware
New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems Full Text
Abstract
Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it's called, is "fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption. "Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version," the Russian firm noted in a report published today. Advertisements for Luna on darknet forums suggest that the ransomware is intended for use only by Russian-speaking affiliates. Its core developers are also believed to be of Russian origin owing to spelling mistakes in the ransom note hard-coded within the binary. "Luna confirms the trend for cross-platform ransomware," the researchers stated, adding how the platform agnostic nature of languages like Golang and RThe Hacker News
July 20, 2022 – Vulnerabilities
Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers Full Text
Abstract
Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely hack them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn...Security Affairs
July 20, 2022 – Vulnerabilities
Atlassian fixes critical Confluence hardcoded credentials flaw Full Text
Abstract
Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers.BleepingComputer
July 20, 2022 – General
What’s your ransomware risk? Full Text
Abstract
The Ransomware Business Impact Analysis tool has been available since May at no cost and is the result of a collaboration with Foresight Resilience Strategies, a consulting group.GCN
July 20, 2022 – Botnet
This Cloud Botnet Has Hijacked 30,000 Systems to Mine Cryptocurrencies Full Text
Abstract
The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne said in a Monday report. The growth is said to have been fueled through the use of Linux and common cloud application vulnerabilities and poorly secured configurations for services such as Docker, Apache WebLogic, and Redis. Active since early 2017, the Chinese-speaking, Monero-mining threat actor was most recently seen targeting i686 and x86_64 Linux systems by means of weaponizing a recent remote code execution exploit for Atlassian Confluence Server (CVE-2022-26134) to drop the PwnRig miner payload. "Victims are not targeted geographically, but simply identified by theiThe Hacker News
July 20, 2022 – Phishing
Convincing ‘YouTube’ Google ads lead to Windows support scams Full Text
Abstract
A scarily realistic-looking Google Search YouTube advertisement is redirecting visitors to tech support scams pretending to be security alerts from Windows Defender.BleepingComputer
July 20, 2022 – Encryption
Niche cryptographic technique could transform privacy in web3 Full Text
Abstract
While zero-knowledge proofs could indeed improve privacy and scalability for some of the most popular blockchains, they are far from being the only cryptographic method that could accelerate progress in web3.Tech Crunch
July 20, 2022 – Vulnerabilities
Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of the global positioning system tracker," CISA said . "These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed." Available on sale for $20 and manufactured by the China-based MiCODUS, the company's tracking devices are employed by major organizations in 169 countries spanning aerospace, energy, engineering, government, manufacturing, nuclear power plant, and shipping sectors. The top countries with the most users include Chile, Australia, Mexico, Ukraine, RussiThe Hacker News
July 20, 2022 – Vulnerabilities
Cisco fixes bug that lets attackers execute commands as root Full Text
Abstract
Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges.BleepingComputer
July 20, 2022 – Breach
Feelyou Mental Health App Discloses Exposure of 78,000 User Emails in Breach Full Text
Abstract
When asked for comment, Bajji – the company that owns Feelyou – directed The Record to a statement released on Tuesday, disclosing that the vulnerability in the platform was patched on Saturday, July 16.The Record
July 20, 2022 – General
Dealing With Alert Overload? There’s a Guide For That Full Text
Abstract
The Great Resignation – or the Great Reshuffle as some are calling it – and the growing skills gap have been dominating headlines lately. But these issues aren't new to the cybersecurity industry. While many are just now hearing about employee burnout, security teams have faced reality and serious consequences of burnout for years. One of the biggest culprits? Alert overload. The average security team gets tens of thousands of alerts each day . Many analysts feel like they can't get their heads above water…and are starting to give up. This looks like physical burnout and even apathy. Surveys found that some security analysts feel so overwhelmed they ignore alerts and even walk away from their computers. In fact, these surveys found that 70% of security teams feel emotionally overwhelmed by alerts, and more than 55% of security professionals don't feel fully confident that they can prioritize and respond to every alert that really does need attention. Sadly, thThe Hacker News
July 20, 2022 – Solution
Google Calendar provides new way to block invitation phishing Full Text
Abstract
The Google Workspace team announced today that it started rolling out a new method to block Google Calendar invitation spam, available to all customers, including legacy G Suite Basic and Business users.BleepingComputer
July 20, 2022 – Business
AppViewX raises $20 million to help organizations reduce their digital risk Full Text
Abstract
AppViewX announced that the company has raised $20 million in a Series B funding round led by growth equity firm and existing investor, Brighton Park Capital (“Brighton Park”).Help Net Security
July 20, 2022 – General
LinkedIn remains the most impersonated brand in phishing attacks Full Text
Abstract
LinkedIn is holding the top spot for the most impersonated brand in phishing campaigns observed during the second quarter of 2022.BleepingComputer
July 20, 2022 – Policy and Law
FBI recovers $500,000 healthcare orgs paid to Maui ransomware Full Text
Abstract
The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain.BleepingComputer
July 20, 2022 – General
3rd Party Services Are Falling Short on Password Security Full Text
Abstract
Preventing the use of weak and leaked passwords within an enterprise environment is a manageable task for your IT department, but what about other services where end-users share business-critical data in order to do their work? They could be putting your organization at risk, and the team at Specops Software decided to see for sure.BleepingComputer
July 20, 2022 – Ransomware
New Luna ransomware encrypts Windows, Linux, and ESXi systems Full Text
Abstract
A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.BleepingComputer
July 20, 2022 – Vulnerabilities
Are your visuals making businesses more vulnerable to cybercrime? Full Text
Abstract
Entertaining short-form content and striking imagery are what make companies and brands stand out online but it’s important to remain aware of your cybersecurity and data protection.Tripwire
July 20, 2022 – Vulnerabilities
Linus Torvalds says Linux kernel has addressed ‘Retbleed’ Full Text
Abstract
Linux kernel developers have addressed the Retbleed speculative execution bug in older Intel and AMD silicon, though the fix wasn't straightforward, so Linus Torvalds has delayed delivery of the next kernel version by a week.The Register
July 20, 2022 – General
EU warns of risks of spillover effects associated with the ongoing war in Ukraine Full Text
Abstract
The Council of the European Union (EU) warns of malicious cyber activities conducted by threat actors in the context of the ongoing conflict between Russia and Ukraine. The Council of the European Union (EU) warns of the risks associated with the malicious...Security Affairs
July 20, 2022 – APT
Belgium claims China-linked APT groups hit its ministries Full Text
Abstract
The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country's defense and interior ministries. The Minister for Foreign Affairs of Belgium revealed that multiple China-linked APT groups targeted...Security Affairs
July 19, 2022 – Hacker
Russian Hackers Tricked Ukrainians with Fake “DoS Android Apps to Target Russia” Full Text
Abstract
Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and linked to Russia's Federal Security Service (FSB). "This is the first known instance of Turla distributing Android-related malware," TAG researcher Billy Leonard said . "The apps were not distributed through the Google Play Store, but hosted on a domain controlled by the actor and disseminated via links on third party messaging services." It's worth noting that the onslaught of cyberattacks in the immediate aftermath of Russia's unprovoked invasion of Ukraine prompted the latter to form an IT Army to stage counter-DDoS attacks against Russian websiteThe Hacker News
July 19, 2022 – Hacker
Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads Full Text
Abstract
The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022," Palo Alto Networks Unit 42 said in a Tuesday report. "The lures included in these campaigns suggest targeting of a foreign embassy in Portugal as well as a foreign embassy in Brazil." APT29, also tracked under the monikers Cozy Bear, Cloaked Ursa, or The Dukes, has been characterized as an organized cyberespionage group working to collect intelligence that aligns with Russia's strategic objectives. Some aspects of the advanced persistent threat's activities, including the infamous SolarWinds supply chain attack of 2020, are separately tracked by Microsoft under the name Nobelium, with Mandiant calling iThe Hacker News
July 19, 2022 – Botnet
Hacking group ‘8220’ grows cloud botnet to more than 30,000 hosts Full Text
Abstract
A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts.BleepingComputer
July 19, 2022 – Vulnerabilities
Hacker Abusing Windows NFS Remote Code Execution Flaw Full Text
Abstract
Trend Micro analyzed and warned against a Windows RCE vulnerability, identified as CVE-2022-30136, impacting the Network File System. The flaw occurs due to improper handling of NFSv4 requests which could be abused by sending malicious RPC calls to a target server. An advisory suggests that a user ... Read MoreCyware Alerts - Hacker News
July 19, 2022 – Malware
Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users Full Text
Abstract
Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. "Its capabilities clearly show that the intent of its operators is to gather information from the victims' Macs by exfiltrating documents, keystrokes, and screen captures," ESET researcher Marc-Etienne M.Léveillé said in a report published today. CloudMensis, written in Objective-C, was first discovered in April 2022 and is designed to strike both Intel and Apple silicon architectures. The initial infection vector for the attacks and the targets remain unknown as yet. But its very limited distribution is an indication that the malware is being used as part of a highly targeted operation directed against entities of iThe Hacker News
July 19, 2022 – Privacy
CloudMensis spyware went undetected for many years Full Text
Abstract
Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. Researchers from ESET discovered a previously undetected macOS backdoor, tracked as CloudMensis, that targets macOS systems and exclusively...Security Affairs
July 19, 2022 – Attack
Building materials giant Knauf hit by Black Basta ransomware gang Full Text
Abstract
The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.BleepingComputer
July 19, 2022 – Government
FBI Warning: Fake Apps Defraud Investors of Over $42 Million Full Text
Abstract
A new alert by the FBI is cautioning users against downloading malicious apps for investing in cryptocurrency assets. Hackers are operating under fraudulent company names to lure potential investors. To verify if the company behind such apps is genuine or not, always visit the official websit ... Read MoreCyware Alerts - Hacker News
July 19, 2022 – Vulnerabilities
Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss Full Text
Abstract
Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM. Client-side security researchers are finding that improperly placed trackers, while not intentionally malicious, are a growing problem and have clear and significant privacy implications when it comes to both compliance/regulatory concerns, like HIPAA or PCI DSS 4.0. To highlight the risks with misplaced trackers, a recent study by The Markup (a non-profit news organization) examined Newsweek's top 100 hospitals in America. They found a Facebook tracker on one-third of the hospital websites which sent Facebook highly personal healthcare data whenever the user clicked the "schedule appointment" button. The data was not necessarily anonymized, because the data was connected to an IP address, and both the IP address and the appointment information get delivered to FacThe Hacker News
July 19, 2022 – APT
Russia-linked APT29 relies on Google Drive, Dropbox to evade detection Full Text
Abstract
Russia-linked threat actors APT29 are using the Google Drive cloud storage service to evade detection. Palo Alto Networks researchers reported that the Russia-linked APT29 group, tracked by the researchers as Cloaked Ursa, started using the Google...Security Affairs
July 19, 2022 – Outage
UK heat wave causes Google and Oracle cloud outages Full Text
Abstract
An ongoing heatwave in the United Kingdom has led to Google Cloud and Oracle Cloud outages after cooling systems failed at the companies' data centers.BleepingComputer
July 19, 2022 – Hacker
Researchers Reveal a New Technique to Unmask Anonymous Users Full Text
Abstract
Researchers from the New Jersey Institute of Technology warned against a unique tactic that can be used by threat actors to de-anonymize website visitors and link them to potential personal data. The hack analyzes low-key features of a target’s browser activity to find out whether they are logged i ... Read MoreCyware Alerts - Hacker News
July 19, 2022 – Attack
New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals Full Text
Abstract
A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment ( SATA ) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data. "Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, wrote in a paper published last week. The technique, dubbed SATAn , takes advantage of the prevalence of the computer bus interface, making it "highly available to attackers in a wide range of computer systems and IT environments." Put simply, the goal is to use the SATA cable as a covert channel to emanate electromagnetic signals and transfer a brThe Hacker News
July 19, 2022 – Cryptocurrency
Crooks create rogue cryptocurrency-themed apps to steal crypto assets from users Full Text
Abstract
The U.S. FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. The U.S. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto...Security Affairs
July 19, 2022 – Attack
EU warns of Russian cyberattack spillover, escalation risks Full Text
Abstract
The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking "essential" organizations worldwide could lead to spillover risks and potential escalation.BleepingComputer
July 19, 2022 – Hacker
Hacker Targeting Industrial Control Systems Full Text
Abstract
Several accounts on social media websites were found promoting PLC and HMI systems through fake file password cracking software to deploy the Sality malware. Sality is an old malware that requires a distributed computing architecture to complete tasks, such as cryptomining and password cracking, fa ... Read MoreCyware Alerts - Hacker News
July 19, 2022 – Malware
Several apps on the Play Store used to spread Joker, Facestealer and Coper malware Full Text
Abstract
Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer,...Security Affairs
July 19, 2022 – Malware
Malicious Android apps with 300K installs found on Google Play Full Text
Abstract
Cybersecurity researchers have discovered three Android malware families infiltrating the Google Play Store, hiding their malicious payloads inside many seemingly innocuous applications.BleepingComputer
July 19, 2022 – Cryptocurrency
WatchDog Adds Steganography in Cryptojacking Operations Full Text
Abstract
The XMRig miner was disguised as an image and hosted on compromised cloud storage (Alibaba Object Storage Service). This enabled the attackers to maintain low detection rates.Cyware Alerts - Hacker News
July 19, 2022 – Hacker
Russian hackers use fake DDoS app to infect pro-Ukrainian activists Full Text
Abstract
Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.BleepingComputer
July 19, 2022 – Botnet
Sality Botnet Evolves to Target Industrial Control Systems Full Text
Abstract
A threat actor is infecting ICS to create a botnet through password cracking software for unlocking Programmable Logic Controllers (PLCs) and Human Machine Interface (HMI) terminals.Cyware Alerts - Hacker News
July 19, 2022 – Vulnerabilities
Popular vehicle GPS tracker gives hackers admin privileges over SMS Full Text
Abstract
Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in 169 countries.BleepingComputer
July 19, 2022 – Criminals
Extortionists target restaurants, demand money to take down bad reviews Full Text
Abstract
The possibility has always existed to leave poor reviews on Google Maps and elsewhere. However, seeing fraudsters get organized and issue extortion threats alongside the review is a new development.Malwarebytes Labs
July 19, 2022 – Attack
Belgium says Chinese hackers attacked its Ministry of Defense Full Text
Abstract
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country's defense and interior ministries.BleepingComputer
July 19, 2022 – Phishing<br
Fake Nvidia giveaway promises bitcoin Full Text
Abstract
On the splash screen of the fake website, visitors see the company logo (albeit purple, not the usual green) and the name of its CEO, Jensen Huang. Visitors are asked here to “select a category” to take part in the “event”.Kaspersky Lab
July 19, 2022 – Breach
Hackers steal 50,000 credit cards from 300 U.S. restaurants Full Text
Abstract
Payment card details from customers of more than 300 restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms.BleepingComputer
July 19, 2022 – Vulnerabilities
Security issue in Accusoft ImageGear could lead to memory corruption, code execution Full Text
Abstract
Cisco Talos recently discovered a use-after-free vulnerability in Accusoft ImageGear's PSD header processing function. The library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images.Cisco Talos
July 19, 2022 – Attack
Air-gapped systems leak data via SATA cable WiFi antennas Full Text
Abstract
An Israeli security researcher has demonstrated a novel attack against air-gapped systems by leveraging the SATA cables inside computers as a wireless antenna to emanate data via radio signals.BleepingComputer
July 19, 2022 – Hacker
Russian SVR hackers use Google Drive, Dropbox to evade detection Full Text
Abstract
State-backed hackers part of Russia's Federation Foreign Intelligence Service (SVR) have switched, for the first time, to using legitimate cloud storage services such as Google Drive to evade detection.BleepingComputer
July 19, 2022 – Malware
New CloudMensis malware backdoors Macs to steal victims’ data Full Text
Abstract
Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks.BleepingComputer
July 18, 2022 – Government
CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2 Full Text
Abstract
Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2.Threatpost
July 18, 2022 – Malware
Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware Full Text
Abstract
Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of luring unsuspecting users into downloading malware-laced apps. The latest findings from Zscaler ThreatLabz and Pradeo are no different. "Joker is one of the most prominent malware families targeting Android devices," researchers Viral Gandhi and Himanshu Sharma said in a Monday report. "Despite public awareness of this particular malware, it keeps finding its way into Google's official app store by regularly modifying the malware's trace signatures including updates to the code, execution methods, and payload-retrieving techniques." Categorized as fleecewaThe Hacker News
July 18, 2022 – Government
FBI Warns of Fake Cryptocurrency Apps Stealing Millions from Investors Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency," the agency said [PDF]. The illicit scheme, which aims to take advantage of increased interest in the crypto sector, is believed to have netted 244 victims, with losses estimated at $42.7 million between October 4, 2021, and May 13, 2022. According to the law enforcement authority, threat actors are misusing the names, logos, and other identifying information of legitimate businesses to create fake websites in an attempt to lure potential investors. In three instances highlighted byThe Hacker News
July 18, 2022 – Policy and Law
Russia fines Google $358 million for not removing banned info Full Text
Abstract
A court in Moscow has imposed a fine of $358 million (21 billion rubles) on Google LLC for failing to restrict access to information considered prohibited in the country.BleepingComputer
July 18, 2022 – Criminals
Ransom Extortion Without Ransomware Full Text
Abstract
The Luna Moth or Silent Ransom gang has been breaching organizations to filch sensitive information, threatening victims with making the files publicly available unless a ransom is paid.Cyware Alerts - Hacker News
July 18, 2022 – General
New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks Full Text
Abstract
With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat. Dubbed FirmwareBleed by Binarly, the information leaking assaults stem from the continued exposure of microarchitectural attack surfaces on the part of enterprise vendors either as a result of not correctly incorporating the fixes or only using them partially. "The impact of such attacks is focused on disclosing the content from privileged memory (including protected by virtualization technologies) to obtain sensitive data from processes running on the same processor (CPU)," the firmware protection firm said in a report shared with The Hacker News. "Cloud environments can have a greater impact when a physical server can be shared by multiple users or legal entities." In recent years, implementations ofThe Hacker News
July 18, 2022 – Malware
MLNK Builder 4.2 released in Dark Web – malicious shortcut-based attacks are on the rise Full Text
Abstract
Cybercriminals released a new MLNK Builder 4.2 tool for malicious shortcuts (LNK) generation with an improved Powershell and VBS Obfuscator Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, has detected...Security Affairs
July 18, 2022 – Government
FBI warns of fake cryptocurrency apps used to defraud investors Full Text
Abstract
The FBI warned that cybercriminals are creating and using fraudulent cryptocurrency investment applications to steal funds from US cryptocurrency investors.BleepingComputer
July 18, 2022 – Attack
Israel: Health Ministry Website Faces Cyberattack, Oversea Access Blocked Full Text
Abstract
Israel's Health Ministry website faced disrupted access to users abroad, reportedly due to a cyberattack, the ministry said Sunday. Pro-Iranian hackers based in Iraq, called Altahrea Team, claimed responsibility for the cyberattack.i24 News
July 18, 2022 – Privacy
Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand Full Text
Abstract
Thai activists involved in the country's pro-democracy protests have had their smartphones infected with the infamous Pegasus government-sponsored spyware. At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been infected between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their political activities or criticism of the government. "The timing of the infections is highly relevant to specific political events in Thailand, as well as specific actions by the Thai justice system," the Citizen Lab said in a Sunday report. "In many cases, for example, infections occurred slightly before protests and other political activities by the victims." The findings are the result of threat notifications sent by Apple last November to alert users it believes have been targeted by state-sponsored attackers. The attacks entailed the use of two zero-click exploitsThe Hacker News
July 18, 2022 – Solution
Tor Browser 11.5 is optimized to automatically bypass censorship Full Text
Abstract
The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The Tor Project team has announced the release of Tor Browser 11.5, the new version of the popular privacy-oriented...Security Affairs
July 18, 2022 – Phishing
Roaming Mantis hits Android and iOS users in malware, phishing attacks Full Text
Abstract
After hitting Germany, Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices.BleepingComputer
July 18, 2022 – Attack
Lithuanian ad website hit by cyberattack, warns of possible customer data leak Full Text
Abstract
The portal stressed it did not store particularly sensitive information, such as bank account and payment card details, personal ID codes, and home addresses in its database.Lrt
July 18, 2022 – Vulnerabilities
Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability Full Text
Abstract
Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons . Tracked as CVE-2021-24284 , the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution, permitting attackers to seize control of affected WordPress sites. Although the bug was originally disclosed in April 2021 by the WordPress security company, it continues to remain unresolved to date. To make matters worse, the plugin has been closed and is no longer actively maintained. Wordfence, which is protecting over 1,000 websites that have the plugin installed, said it has blocked an average of 443,868 attack attempts per day since the start of the month. The attacks have emanated from 10,215 IP addresses, with a majority of the exploitation attempts narrowed downThe Hacker News
July 18, 2022 – Attack
A massive cyberattack hit Albania Full Text
Abstract
A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack. Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized...Security Affairs
July 18, 2022 – Education
Enforcing Password History in Your Windows AD to Curb Password Reuse Full Text
Abstract
65% of end-users openly admit to reusing the same password for one or more (or all!) of their accounts. Password history requirements discourage this behavior by making it more difficult for a user to reuse their old password.BleepingComputer
July 18, 2022 – Vulnerabilities
Anatomy of a Windows Network File System vulnerability Full Text
Abstract
Trend Micro Research has published an analysis of a Windows remote code execution vulnerability lurking in the Network File System. The vulnerability in question, CVE-2022-30136, was patched by Microsoft in June.The Register
July 18, 2022 – Education
Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch Full Text
Abstract
With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies' biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available. But beware, they may not give you a full and continuous view of your weaknesses if used in isolation. With huge financial gains to be had from each successful breach, hackers do not rest in their hunt for flaws and use a wide range of tools and scanners to help them in their search. Beating these criminals means staying one step ahead and using the most comprehensive and responsive vulnerability detection support you can. We'll go through each solution and explain how you can maintain your vigilance. Of course, vulnerability management is just one step businesses must take to prevent a breach; there's also proper asset management, employee training,The Hacker News
July 18, 2022 – Vulnerabilities
Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw Full Text
Abstract
Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research has published an analysis of the recently patched Windows vulnerability CVE-2022-30136 that...Security Affairs
July 18, 2022 – Attack
India: Capital markets regulator SEBI files FIR in cybersecurity incident as email accounts of 11 officials hacked Full Text
Abstract
The Securities and Exchange Board of India (Sebi) on Saturday said it has lodged a complaint against a cybersecurity incident it noticed on its e-mail system. However, the regulator added that no sensitive data was stolen.Live Mint
July 18, 2022 – Hacker
Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems Full Text
Abstract
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said . "Further, the software was a malware dropper, infecting the machine with the Sality malware and turning the host into a peer in Sality's peer-to-peer botnet." The industrial cybersecurity firm said the password retrieval exploit embedded in the malware dropper is designed to recover the credential associated with Automation Direct DirectLOGIC 06 PLC . The exploit, tracked as CVE-2022-2003 (CVSS score: 7.7), has been described as a case of cleartext transmission of sensitive data that could lead to information disclosure and unauthorized changes. The issue was addressed in firmware Version 2.72 releThe Hacker News
July 18, 2022 – Business
Graff paid a $7.5M ransom and sued its insurance firm for refusing to cover this payment Full Text
Abstract
The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September 2021, the Conti ransomware gang hit high society jeweler Graff and threatens to release private details of world leaders, actors...Security Affairs
July 18, 2022 – Vulnerabilities
Prototype pollution in Blitz.js leads to remote code execution Full Text
Abstract
Prototype pollution is a type of JavaScript vulnerability that allows attackers to exploit the rules of the programming language to change an application’s behavior and compromise it in various ways.The Daily Swig
July 18, 2022 – Business
Crosslake Technologies Announces Acquisition of Cybersecurity Advisory Firm VantagePoint Full Text
Abstract
Crosslake Technologies, a leader in providing data-driven technology advisory services to PE firms and their portfolio companies, announced it has completed its third add-on acquisition in the past 18 months with the purchase of VantagePoint.Yahoo Finance
July 18, 2022 – General
Online payment fraud losses to exceed $343 billion Full Text
Abstract
Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions, and banking, as well as purchases like airline ticketing. Fraudster attacks can include phishing, BEC, and social engineering.Help Net Security
July 18, 2022 – Outage
Albanian Government Systems Shut Down Following Disruptive Cyberattack Full Text
Abstract
Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many government services.Security Affairs
July 17, 2022 – Vulnerabilities
Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking Full Text
Abstract
Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to release versions 22.1R1 and 21.4.0, respectively. Chief among them is a collection of 31 bugs in the Junos Space network management software, including CVE-2021-23017 (CVSS score: 9.4) that could result in a crash of vulnerable devices or even achieve arbitrary code execution. "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact," the company said . The same security vulnerability has also been remediated in Northstar Controller in versions 5.1.0 Service Pack 6 and 6.2.2. Additionally, the networkingThe Hacker News
July 17, 2022 – General
The Matrix messaging network now counts more than 60 million users Full Text
Abstract
The Matrix open network for decentralized communication has announced a record growth of 79% in the past 12 months, now counting more than 60 million users.BleepingComputer
July 17, 2022 – Ransomware
North Korea-based Holy Ghost Ransomware Targets Victims Globally Full Text
Abstract
Microsoft attributed the Holy Ghost ransomware operation to North Korean hackers. Tracked as DEV-0530, the group has been targeting small businesses worldwide for over a year. For organizations to stay protected, experts recommend collaborative action, including sharing the indicators of compromise ... Read MoreCyware Alerts - Hacker News
July 17, 2022 – Criminals
Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever Full Text
Abstract
Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security...Security Affairs
July 17, 2022 – Phishing
PayPal-themed Phishing Kit Steals Information Full Text
Abstract
Akamai unveiled a malicious operation that brute-forces WordPress sites to deploy phishing kits. These kits redirect users to fake PayPal pages and harvest sensitive data including users’ banking information and email passwords. Users are advised to double-check the domain name of a page requ ... Read MoreCyware Alerts - Hacker News
July 17, 2022 – General
Google is going to remove App Permissions List from the Play Store Full Text
Abstract
Google is going to remove the app permissions list from the official Play Store for both the mobile app and the web. As part of the "Data safety" initiative for the Android app on the Play Store, Google plans to remove the app permissions list from...Security Affairs
July 17, 2022 – Malware
WhatsApp Warns Users of Fake App Versions Full Text
Abstract
WhatsApp’s CEO has issued a strict warning to Android users about fake versions of the messaging app attempting to steal personal information stored on victims’ phones. A Twitter thread by the CEO revealed a fake Android app called 'Hey WhatsApp' being sold as a premium WhatsApp version. WhatsApp r ... Read MoreCyware Alerts - Hacker News
July 17, 2022 – General
Security Affairs newsletter Round 374 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Critical flaw in Netwrix Auditor application allows arbitrary code executionCISA urges to fix multiple...Security Affairs
July 17, 2022 – APT
APT groups target journalists and media organizations since 2021 Full Text
Abstract
Researchers from Proofpoint warn that various APT groups are targeting journalists and media organizations since 2021. Proofpoint researchers warn that APT groups are regularly targeting and posing as journalists and media organizations since early...Security Affairs
July 16, 2022 – Breach
Hackers pose as journalists to breach news media org’s networks Full Text
Abstract
Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors.BleepingComputer
July 16, 2022 – Breach
Elastix VoIP systems hacked in massive campaign to install PHP web shells Full Text
Abstract
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months.BleepingComputer
July 16, 2022 – Ransomware
New Lilith Ransomware Family Joins the Double Extortion Threat Landscape Full Text
Abstract
Cyble uncovered a new C/C++ console-based ransomware operation by a group dubbed Lilith. It has leaked the proof of first victim on its leak site. Before the encryption process starts, Lilith creates and drops ransom notes on all the folders one by one. The note gives three days to contact attacker ... Read MoreCyware Alerts - Hacker News
July 16, 2022 – Attack
New Qakbot Attacks are Much Stealthier and Effective than Ever Full Text
Abstract
Zscaler exposed new detection evasion attempts by Qakbot malware actors. It is now using ZIP file extensions, catchy file names with common formats, and Excel 4.0 macros to fool victims into downloading attachments containing the malware. To stay protected from such threats, organizations are ... Read MoreCyware Alerts - Hacker News
July 16, 2022 – Vulnerabilities
Critical flaw in Netwrix Auditor application allows arbitrary code execution Full Text
Abstract
A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered a vulnerability in the Netwrix Auditor software that can be exploited by attackers to execute arbitrary code on affected...Security Affairs
July 16, 2022 – Botnet
Tiny Mantis Botnet Can Launch More Powerful DDoS Attacks Than Mirai Full Text
Abstract
According to Cloudflare content distribution network, a botnet named Mantis is so powerful that it has launched the biggest ever DDoS attacks. The botnet has thus far targeted around 1,000 Cloudflare customers within the past few weeks.Hackread
July 16, 2022 – Government
CISA urges to fix multiple critical flaws in Juniper Networks products Full Text
Abstract
CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller. CISA urges users and administrators to review the Juniper Networks security advisories page and...Security Affairs
July 16, 2022 – Attack
Digium Phones Under Attack: Insight Into the Web Shell Implant Full Text
Abstract
Researchers at Unit 42 observed an operation that targets the Elastix system used in Digium phones. The attacker implants a web shell to exfiltrate data by downloading and executing additional payloads inside the target's Digium phone software.Palo Alto Networks
July 16, 2022 – Attack
Threat actors exploit a flaw in Digium Phone Software to target VoIP servers Full Text
Abstract
Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium's software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since...Security Affairs
July 15, 2022 – General
Google Removes “App Permissions” List from Play Store for New “Data Safety” Section Full Text
Abstract
Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition Labels in iOS, allowing users to have a unified view of an app's data collection and processing practices. To that end, third-party app developers are required to furnish the required details by July 20, 2022. With this deadline now approaching next week, the tech giant has moved to entirely remove the permissions section. The decision also appears to be a hasty one, as a number of popular apps such as Facebook, Messenger, Instagram, WhatsApp, Amazon (including Amazon Prime Video), DuckDuckGo, Discord, and PhonePe are yet to populate their Data safety sections.The Hacker News
July 15, 2022 – Attack
Hackers Targeting VoIP Servers By Exploiting Digium Phone Software Full Text
Abstract
VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo Alto Networks Unit 42 said in a Friday report. The unusual activity is said to have commenced in mid-December 2021 and targets Asterisk, a widely used software implementation of a private branch exchange (PBX) that runs on the open-source Elastix Unified Communications Server. Unit 42 said the intrusions share similarities with the INJ3CTOR3 campaign that Israeli cybersecurity firm Check Point disclosed in November 2020, alluding to the possibility that they could be a "resurgence" of the previous attacks. Coinciding with the sudden surge is the public disclosThe Hacker News
July 15, 2022 – Vulnerabilities
New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain Full Text
Abstract
Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an advisory published this week. Auditor is an auditing and visibility platform that enables organizations to have a consolidated view of their IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware, and other systems—all from a single console. Netwrix, the company behind the software, claims more than 11,500 customers across over 100 countries, such as Airbus, Virgin, King's College Hospital, and Credissimo, among others. The flaw, which impacts all supported versions prior to 10.5, has been described as an insecure object deserializationThe Hacker News
July 15, 2022 – Malware
Password recovery tool infects industrial systems with Sality malware Full Text
Abstract
A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs).BleepingComputer
July 15, 2022 – Vulnerabilities
Software Vendors Start Patching Retbleed CPU Vulnerabilities Full Text
Abstract
VMware has confirmed that all four vulnerabilities impact its ESXi hypervisor, and that patches are available for ESXi versions 7.0, 6.7, and 6.5, as well as for Cloud Foundation versions 4.x and 3.x.Security Week
July 15, 2022 – General
5 Key Things We Learned from CISOs of Smaller Enterprises Survey Full Text
Abstract
New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy (however "normal" may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their cybersecurity challenges and priorities , and their responses were compared the results with those of a similar survey from 2021. Here are the 5 key things we learned from 200 responses: 1 — Remote Work Has Accelerated the Use of EDR Technologies In 2021, 52% of CISOs surveyed were relying on endpoint detection and response (EDR) tools. This year that number has leapt to 85%. In contrast, last year 45% were using network detection and response (NDR) tools, while this year just 6% employ NDR. Compared to 2021, double the number of CISOs and their organizations are seeing the value of extended detection and response (XDR) tools, which combine EDR with integrated network signals. This is likely due to the increase in reThe Hacker News
July 15, 2022 – Botnet
Tainted password-cracking software for industrial systems used to spread P2P Sality bot Full Text
Abstract
Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators...Security Affairs
July 15, 2022 – Privacy
Tor Browser now bypasses internet censorship automatically Full Text
Abstract
The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier.BleepingComputer
July 15, 2022 – Breach
Colorado Springs Utilities Warns Customers of Data Disclosure Incident Full Text
Abstract
According to a letter sent to customers, data stored by a subcontractor of Colorado Springs Utilities was "accessed by an unauthorized party" on June 15. The utility was notified of the incident on July 6, the letter states.The Gazette
July 15, 2022 – Attack
New Cache Side Channel Attack Can De-Anonymize Targeted Online Users Full Text
Abstract
A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers said . "The attacker knows this target only through a public identifier, such as an email address or a Twitter handle." The cache-based targeted de-anonymization attack is a cross-site leak that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource (e.g., image, video, or a YouTube playlist) with the target, followed by embedding the shared resource into the attack website. This can be achieved by, say, privately sharing the resource with the target using the victim's email address or the appropriate username associated with the servThe Hacker News
July 15, 2022 – Vulnerabilities
Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons Full Text
Abstract
Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara...Security Affairs
July 15, 2022 – Attack
Attackers scan 1.6 million WordPress sites for vulnerable plugin Full Text
Abstract
Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication.BleepingComputer
July 15, 2022 – Breach
Recruitment Agency Morgan Hunt Discloses Unauthorized Access to Internal Database Full Text
Abstract
In a letter to contractors, Morgan Hunt – which provides personnel services to clients in the charity education, finance, government, housing, and technology sectors – confirmed the break-in.The Register
July 15, 2022 – Attack
North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware Full Text
Abstract
An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity. Targeted entities primarily include small-to-midsize businesses such as manufacturing organizations, banks, schools, and event and meeting planning companies. "Along with their H0lyGh0st payload, DEV-0530 maintains an .onion site that the group uses to interact with their victims," the researchers said in a Thursday analysis. "The group's standard methodology is to encrypt all files on the target device and use the file extension .h0lyenc, send the victim a sample of the files as proof, and then demand payment in Bitcoin in exchangeThe Hacker News
July 15, 2022 – Criminals
Holy Ghost ransomware operation is linked to North Korea Full Text
Abstract
Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North...Security Affairs
July 15, 2022 – General
Conventional cybersecurity approaches are falling short Full Text
Abstract
According to Skybox Security, the top four causes of the most significant breaches reported by the affected organizations were human error, misconfigurations, poor maintenance/lack of cyber hygiene, and unknown assets.Help Net Security
July 15, 2022 – Ransomware
RedAlert, LILITH, and 0mega, 3 new ransomware in the wild Full Text
Abstract
Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert,...Security Affairs
July 15, 2022 – Vulnerabilities
New Hacking Technique can Unmask Anonymous Users Across All Major Web Browsers Full Text
Abstract
Researchers from the New Jersey Institute of Technology are warning this week about a novel technique attackers could use to de-anonymize website visitors and potentially connect the dots on many components of targets’ digital lives.Wired
July 15, 2022 – Botnet
Tiny ‘Mantis’ Botnet Launching the Most Powerful DDoS Attacks Yet Full Text
Abstract
The botnet – which Cloudflare calls Mantis and which is named after the small, razor-legged prawn – generated a short but record-breaking DDoS attack in June that peaked at 26 million HTTPS requests per second (rps).ZDNet
July 14, 2022 – Hacker
Microsoft links Holy Ghost ransomware operation to North Korean hackers Full Text
Abstract
For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries.BleepingComputer
July 14, 2022 – Denial Of Service
Mantis Botnet Behind the Largest HTTPS DDoS Attack Targeting Cloudflare Customers Full Text
Abstract
The botnet behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis , the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users. The most attacked industry verticals include internet and telecom, media, gaming, finance, business, and shopping, of which over 20% of the attacks targeted U.S.-based companies, followed by Russia, Turkey, France, Poland, Ukraine, the U.K., Germany, the Netherlands, and Canada. Last month, the company said it mitigated a record-breaking DDoS attack aimed at an unnamed customer website using its Free plan that peaked at 26 million requests per second (RPS), with each node generating approximately 5,200 RPS. The tsunami of junk traffic lasted less than 30 seconds and generated more than 212 million HTTPS requests from more than 1,500 networks in 121 countries,The Hacker News
July 14, 2022 – Criminals
Holy Ghost ransomware operation linked to North Korean hackers Full Text
Abstract
For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries.BleepingComputer
July 14, 2022 – Phishing
Warning Issued Against NYDMV Phishing Scams Full Text
Abstract
A new SMS-based scam is reaching out to people in New York with a false claim of New York State offering $1,500 rebates owing to high fuel prices. Those who click on the links are redirected to a fake DMV website and urged to enter their personal information. The NYS Office has provided multip ... Read MoreCyware Alerts - Hacker News
July 14, 2022 – Policy and Law
Former CIA Engineer Convicted of Leaking ‘Vault 7’ Hacking Secrets to Wikileaks Full Text
Abstract
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also faces a separate trial on charges related to possession of child pornographic photos and videos, for which he was arrested on August 24, 2017. U.S. Attorney Damian Williams said in a statement that Schulte was convicted for "one of the most brazen and damaging acts of espionage in American history," adding his actions had a "devastating effect on our intelligence community by providing critical intelligence to those who wish to do us harm." WikiLeaks would go on to release the documents on March 7, 2017, calling it the "largest ever publication of confidential documents on the agency." This inclThe Hacker News
July 14, 2022 – Government
The First Cyber Safety Review Board Report is Out Full Text
Abstract
Last year, President Biden created the Cyber Safety Review Board, with the intention that (akin to the National Transportation Safety Board) the new organization would review cyber incidents, examine root causes and, where necessary, make recommendations.Lawfare
July 14, 2022 – Denial Of Service
Mantis botnet powered the largest HTTPS DDoS attack in June Full Text
Abstract
The largest HTTPS DDoS attack recently mitigated by Cloudflare was launched by the Mantis botnet. In June 2022, DDoS mitigation firm Cloudflare announced it has mitigated the largest HTTPS DDoS attack that was launched by a botnet they have called...Security Affairs
July 14, 2022 – Phishing
PayPal phishing kit added to hacked WordPress sites for full ID theft Full Text
Abstract
A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos.BleepingComputer
July 14, 2022 – Cryptocurrency
Crypto-mining Attacks Through Azure VMs and GitHub Actions Full Text
Abstract
Malicious actors are leveraging GitHub Actions (GHA) and Azure virtual machines (VMs) for cloud-based cryptocurrency mining. Over 1,000 repositories and 550 code samples were spotted abusing GitHub Actions to mine cryptocurrency. Due to this, the cost of electricity to the target organization incre ... Read MoreCyware Alerts - Hacker News
July 14, 2022 – Attack
State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns Full Text
Abstract
Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import," Proofpoint said in a report shared with The Hacker News. The ultimate goal of the intrusions, the enterprise security firm said, is to gain a competitive intelligence edge or spread disinformation and propaganda. Proofpoint said it identified two Chinese hacking groups, TA412 (aka Zirconium or Judgment Panda) and TA459 , targeting media personnel with malicious emails containing web beacons and weaponized documents respectively that were used to amass information about the recipients' network environments and drop Chinoxy malware. In a similar vein, the North KoreThe Hacker News
July 14, 2022 – Hacker
The Lawfare Podcast: How Mercenary Hackers Sway Litigation Battles Full Text
Abstract
Alvaro Marañon sat down with Chris Bing and Raphael Satter to discuss the use of foreign hackers to win lawsuits and arbitration battles.Lawfare
July 14, 2022 – Vulnerabilities
The new Retbleed speculative execution attack impacts both Intel and AMD chips Full Text
Abstract
Researchers warn of a new vulnerability, dubbed Retbleed, that impacts multiple older AMD and Intel microprocessors. ETH Zurich researchers Johannes Wikner and Kaveh Razavi discovered a new vulnerability, dubbed Retbleed, that affects multiple older...Security Affairs
July 14, 2022 – Botnet
Mantis botnet behind the record-breaking DDoS attack in June Full Text
Abstract
The record-breaking distributed denial-of-service (DDoS) attack that Cloudflare mitigated last month originated from a new botnet called Mantis, which is currently described as "the most powerful botnet to date."BleepingComputer
July 14, 2022 – Criminals
BlackCat Becomes Bolder, Demands $2.5 Million as Ransom Full Text
Abstract
The gang has launched several high-profile attacks, including OilTanking GmbH in January and Swissport in February. Most recently, BlackCat targeted Florida International University and the University of North Carolina A&T.Cyware Alerts - Hacker News
July 14, 2022 – General
A Simple Formula for Getting Your IT Security Budget Approved Full Text
Abstract
Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the situation may not be hopeless. There are some things that IT pros can do to improve the chances of getting their security budgets approved. Presenting the Problem in a Compelling Way If you want to get your proposed security budget approved, you will need to present security problems in a compelling way. While those who are in charge of the organization's finances are likely aware of the need for good security, they have probably also seen enough examples of "a security solution in search of a problem" to make them skeptical of security spending requests. If you want to persuade those who control the money, then you will need to convince them of three things: You are trying toThe Hacker News
July 14, 2022 – General
Cyber Operations and Maschmeyer’s “Subversion Trilemma” Full Text
Abstract
Subversive cyber operations are argued to have “limited utility in practice” because of the inherent trade-offs of the trilemma/quadrilemma. However, this assessment ignores several key factors.Lawfare
July 14, 2022 – Insider Threat
Former CIA employee Joshua Schulte was convicted of Vault 7 massive leak Full Text
Abstract
Former CIA programmer, Joshua Schulte, was convicted in a US federal court of the 2017 leak of a massive leak to WikiLeaks. The former CIA programmer Joshua Schulte (33) was found guilty in New York federal court of stealing the agency’s hacking...Security Affairs
July 14, 2022 – Attack
New Retbleed speculative execution CPU attack bypasses Retpoline fixes Full Text
Abstract
Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information.BleepingComputer
July 14, 2022 – Hacker
Pro-Russia Hacker Group Killnet Targets Latvia Full Text
Abstract
Russia-based Killnet group has been bombarding Latvia with a series of cyberattacks, including a 12-hour attack on one of its broadcasting centers. Hackers made a demand that Lithuania must allow transit of goods to Kaliningrad if they wanted to avoid more attacks on their government institutions a ... Read MoreCyware Alerts - Hacker News
July 14, 2022 – Vulnerabilities
Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices Full Text
Abstract
Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads," Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a write-up. Tracked as CVE-2022-26706 (CVSS score: 5.5), the security vulnerability impacts iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022. Calling it an access issue affecting the LaunchServices (launchd) component, the tech giant noted that "A sandboxed process may be able to circumvent sandbox restrictions," adding it mitigates the issue with additional restrictions. While Apple's App Sandbox is designed to tightly regulate a third-party app's accessThe Hacker News
July 14, 2022 – Vulnerabilities
Microsoft published exploit code for a macOS App sandbox escape flaw Full Text
Abstract
Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the...Security Affairs
July 14, 2022 – Malware
PayPal-themed phishing kit allows complete identity theft Full Text
Abstract
The phishing kit leads users through a set of pages aimed at collecting information that can later be used to steal the victims’ identity and perform money laundering, open cryptocurrency accounts, make fraudulent tax return claims, and much more.Help Net Security
July 14, 2022 – Attack
Pakistani Hackers Targeting Indian Students in Latest Malware Campaign Full Text
Abstract
The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. Also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, the Transparent Tribe actor is suspected to be of Pakistani origin and is known to strike government entities and think tanks in India and Afghanistan with custom malware such as CrimsonRAT, ObliqueRAT, and CapraRAT. But the targeting of educational institutions and students, first observed by India-based K7 Labs in May 2022, indicates a deviation from the adversary's typical focus. "The latest targeting of the educational sector may align with the strategic goals of espionage of theThe Hacker News
July 14, 2022 – Vulnerabilities
VMware fixed a flaw in vCenter Server discovered eight months ago Full Text
Abstract
VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048, in vCenter Server IWA mechanism. VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server...Security Affairs
July 14, 2022 – Malware
WhatsApp warns users of fake versions of the app trying to steal personal information Full Text
Abstract
Google Play Protect on Android now detects and disables previously downloaded versions of the fake WhatsApp apps, and the Google Play store shouldn’t experience any threat from these apps.Malwarebytes Labs
July 14, 2022 – Ransomware
Researcher develops Hive ransomware decryption tool Full Text
Abstract
Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operation. The latest decryptor tackles Hive's newer, better-encrypted version.Tech Target
July 14, 2022 – Government
U.S. House Appropriators OK $15.6B in Cybersecurity Funding Full Text
Abstract
The largest chunk of cybersecurity spending, $11.2 billion, would go to the Defense Department, followed by $2.9 billion for the Cybersecurity and Infrastructure Security Agency, or CISA.Government Technology
July 14, 2022 – Vulnerabilities
SAP Patches High-Severity Vulnerabilities in Business One Product Full Text
Abstract
German software maker SAP on Tuesday announced the release of 20 new security notes and three updates to previous security notes as part of its July 2022 Security Patch Day.Security Week
July 13, 2022 – Vulnerabilities
Microsoft releases PoC exploit for macOS sandbox escape vulnerability Full Text
Abstract
On macOS systems that don't have Apple's recent security updates, a vulnerability identified as CVE-2022-26706 could help an attacker bypass sandbox restrictions to execute code with elevated privileges.BleepingComputer
July 13, 2022 – Ransomware
New Lilith ransomware emerges with extortion site, lists first victim Full Text
Abstract
A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks.BleepingComputer
July 13, 2022 - Attack
Cybersecurity firms Impersonated in Callback Campaigns Full Text
Abstract
A callback phishing campaign is impersonating renowned cybersecurity organizations, revealed CrowdStrike. Adversaries then inform their clients about a fake network breach in their system and urge the recipients to call a particular number. Organizations are advised to always stay vigilant and cont ... Read MoreCyware Alerts - Hacker News
July 13, 2022 - Attack
New ‘Retbleed’ Speculative Execution Attack Affects AMD and Intel CPUs Full Text
Abstract
Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issues are tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers releasing software mitigations as part of a coordinated disclosure process. Retbleed is also the latest addition to a class of Spectre attacks known as Spectre-BTI (CVE-2017-5715 or Spectre-V2), which exploit the side effects of an optimization technique called speculative execution by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information. Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next in order to gain a performance boost, while alsoThe Hacker News
July 13, 2022 – Criminals
Qakbot operations continue to evolve to avoid detection Full Text
Abstract
Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware...Security Affairs
July 13, 2022 – Attack
Bandai Namco confirms hack after ALPHV ransomware data leak threat Full Text
Abstract
Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data.BleepingComputer
July 13, 2022 – General
Ransomware is hitting one sector particularly hard, and the impact is felt by everyone Full Text
Abstract
According to an analysis by cybersecurity researchers at Sophos, education is facing an increased challenge from the threat of ransomware as cybercriminals go after what they perceive to be an easy but potentially lucrative target.ZDNet
July 13, 2022 – Government
U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens’ Sensitive Data Full Text
Abstract
The U.S. Federal Trade Commission (FTC) warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on the fastest route home, they likely think differently about having their thinly-disguised online identity associated with the frequency of their visits to a therapist or cancer doctor," FTC's Kristin Cohen said . The sensitive nature of information about users' health and their precise whereabouts has prompted the agency to caution against opaque practices in the "shadowy ad tech and data broker ecosystem ," with consumers having little to no knowledge of how their personal data is harvested, used, and processed. What's more, mobile apps are known to embed software development kits (SDKs) that claim to collect and share anonymized user informationThe Hacker News
July 13, 2022 – Vulnerabilities
Three UEFI Firmware flaws found in tens of Lenovo Notebook models Full Text
Abstract
IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside...Security Affairs
July 13, 2022 – Vulnerabilities
Microsoft releases tweet-size exploit for macOS sandbox escape bug Full Text
Abstract
On macOS systems that don't have Apple's recent security updates, a vulnerability identified as CVE-2022-26706 could help an attacker bypass sandbox restrictions to execute code with elevated privileges.BleepingComputer
July 13, 2022 – Vulnerabilities
Retbleed: Another New Spectre-BTI Attack Discovered Full Text
Abstract
Researchers from ETH Zurich have revealed that threat actors can exploit two new vulnerabilities, collectively called Retbleed, to obtain sensitive data and passwords from memory.Cyware Alerts - Hacker News
July 13, 2022 – Vulnerabilities
New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models Full Text
Abstract
Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity firm ESET said in a series of tweets. Tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, all three bugs relate to buffer overflow vulnerabilities that have been described by Lenovo as leading to privilege escalation on affected systems. Martin Smolár from ESET has been credited with reporting the flaws. The bugs stem from an insufficient validation of an NVRAM variable called "DataSize" in three different drivers ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe, leading to a buffer overflow that could be weaponized to achieve code execution. TThe Hacker News
July 13, 2022 – Phishing
Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021 Full Text
Abstract
A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal...Security Affairs
July 13, 2022 – Vulnerabilities
New UEFI firmware flaws impact over 70 Lenovo laptop models Full Text
Abstract
The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations.BleepingComputer
July 13, 2022 – Phishing
Abused QuickBooks Site Sends Phone Scam Emails Full Text
Abstract
INKY recently detected a new variant of the tried-and-true phone scam. This time, the perps abused QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house finance and accounting teams.INKY
July 13, 2022 – Phishing
Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations Full Text
Abstract
Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA). "The attackers then used the stolen credentials and session cookies to access affected users' mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets," the company's cybersecurity teams reported . The intrusions entailed setting up adversary-in-the-middle (AitM) phishing sites, wherein the adversary deploys a proxy server between a potential victim and the targeted website so that recipients of a phishing email are redirected to lookalike landing pages designed to capture credentials and MFA information. "The phishing page has two different Transport Layer Security (TLS) sessions — one with the target and another with the actual website the target wants to access," the companyThe Hacker News
July 13, 2022 – Malware
New Android malware on Google Play installed 3 million times Full Text
Abstract
A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times.BleepingComputer
July 13, 2022 – Business
Thales acquires OneWelcome to strengthen its authentication and data privacy portfolio Full Text
Abstract
OneWelcome’s strong digital identity lifecycle management capabilities will complement Thales’s existing Identity services in order to offer the most comprehensive Identity Platform in the market.Help Net Security
July 13, 2022 – General
5 Questions You Need to Ask About Your Firewall Security Full Text
Abstract
Often, organizations think of firewall security as a one-and-done type of solution. They install firewalls, then assume that they are "good to go" without investigating whether or not these solutions are actually protecting their systems in the best way possible. "Set it and forget it!" Instead of just relying on firewalls and assuming that they will always protect their businesses from cyber risk, executives need to start asking deeper questions about them. As with most areas of business, it's important to take a critical look at each solution that your organization relies on for security. So, let's break down a few questions that you and your team should be asking about firewall security to get a more accurate view into your network defense posture. 1 — What does your team's firewall knowledge look like? In order to properly service and upkeep firewalls, your team needs to have at least a baseline knowledge of how firewalls operate. It's espeThe Hacker News
July 13, 2022 – Breach
$8 million stolen in large-scale Uniswap airdrop phishing attack Full Text
Abstract
Uniswap, a popular decentralized cryptocurrency exchange, lost close to $8 million worth of Ethereum in a sophisticated phishing attack yesterday.BleepingComputer
July 13, 2022 – Business
Privitar Acquires Regulatory Intelligence Provider Kormoon Full Text
Abstract
The company plans to use Kormoon's codified repository of data privacy rules across 46 jurisdictions globally to inform and automate policies on Privitar's data provisioning platform, says co-founder and CEO Jason du Preez.Bank Info Security
July 13, 2022 – Malware
Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware Full Text
Abstract
Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter and free gaming sites. ChromeLoader has also been codenamed Choziosi Loader and ChromeBack by the broader cybersecurity community. What makes the adware notable is that it's fashioned as a browser extension as opposed to a Windows executable (.exe) or Dynamic Link Library (.dll). The infections typically work by enticing unsuspecting users into downloading movie torrents or cracked video games through malvertising campaigns on pay-per-install sites and social media. Besides requesting invasive permissions to access browser data and manipulate web requests, it's also designed tThe Hacker News
July 13, 2022 – Government
India Calls for Stricter Actions Against Cybercriminals Full Text
Abstract
In a Saturday meeting with northwestern state officials, Home Affairs Minister Amit Shah said New Delhi will collaborate with states on a strategy even as he urged local governments to take strict action against cybercriminals.Bank Info Security
July 12, 2022 – Malware
Researchers Uncover New Attempts by Qakbot Malware to Evade Detection Full Text
Abstract
The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz researchers Tarun Dewan and Aditya Sharma said . Other methods adopted by the group include code obfuscation, introducing new layers in the attack chain from initial compromise to execution, and using multiple URLs as well as unknown file extensions (e.g., .OCX, .ooccxx, .dat, or .gyp) to deliver the payload. Also called QBot, QuackBot, or Pinkslipbot, Qakbot has been a recurring threat since late 2007, evolving from its initial days as a banking trojan to a modular information stealer capable of deploying next-stage payloads such as ransomware . "Qakbot is a flexible post-exploiThe Hacker News
July 12, 2022 – Vulnerabilities
VMware patches vCenter Server flaw disclosed in November Full Text
Abstract
Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA (Integrated Windows Authentication) mechanism, VMware has finally released a patch for one of the affected versions.BleepingComputer
July 12, 2022 – Ransomware
Recycled Ransomware are Faster Full Text
Abstract
Ransomware actors have started recycling codes from publicly available sources. A new Nokoyawa campaign has been observed, in which the ransomware strain is improving itself by following this tactic.Cyware Alerts - Hacker News
July 12, 2022 – Privacy
TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach Full Text
Abstract
Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch , comes a day after the Italian data protection authority — the Garante per la Protezione dei Dati Personali — warned the company against the change, citing violations of data protection laws. "The personal data stored in users' devices may not be used to profile those users and send personalized ads without their explicit consent," the Garante said . The formal warning was in response to a privacy policy revision that noted it had historically asked users' "consent" to their on-TikTok activity and off-TikTok activity to serve personalized ads and that, therefore, it intends to stop asking users for their permission to profile their behavior and process personal data. "The Hacker News
July 12, 2022 – General
Infiltrate, Exploit, Manipulate: Why the Subversive Nature of Cyber Conflict Explains Both Its Strategic Promise and Its Limitations Full Text
Abstract
Cyber operations are not novel, nor is their impact revolutionary. They are instruments of subversion that promise great gains in theory but are constrained in practice by a crippling operational trilemma that limits strategic value.Lawfare
July 12, 2022 – Attack
The President of European Central Bank Christine Lagarde targeted by hackers Full Text
Abstract
Christine Lagarde, the president of the European Central Bank, was the target of a failed hacking attempt. The European Central Bank confirmed that its President, Christine Lagarde, was the target of a failed hacking attempt. The European Central...Security Affairs
July 12, 2022 – General
Hybrid-Work Reality Drives Hardware-based Security Strategies Full Text
Abstract
New remote business reality pushes security teams to retool to protect expanding attack surface.Threatpost
July 12, 2022 – Vulnerabilities
Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs Full Text
Abstract
Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.BleepingComputer
July 12, 2022 – Cryptocurrency
CuteBoi Cryptomining Campaign - 1,300 NPM Packages, 1,000 Automated User Accounts Full Text
Abstract
The packages contain almost identical source code, sourced from an existing package, named eazyminer. It is used to mine Monero by using unused resources on web servers.Cyware Alerts - Hacker News
July 12, 2022 – General
Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies Full Text
Abstract
Businesses know they need to secure their client-side scripts. Content security policies (CSPs) are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours (or days) in manual code reviews through thousands of lines of script on your web applications. Automated content security policies can help streamline the code review process by first identifying all first- and third-party scripts and the assets they access, and then generating an appropriate content security policy to help better secure the client-side attack surface. There are few developers or AppSec professionals who claim to enjoy deploying CSPs. First, the CSP has to work for the specific web application. Then the team needs to make sure it provides the appropriate level of protection. The CSP also can't conflict with any existing widgets or plugins (or the decision must be made to not deploy the CSP or deaThe Hacker News
July 12, 2022 – Vulnerabilities
Flaws in the ExpressLRS Protocol allow the takeover of drones Full Text
Abstract
The protocol for radio-controlled (RC) drones, named ExpressLRS, is affected by vulnerabilities that can allow device takeover. Researchers warn of vulnerabilities that affect the protocol for radio-controlled (RC) drones, named ExpressLRS, which...Security Affairs
July 12, 2022 – Vulnerabilities
Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs Full Text
Abstract
Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.BleepingComputer
July 12, 2022 – Solution
Windows Autopatch goes live, add support for cloudy PCs Full Text
Abstract
"Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations," states Microsoft.The Register
July 12, 2022 – Solution
Microsoft announced the general availability of Windows Autopatch feature Full Text
Abstract
Microsoft announced the general availability of a feature called Autopatch that automatically updates Windows and Office software. Microsoft announced the general availability of a service called Autopatch that automates the process of managing...Security Affairs
July 12, 2022 – Government
CISA orders agencies to patch new Windows zero-day used in attacks Full Text
Abstract
CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.BleepingComputer
July 12, 2022 – Government
White House backed fund promises to accelerate ‘deep tech’ advancements in cybersecurity Full Text
Abstract
America’s Frontier Fund (AFF) will be a hub for what the CEO Gilman Louie calls the Quad Investor Network (QIN), a partnership that AFF will lead with other global democracies to invest jointly in emerging technology.CyberScoop
July 12, 2022 – Cryptocurrency
Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM Full Text
Abstract
Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat...Security Affairs
July 12, 2022 – Phishing
Hackers impersonate cybersecurity firms in callback phishing attacks Full Text
Abstract
Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks.BleepingComputer
July 12, 2022 – Phishing
Text Message Phishing Scams Prompt Warning from New York DMV Full Text
Abstract
If someone clicks on the link provided in the scam message, they are brought to a webpage that is designed to look like the DMV website and they are asked to submit personal information.Government Technology
July 12, 2022 – Breach
Hackers stole $620 million from Axie Infinity via fake job interviews Full Text
Abstract
The hack that caused Axie Infinity losses of $620 million in crypto started with a fake job offer from North Korean hackers to one of the game's developers.BleepingComputer
July 12, 2022 – Criminals
Luna Moth Group Ransoms Data Without Ransomware Using Remote Administration Tools Full Text
Abstract
A little social engineering and commercially available remote administration tools (RATs) and other software are all the new Luna Moth ransom group has needed to infiltrate victims' systems and extort payments.Dark Reading
July 12, 2022 – Vulnerabilities
Microsoft July 2022 Patch Tuesday fixes exploited zero-day, 84 flaws Full Text
Abstract
Today is Microsoft's July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws.BleepingComputer
July 12, 2022 – Vulnerabilities
Researchers defeat facial recognition systems with universal face mask Full Text
Abstract
Can attackers create a face mask that would defeat modern facial recognition (FR) systems? A group of researchers from from Ben-Gurion University of the Negev and Tel Aviv University have proven that it can be done.Help Net Security
July 12, 2022 – Phishing
Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs Full Text
Abstract
Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks.BleepingComputer
July 12, 2022 – Ransomware
New 0mega Ransomware Joins the Double Extortion Threat Landscape Full Text
Abstract
A new ransomware operation, dubbed 0mega, has been spotted targeting organizations across the world in double-extortion schemes. Active since May, the group has already breached several firms, including an electronics repair firm. Organizations are suggested to always protect their sensitive data w ... Read MoreCyware Alerts - Hacker News
July 12, 2022 – Hacker
New ‘Luna Moth’ hackers breach orgs via fake subscription renewals Full Text
Abstract
A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom.BleepingComputer
July 12, 2022 – Phishing
New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials Full Text
Abstract
A recent wave of social media phishing schemes doubles down on aggressive scare tactics with phony account-abuse accusations to coerce victims into handing over their login details.Dark Reading
July 11, 2022 – Solution
Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems Full Text
Abstract
Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses. It, however, doesn't support Windows Education (A3) or Windows Front Line Worker (F3) licenses. "Microsoft will continue to release updates on the second Tuesday of every month and now Autopatch helps streamline updating operations and create new opportunities for IT pros," Lior Bela said . Autopatch works by applying security updates first to devices in what's called the Test ring, which contains a minimum number of representative devices. After a validation period, the updates are pushed to the First (1% devices), Fast (9%), and Broad (90%) rings. The service was first teased by the tech giant in April 2022The Hacker News
July 11, 2022 – Vulnerabilities
Hackers can unlock Honda cars remotely in Rolling-PWN attacks Full Text
Abstract
A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely.BleepingComputer
July 11, 2022 – Malware
PennyWise Targets Cryptocurrency Wallets Using YouTube Full Text
Abstract
The new PennyWise infostealer can target over 30 browsers and cryptocurrency apps, including crypto browser extensions and cold crypto wallets. It pretends to be a Bitcoin mining app on YouTube. The malware detects a browser and extracts information saved on it, including login credentials, cookies ... Read MoreCyware Alerts - Hacker News
July 11, 2022 – Cryptocurrency
Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs Full Text
Abstract
GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily," Trend Micro researcher Magno Logan said in a report last week. GitHub Actions ( GHAs ) is a continuous integration and continuous delivery (CI/CD) platform that allows users to automate the software build, test, and deployment pipeline. Developers can leverage the feature to create workflows that build and test every pull request to a code repository, or deploy merged pull requests to production. Both Linux and Windows runners are hosted on Standard_DS2_v2 virtual machines on Azure and come with two vCPUs and 7GB of memory. The Japanese comThe Hacker News
July 11, 2022 – Breach
A fake job offer via LinkedIn allowed to steal $540M from Axie Infinity Full Text
Abstract
Threat actors used a fake job offer on LinkedIn to target an employee at Axie Infinity that resulted in the theft of $540 Million. In March, threat actors stole almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from...Security Affairs
July 11, 2022 – Criminals
Ransomware gang now lets you search their stolen data Full Text
Abstract
Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data.BleepingComputer
July 11, 2022 – Ransomware
BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2.5M in Demands Full Text
Abstract
The average time allocated for payment varies between 5-7 days, to give the victim some time to purchase BTC or XMR cryptocurrency. In case of difficulties, the victim may engage an “intermediary” for further recovery process.Resecurity
July 11, 2022 – General
What It Takes to Tackle Your SaaS Security Full Text
Abstract
It's not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc., are amazing for enabling the hybrid workforce and hyper-productivity in businesses today. However, there are three main challenges that have arisen stemming from this evolution: (1) While SaaS apps include a host of native security settings, they need to be hardened by the security team of the organization. (2) Employees are granting 3rd party app access to core SaaS apps that pose potential threats to the company. (3) These SaaS apps are accessed by different devices without their device hygiene score even being checked. 1 — Misconfiguration Management It's not an easy task to have every app setting properly configured — at all times. The challenge lies within how burdensome this responsibility is — each app has tens or hundreds of security settings to configure, in addition to thousands of user roles and permission in a typical enterprise, compounded by the many compliance industryThe Hacker News
July 11, 2022 – Phishing
Anubis Networks is back with new C2 server Full Text
Abstract
A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Anubis Network is a C2 portal...Security Affairs
July 11, 2022 – Business
Microsoft says decision to unblock Office macros is temporary Full Text
Abstract
Microsoft says last week's decision to roll back VBA macro auto-blocking in downloaded Office documents is only a temporary change.BleepingComputer
July 11, 2022 – Attack
India: CPWD faces cyber attacks, reiterates guidelines to employees Full Text
Abstract
The Central Public Works Department has been facing a spate of targeted cyberattacks on computers across its offices, according to an advisory it issued to employees last week, reiterating earlier cybersecurity guidelines.The Hindu
July 11, 2022 – Ransomware
BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands Full Text
Abstract
BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. The notorious cybercriminal syndicate BlackCat competes with Conti and Lockbit 3.0. They introduced an advanced search by stolen...Security Affairs
July 11, 2022 – Education
How to auto block macros in Microsoft Office docs from the internet Full Text
Abstract
With Microsoft temporarily rolling back a feature that automatically blocks macros in Microsoft Office files downloaded from the Internet, it is essential to learn how to configure this security setting manually. This article will explain why users should block macros and how you can block them in Microsoft Office.BleepingComputer
July 11, 2022 – Education
Researcher discloses how ‘Dirty dancing’ in OAuth can lead to account hijacking Full Text
Abstract
It is possible to perform single-click account hijacking by abusing the OAuth process flow, a security researcher has found. Attackers can abuse OAuth implementations to steal secure access tokens and perform one-click account hijacking.The Daily Swig
July 11, 2022 – Ransomware
Experts warn of the new 0mega ransomware operation Full Text
Abstract
BleepingComputer reported a new ransomware operation named 0mega that is targeting organizations worldwide. 0mega is a new ransomware operation that is targeting organizations worldwide using a double-extortion model, BleepingComputer reported. The...Security Affairs
July 11, 2022 – Criminals
Update: Hackers Used Fake LinkedIn Job Listing to Steal $625 Million from Axie Infinity Full Text
Abstract
Earlier in March this year, Ronin Network (RON), a blockchain network underpinning the famous crypto game Axie Infinity and Axie DAO suffered the largest crypto hack against a decentralized finance network reported to date.Hackread
July 11, 2022 – Phishing
Brazen crooks are now posing as cybersecurity companies to trick you into installing malware Full Text
Abstract
Brazen cybercriminals are now posing as cybersecurity companies in phishing messages which claim that the recipient has been hit by a cyber attack and that they should urgently respond in order to protect their network.ZDNet
July 11, 2022 – General
PyPl is rolling out 2FA for critical projects, giving away 4,000 security keys Full Text
Abstract
PyPI, which is managed by the Python Software Foundation, is the main repository where Python developers can get third-party-developed open-source packages for their projects.ZDNet
July 11, 2022 – Attack
Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack Full Text
Abstract
In November 2020, Netgain, a provider of managed IT services to several industries, fell victim to a ransomware attack that impacted numerous organizations in the healthcare sector, all of which were informed of the incident by January 2021.Security Week
July 10, 2022 – Criminals
Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity Full Text
Abstract
The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged. According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing the individual to download a fake offer document disguised as a PDF. "After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package," the Block reported. The offer document subsequently acted as a conduit to deploy malware designed to breach Ronin's network, ultimately facilitating one of the crypto sector's biggest hacks to date. "Sky Mavis employees are under constant advanced spear-phishing attacks on various social channels and one employee was compromised," tThe Hacker News
July 10, 2022 – Solution
PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects Full Text
Abstract
The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index (PyPI) said in a tweet last week. "Any maintainer of a critical project (both 'Maintainers' and 'Owners') are included in the 2FA requirement," it added . Additionally, the developers of critical projects who have not previously turned on 2FA on PyPi are being offered free hardware security keys from the Google Open Source Security Team. PyPI, which is run by the Python Software Foundation, houses more than 350,000 projects, of which over 3,500 projects are said to be tagged with a "critical" designation. According to the repository maintainers, any project accounting for the top 1%The Hacker News
July 10, 2022 – Attack
Maastricht University wound up earning money from its ransom payment Full Text
Abstract
Maastricht University (UM), a Dutch university with more than 22,000 students, said last week that it has recovered the ransom paid after a ransomware attack that hit its network in December 2019.BleepingComputer
July 10, 2022 – Hacker
Attackers Picking Up Brute Ratel as an Alternative to Cobalt Strike Full Text
Abstract
Nation-state threat actors are leveraging Brute Ratel, a red-teaming attack simulation tool, to evade detection by EDR and antivirus, in place of Cobalt Strike. It costs around $2,500 per user for a one-year license, with customers having to provide a business email address that should be verified ... Read MoreCyware Alerts - Hacker News
July 10, 2022 – Hacker
Experts demonstrate how to unlock several Honda models via Rolling-PWN attack Full Text
Abstract
Bad news for the owners of several Honda models, the Rolling-PWN Attack vulnerability can allow unlocking their vehicles. A team of security Researchers Kevin2600 and Wesley Li from Star-V Lab independently discovered a flaw in Honda models, named...Security Affairs
July 10, 2022 – Attack
French telephone operator La Poste Mobile suffered a ransomware attack Full Text
Abstract
French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services. The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed...Security Affairs
July 10, 2022 – General
Security Affairs newsletter Round 373 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Apple Lockdown Mode will protect users against highly targeted cyberattacksFortinet addressed multiple...Security Affairs
July 09, 2022 – Phishing
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor Full Text
Abstract
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190 , the now-patched Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability has come under heavy exploitation in recent weeks ever since it came to light in late May 2022. The starting point for the latest attack chain observed by Fortinet is a weaponized Office document that, when opened, connects to a Discord CDN URL to retrieve an HTML file (" index.htm ") that, in turn, invokes the diagnostic utility using a PowerShell command to download next-stage payloads from the same CDN attachment space. This includes the Rozena implant ("WordThe Hacker News
July 09, 2022 – General
PyPI mandates 2FA for critical projects, developer pushes back Full Text
Abstract
On Friday, the Python Package Index (PyPI), repository of open source Python projects announced plans to rollout two factor authentication for maintainers of "critical" projects. Although many praised the move, the developer of a popular Python project decided to delete his code from PyPI in retaliation.BleepingComputer
July 9, 2022 – Ransomware
RedAlert: A Ransomware that Targets Multiple OS Platforms Full Text
Abstract
New ransomware, dubbed RedAlert or N13V, encrypts both Linux and Windows VMware ESXi servers on corporate networks. Currently, the group has only one victim listed on its data leak site. Similar to other enterprise-targeting ransomware operations, RedAlert carries out double-extortion attacks, in w ... Read MoreCyware Alerts - Hacker News
July 09, 2022 – Breach
Mangatoon data breach exposes data from 23 million accounts Full Text
Abstract
Manga comic reading app Mangatoon has suffered a data breach that exposed the account information of 23 million users after a hacker stole it from an Elasticsearch database.BleepingComputer
July 9, 2022 – Phishing
Callback Phishing Campaigns Impersonate CrowdStrike, Other Cybersecurity Companies Full Text
Abstract
The phishing email implies the recipient’s company has been breached and insists the victim call the included phone number. The campaign leverages similar social-engineering tactics to those employed in WIZARD SPIDER’s 2021 BazarCall campaign.Crowdstrike
July 9, 2022 – Solution
Apple Lockdown Mode will protect users against highly targeted cyberattacks Full Text
Abstract
Apple plans to introduce a security feature, called Lockdown Mode, to protect its users against "highly targeted cyberattacks." The recent wave of sophisticated attacks against Apple users (i.e. Pegasus, DevilsTongue, and Hermit) urged the tech...Security Affairs
July 9, 2022 – Vulnerabilities
Fortinet addressed multiple vulnerabilities in several products Full Text
Abstract
Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager,...Security Affairs
July 9, 2022 – Malware
Rozena backdoor delivered by exploiting the Follina bug Full Text
Abstract
Threat actors are exploiting the disclosed Follina Windows vulnerability to distribute the Rozena backdoor. Fortinet FortiGuard Labs researchers observed a phishing campaign that is leveraging the recently disclosed Follina security vulnerability...Security Affairs
July 9, 2022 – Attack
Ongoing Raspberry Robin campaign leverages compromised QNAP devices Full Text
Abstract
Cybereason researchers are warning of a wave of attacks spreading the wormable Windows malware Raspberry Robin. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The...Security Affairs
July 9, 2022 – Ransomware
Evolution of the LockBit Ransomware operation relies on new techniques Full Text
Abstract
Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global Security Operations Center (GSOC) Team published the Cybereason Threat Analysis...Security Affairs
July 8, 2022 – Attack
U.S. Healthcare Orgs Targeted with Maui Ransomware Full Text
Abstract
State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks.Threatpost
July 08, 2022 – Ransomware
The Week in Ransomware - July 8th 2022 - One down, many to go Full Text
Abstract
While we continue to see new ransomware operations launch, we also received some good news this week, with another ransomware shutting down.BleepingComputer
July 8, 2022 – Attack
IconBurst Supply Chain Attacks Steal Data Via Malicious NPM Packages Full Text
Abstract
An NPM supply-chain attack campaign, dubbed IconBurst, has been seen leveraging several malicious NPM modules to infect hundreds of systems. Researchers have observed similarities between the domains used to exfiltrate information implying that the different modules used in this campaign are contro ... Read MoreCyware Alerts - Hacker News
July 08, 2022 – Malware
Researchers Warn of Raspberry Robin’s Worm Targeting Windows Users Full Text
Abstract
Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable USB devices containing malicious a .LNK file and leverages compromised QNAP network-attached storage (NAS) devices for command-and-control. It was first documented by researchers from Red Canary in May 2022. Also codenamed QNAP worm by Sekoia, the malware leverages a legitimate Windows installer binary called "msiexec.exe" to download and execute a malicious shared library (DLL) from a compromised QNAP NAS appliance. "To make it harder to detect, Raspberry Robin leverages process injections in three legitimate Windows system processes," Cybereason researcher Loïc CastThe Hacker News
July 8, 2022 – Vulnerabilities
Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions Full Text
Abstract
Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway...Security Affairs
July 08, 2022 – Ransomware
New 0mega ransomware targets businesses in double-extortion attacks Full Text
Abstract
A new ransomware operation named '0mega' targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms.BleepingComputer
July 8, 2022 – Criminals
As Cybercriminals Recycle Ransomware, They’re Getting Faster Full Text
Abstract
The first samples of Nokoyawa ransomware found by FortiGuard researchers were gathered in February 2022 and contain significant coding similarities with Karma, a ransomware that can be traced back to Nemty via a long series of variants.Security Week
July 08, 2022 – Ransomware
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets Full Text
Abstract
LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. "The affiliates that use LockBit's services conduct their attacks according to their preference and use different tools and techniques to achieve their goal," Cybereason security analysts Loïc Castel and Gal Romano said . "As the attack progresses further along the kill chain, the activities from different cases tend to converge to similar activities." LockBit, which operates on a ransomware-as-a-service (RaaS) model like most groups, was first observed in September 2019 and has since emerged as the most dominant ransomware strain this year, surpassing other well-known groups like Conti , Hive , and BlackCat . This involves the malware authors licensing access to affiliates, who execute the attacks in exchange for using their tools and infrastructure and earn as much as 80% of eaThe Hacker News
July 8, 2022 – Ransomware
Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free Full Text
Abstract
Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft released a free decryptor tool that allows victims of the AstraLocker...Security Affairs
July 08, 2022 – Ransomware
Free decryptor released for AstraLocker, Yashma ransomware victims Full Text
Abstract
New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom.BleepingComputer
July 8, 2022 – Malware
PyPI Packages Steal Telegram Cache Files, Add Windows Remote Desktop Accounts Full Text
Abstract
The primary packages of interest are flask-requests-complex, php-requests-complex, and tkinter-message-box. The first two packages contain no description but are certainly named after the popular 'requests' module.Sonatype
July 08, 2022 – Solution
Microsoft Quietly Rolls Back Plan to Block Office VBA Macros by Default Full Text
Abstract
Five months after announcing plans to disable Visual Basic for Applications (VBA) macros by default in the Office productivity suite, Microsoft appears to have rolled back its plans. "Based on feedback received, a rollback has started," Microsoft employee Angela Robertson said in a July 6 comment. "An update about the rollback is in progress. I apologize for any inconvenience of the rollback starting before the update about the change was made available." In February 2022, the tech giant said it was disabling macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to mitigate potential attacks that abuse the functionality for deploying malware. "Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access," MThe Hacker News
July 8, 2022 – General
Discussing the risks of bullying for anonymous social app NGL Full Text
Abstract
This is a transcription of my complete interview with the program NEWSFEED at TRT, during which we discussed NGL software and the risks of bullying. Why are anonymous social apps like NGL cause for concern? What exactly makes them dangerous for minors? We...Security Affairs
July 8, 2022 – Ransomware
ALPHV’s ransomware makes it easy to search data from targets who do not pay Full Text
Abstract
The group has also decided to use a new method to put even more pressure on its targets: Provide a search engine for their victims’ data leaks, as revealed in a new publication from Cyble.Tech Republic
July 08, 2022 – General
Why Developers Hate Changing Language Versions Full Text
Abstract
Progress powers technology forward. But progress also has a cost: by adding new capabilities and features, the developer community is constantly adjusting the building blocks. That includes the fundamental languages used to code technology solutions. When the building blocks change, the code behind the technology solution must change too. It's a challenging and time-consuming exercise that drains resources. But what if there's an alternative? The problem: reading code someone else wrote Let's take a step back and take a look at one of the fundamental challenges in development: editing someone else's code. Editing code you just wrote, or wrote a couple of weeks ago, is just fine. But editing your own code written years ago – never mind someone else's code - that's a different story. In-house code style rules can help but there are always odd naming conventions for variables and functions, or unusual choices for algorithms. Arguably, a programmer's abilitThe Hacker News
July 8, 2022 – Criminals
Russian Cybercrime Trickbot Group is systematically attacking Ukraine Full Text
Abstract
The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193,...Security Affairs
July 8, 2022 – Insider Threat
Cloud Misconfiguration Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket Full Text
Abstract
The exposed information, uncovered by Skyhigh Security, includes employee personal identification information (PII) and other sensitive company data affecting at least four airports in Colombia and Peru.Dark Reading
July 08, 2022 – Malware
Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign Full Text
Abstract
A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup , stating the "extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security solutions, along with the security controls found in the official extension stores." The rogue browser add-ons come with the same extension ID as that of Google Translate — " aapbdbdomjkkjkaonfhkkikfgjllcleb " — in an attempt to trick users into believing that they have installed a legitimate extension. The extensions are not available on the official browser web stores themselves. Rather they are delivered through different Windows executables that install the add-on on the victim's web browser. In the event the targeted user already has the Google Translate extThe Hacker News
July 8, 2022 – Ransomware
New Checkmate ransomware target QNAP NAS devices Full Text
Abstract
Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting...Security Affairs
July 8, 2022 – Business
Cyber Insurance Firm Coalition Raises $250 Million at $5 Billion Valuation Full Text
Abstract
The latest funding, which brings the total raised by Coalition to more than $755 million, came from Allianz X, Valor Equity Partners, Kinetic Partners, and other existing investors.Security Week
July 8, 2022 – Phishing
Hackers Target National Portal of India via Unprecedented Phishing Technique Full Text
Abstract
The threat actors have been targeting the Indian government's portal by utilizing a bogus URL to trick users into submitting sensitive information such as credit card numbers, expiration months, and CVV codes, according to CloudSEK.International Business Times
July 8, 2022 – Malware
Notable Droppers Emerge in Recent Threat Campaigns Full Text
Abstract
Researchers captured three different samples active in the threat campaign. The first sample is an Excel file with Excel 4.0 macros. The second is an LNK file (Windows shortcut file). The third sample is an ISO file (optical disk image).Fortinet
July 07, 2022 – Attack
TrickBot Gang Shifted its Focus on “Systematically” Targeting Ukraine Full Text
Abstract
In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such as IcedID, CobaltStrike, AnchorMail, and Meterpreter . Tracked under the names ITG23, Gold Blackburn , and Wizard Spider, the financially motivated cybercrime gang is known for its development of the TrickBot banking trojan and was subsumed into the now-discontinued Conti ransomware cartel earlier this year. But merely weeks later, the actors associated with the group resurfaced with a revamped version of the AnchorDNS backdoor called AnchorMail that uses SMTPS and IMAP protocols for command-and-control communications. "ITG23's campaigns against Ukraine arThe Hacker News
July 07, 2022 – Solution
Microsoft rolls back decision to block Office macros by default Full Text
Abstract
While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on "feedback" until further notice.BleepingComputer
July 7, 2022 – Breach
American Marriage Ministries Acknowledges Data Exposure via Unsecured Amazon Bucket Full Text
Abstract
Wedding officiant training company American Marriage Ministries (AMM) said it is dealing with another data security issue after reporting a breach of sensitive data to the FBI earlier this year.The Record
July 07, 2022 – Attack
North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations Full Text
Abstract
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," the authorities noted . The alert comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of the Treasury. Cybersecurity firm Stairwell, whose findings formed the basis of the advisory, said the lesser-known ransomware family stands out because of a lack of several key features commonly associated with ransomware-as-a-service (RaaS) groups. This includes the absence of "embedded ransom note to provide recovThe Hacker News
July 7, 2022 – Malware
Large-scale cryptomining campaign is targeting the NPM JavaScript package repository Full Text
Abstract
Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi, that is targeting the NPM JavaScript...Security Affairs
July 07, 2022 – Phishing
Fake copyright complaints push IcedID malware using Yandex Forms Full Text
Abstract
BleepingComputer
July 7, 2022 – Criminals
How cyber criminals are targeting Amazon Prime Day shoppers Full Text
Abstract
In advance of this year’s Amazon Prime Day set for July 12 and 13, Check Point said it has seen a 37% jump in Amazon-related phishing attacks at the start of July compared with the daily average for June.Tech Republic
July 07, 2022 – Malware
Over 1200 NPM Packages Found Involved in “CuteBoi” Cryptomining Campaign Full Text
Abstract
Researchers have disclosed a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi , involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts. "This was done using automation which includes the ability to pass the NPM 2FA challenge," Israeli application security testing company Checkmarx said . "This cluster of packages seems to be a part of an attacker experimenting at this point." All the released packages in question are said to harbor near-identical source code from an already existing package named eazyminer that's used to mine Monero by means of utilizing unused resources on web servers. One notable modification entails the URL to which the mined cryptocurrency should be sent, although installing the rogue modules will not bring about a negative effectThe Hacker News
July 7, 2022 – APT
North Korea-linked APTs use Maui Ransomware to target the Healthcare industry Full Text
Abstract
US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked...Security Affairs
July 07, 2022 – Malware
New stealthy OrBit malware steals data from Linux devices Full Text
Abstract
A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine.BleepingComputer
July 7, 2022 – Outage
Cyberattack Knocks Out California Community College Email, Website, and Landlines Full Text
Abstract
On Twitter and Facebook, the school explained that it is experiencing a system-wide outage of most online services but noted that programs such as Canvas, Adobe, and Microsoft Teams are still available to students.The Record
July 07, 2022 – Solution
Apple’s New “Lockdown Mode” Protects iPhone, iPad, and Mac Against Spyware Full Text
Abstract
Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state-sponsored surveillanceware such as Pegasus , DevilsTongue , Predator , and Hermit . Lockdown Mode, when enabled, "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple said in a statement. This includes blocking most message attachment types other than images and disabling link previews in Messages; rendering inoperative just-in-time ( JIT ) JavaScript compilation; removing support for shared albums in Photos; aThe Hacker News
July 7, 2022 – General
ENISA released the Threat Landscape Methodology Full Text
Abstract
I'm proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology. Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current...Security Affairs
July 07, 2022 – Attack
Quantum ransomware attack affects 657 healthcare orgs Full Text
Abstract
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations.BleepingComputer
July 7, 2022 – General
ENISA released the Threat Landscape Methodology Full Text
Abstract
The added value of ENISA threat intelligence efforts lies in offering updated information on the dynamically changing threat landscape. These efforts support risk mitigation, promote situational awareness and proactively respond to future challenges.Security Affairs
July 07, 2022 – General
The Age of Collaborative Security: What Tens of Thousands of Machines Witness Full Text
Abstract
Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec. What can tens of thousands of machines tell us about illegal hacker activities? Do you remember that scene in Batman - The Dark Knight, where Batman uses a system that aggregates active sound data from countless mobile phones to create a meta sonar feed of what is going on at any given place? It is an interesting analogy with what we do at CrowdSec. By aggregating intrusion signals from our community, we can offer a clear picture of what is going on in terms of illegal hacking in the world. After 2 years of activity and analyzing 1 million intrusion signals daily from tens of thousands of users in 160 countries, we start having an accurate "Batman sonar" global feed of cyber threats. And there are some interesting takeaways to outline. A cyber threat with many faces First of all, the global cyber threat is highly versatile. What do we see when looking at the typeThe Hacker News
July 7, 2022 – Malware
OrBit, a new sophisticated Linux malware still undetected Full Text
Abstract
Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed...Security Affairs
July 07, 2022 – Attack
QNAP warns of new Checkmate ransomware targeting NAS devices Full Text
Abstract
Taiwan-based network-attached storage (NAS) vendor QNAP warned customers to secure their devices against attacks using Checkmate ransomware to encrypt data.BleepingComputer
July 7, 2022 – General
No backup: Why cyberattacks are a big risk for the government in Brazil Full Text
Abstract
A group of 29 areas that represent a high risk in terms of vulnerability, abuse of power, mismanagement, or need for drastic changes was analyzed in a new report produced by the Federal Audit Court (TCU).ZDNet
July 7, 2022 – Vulnerabilities
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE Full Text
Abstract
The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue, tracked as CVE-2022-2274, affecting...Security Affairs
July 07, 2022 – General
Online programming IDEs can be used to launch remote cyberattacks Full Text
Abstract
Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser.BleepingComputer
July 6, 2022 – Breach
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens Full Text
Abstract
A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web.Threatpost
July 06, 2022 – Malware
Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow Full Text
Abstract
Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit , signally a growing trend of malware attacks geared towards the popular operating system. The malware gets its name from one of the filenames that's utilized to temporarily store the output of executed commands ("/tmp/.orbit"), according to cybersecurity firm Intezer. "It can be installed either with persistence capabilities or as a volatile implant," security researcher Nicole Fishbein said . "The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands." OrBit is the fourth Linux malware to have come to light in a short span of three months after BPFDoor , Symbiote , and Syslogk . The malware also functions a lot like Symbiote in that it's designed to infect all of tThe Hacker News
July 06, 2022 – Vulnerabilities
Cisco and Fortinet Release Security Patches for Multiple Products Full Text
Abstract
Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813 , affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device," the company said in an advisory. CVE-2022-20812 (CVSS score: 9.0), which concerns a case of arbitrary file overwrite in the cluster database API, requires the authenticated, remote attacker to have Administrator read-write privileges on the application so as to be able to mount path traversal attacks as a root user. "This vulnerability is due to insufficient input validation of user-supplied command arguments," the company said. "An attacker could exploit this vulnerability by authenticatiThe Hacker News
July 06, 2022 – Breach
Marriott confirms another data breach after hotel got hacked Full Text
Abstract
Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files.BleepingComputer
July 06, 2022 – Attack
IT services giant SHI hit by “professional malware attack” Full Text
Abstract
SHI International Corp, a New Jersey-based provider of Information Technology (IT) products and services, has confirmed that its network was hit by a malware attack over the weekend.BleepingComputer
July 6, 2022 – Malware
Toll Fraud Malware Catching Up Quickly, Microsoft Warns Full Text
Abstract
Microsoft warned of the toll fraud malware threat that targets Android users to drain their wallets by automatically subscribing them to premium services. Toll fraud works over Wireless Application Protocol (WAP) that allows consumers to subscribe to paid content. To stay protected from toll fraud ... Read MoreCyware Alerts - Hacker News
July 06, 2022 – Encryption
NIST Announces First Four Quantum-Resistant Cryptographic Algorithms Full Text
Abstract
The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) has chosen the first set of quantum-resistant encryption algorithms that are designed to "withstand the assault of a future quantum computer." The post-quantum cryptography ( PQC ) technologies include the CRYSTALS-Kyber algorithm for general encryption, and CRYSTALS-Dilithium , FALCON , and SPHINCS+ for digital signatures. "Three of the selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions," NIST, which kicked off the standardization process in January 2017, said in a statement. Cryptography, which underpins the security of information in modern computer networks, derives its strength from the difficulty of solving mathematical problems — e.g., factoring large composite integers — using traditional computers. Quantum computers, should they mature enough, pose a huge impact on the current puThe Hacker News
July 6, 2022 – General
Taking the Elf Off the Shelf: Why the U.S. Should Consider a Civilian Cyber Defense Full Text
Abstract
The U.S. doesn’t have a civilian cyber defense. Here’s why it should and how it should be implemented.Lawfare
July 6, 2022 – Breach
Marriott International suffered a new data breach, attackers stole 20GB of data Full Text
Abstract
Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties. The...Security Affairs
July 06, 2022 – Breach
Security advisory accidentally exposes vulnerable systems Full Text
Abstract
A security advisory for a vulnerability (CVE) published by MITRE has accidentally been exposing links to remote admin consoles of over a dozen vulnerable IP devices since at least April 2022.BleepingComputer
July 6, 2022 – Malware
Near-undetectable malware linked to Russia’s Cozy Bear Full Text
Abstract
Palo Alto Networks Unit 42's analysts assert that the malware was spotted in May 2022 and contains a malicious payload that suggests it was created using a tool called Brute Ratel (BRC4).The Register
July 06, 2022 – Vulnerabilities
OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks Full Text
Abstract
The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue , now assigned the identifier CVE-2022-2274 , has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on June 21, 2022. First released in 1998, OpenSSL is a general-purpose cryptography library that offers open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, enabling users to generate private keys, create certificate signing requests ( CSRs ), install SSL/TLS certificates. "SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue," the advisory noted . Calling it a "serious bug in the RSA implementationThe Hacker News
July 6, 2022 – General
Cyberattacks against law enforcement are on the rise Full Text
Abstract
Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious...Security Affairs
July 06, 2022 – Solution
Apple’s new Lockdown Mode defends against government spyware Full Text
Abstract
Apple announced that a new security feature known as Lockdown Mode will roll out with iOS 16, iPadOS 16, and macOS Ventura to protect high-risk individuals like human rights defenders, journalists, and dissidents against targeted spyware attacks.BleepingComputer
July 6, 2022 – Malware
PennyWise Malware Steals Data from Cryptocurrency Wallets and Browsers Full Text
Abstract
Researchers observed multiple samples of the malware in the wild, making it an active threat. The threat focuses on stealing sensitive browser data and cryptocurrency wallets, and it comes as the Pentagon has raised concerns about the blockchain.Tech Republic
July 06, 2022 – Attack
Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection Full Text
Abstract
Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "designed to avoid detection by endpoint detection and response (EDR) and antivirus (AV) capabilities." Authored by an Indian security researcher named Chetan Nayak , Brute Ratel (BRc4) is analogous to Cobalt Strike and is described as a "customized command-and-control center for red team and adversary simulation." The commercial software was first released in late 2020 and has since gained over 480 licenses across 350 customers. Each license is offered at $2,500 per user for a year, after which it can be renewed for the same duration at the cost of $2,250. BRc4 is equipped with a wide variety of features,The Hacker News
July 6, 2022 – Attack
Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild Full Text
Abstract
Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade detection. Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered...Security Affairs
July 06, 2022 – Criminals
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel Full Text
Abstract
Hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions.BleepingComputer
July 6, 2022 – Attack
Iranian Fars News Agency claims cyberattack on a company involved in the construction of Tel Aviv metro Full Text
Abstract
The Fars agency later reported that the attack hit one of the companies involved in the construction of the Tel Aviv Metro. Sabareen, a militant Palestinian group, claimed the attack through its Telegram channel.Security Affairs
July 06, 2022 – General
The End of False Positives for Web and API Security Scanning? Full Text
Abstract
July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps. Today, ImmuniWeb announced that its new product – Neuron – is publicly available. This would be another boring press release by a software vendor, but the folks from ImmuniWeb managed to add a secret sauce that you will unlikely be able to resist tasting. The DAST scanning service is flexibly available as a SaaS, and unsurprisingly contains all fashionable features commonly advertised by competitors on the rapidly growing global market, spanning from native CI/CD integrations to advanced configuration of security scanning, pre-programmed or authenticated testing. But the groundbreaking feature is Neuron'sThe Hacker News
July 6, 2022 – Ransomware
New Hive ransomware variant is written in Rust and use improved encryption method Full Text
Abstract
Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust...Security Affairs
July 06, 2022 – Breach
Marriott hit by new data breach and a failed extortion attempt Full Text
Abstract
Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files.BleepingComputer
July 6, 2022 – Vulnerabilities
High severity OpenSSL bug could lead to remote code execution Full Text
Abstract
SSL/TLS servers or other servers using 2048-bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.The Daily Swig
July 06, 2022 – APT
Bitter APT Hackers Continue to Target Bangladesh Military Entities Full Text
Abstract
Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans," cybersecurity firm SECUINFRA said in a new write-up published on July 5. The findings from the Berlin-headquartered company build on a previous report from Cisco Talos in May, which disclosed the group's expansion in targeting to strike Bangladeshi government organizations with a backdoor called ZxxZ . Bitter, also tracked under the codenames APT-C-08 and T-APT-17, is said to be active since at least late 2013 and has a track record of targeting China, Pakistan, and Saudi Arabia using different tools such as BitterRAT and ArtraDownloader. The latest attack chain detailed by SECUINFRA is believed to have been conducted in mid-May 2022, originating with a weaponized ExcelThe Hacker News
July 6, 2022 – Malware
Malicious NPM packages used to grab data from apps, websites Full Text
Abstract
Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web forms. Researchers from ReversingLabs discovered a couple of dozen NPM packages that included malicious code designed to steal data from apps...Security Affairs
July 06, 2022 – Attack
US govt warns of Maui ransomware attacks against healthcare orgs Full Text
Abstract
The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations.BleepingComputer
July 6, 2022 – Breach
Data Breach at PFC USA Impacts Patients of 650 Healthcare Providers Full Text
Abstract
The ransomware attack on PFC appears to be part of a trend where cybercriminals are not targeting healthcare providers directly but turn on their partner organizations instead.Security Week
July 06, 2022 – Ransomware
Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method Full Text
Abstract
The operators of the Hive ransomware-as-a-service (RaaS) scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," Microsoft Threat Intelligence Center (MSTIC) said in a report on Tuesday. Hive , which was first observed in June 2021, has emerged as one of the most prolific RaaS groups, accounting for 17 attacks in the month of May 2022 alone, alongside Black Basta and Conti . The shift from GoLang to Rust makes Hive the second ransomware strain after BlackCat to be written in the programming language, enabling the malware to gain additional benefits such as memory safety and deeper control over low-level resources as well as make use of a wide range of cryptographic libraries. What it also affords isThe Hacker News
July 6, 2022 – Attack
Solana DeFi Protocol Crema Finance Loses $8.8 Million in Flash Loan Attack Full Text
Abstract
Solana-based liquidity protocol Crema Finance had more than $8.78 million worth of cryptocurrencies stolen from its platform in an attack over the weekend, developers said in a tweet.Yahoo Finance
July 05, 2022 – Ransomware
New RedAlert Ransomware targets Windows, Linux VMware ESXi servers Full Text
Abstract
A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks.BleepingComputer
July 5, 2022 – Malware
ZuoRAT Malware with Hallmarks of a State-Backed Threat Actor Full Text
Abstract
The new ZuoRAT is targeting Small Office/Home Office, or SOHO, routers across North America and Europe, as part of an advanced campaign. An investigation into the case divulged that the trojan can cripple routers from multiple brands, such as ASUS, DrayTek, Cisco, and NETGEAR. For mitigation, ... Read MoreCyware Alerts - Hacker News
July 05, 2022 – Malware
Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms Full Text
Abstract
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest sensitive data from forms embedded downstream mobile applications and websites. "These clearly malicious attacks relied on typo-squatting, a technique in which attackers offer up packages via public repositories with names that are similar to — or common misspellings of — legitimate packages," security researcher Karlo Zanki said in a Tuesday report. "Attackers impersonated high-traffic NPM modules like umbrellajs and packages published by ionic.io." The packages in question, most of which were published in the last months, have been collectively downloaded more than 27,000 tThe Hacker News
July 5, 2022 – General
Last Call at the “Star Wars Bar”: Harmonizing Incident and Breach Reporting Requirements Full Text
Abstract
Policymakers have a golden opportunity to make cyber incident and breach reporting requirements more powerful and effective.Lawfare
July 5, 2022 – Attack
Iranian Fars News Agency claims cyberattack on a company involved in the construction of Tel Aviv metro Full Text
Abstract
Iran’s Fars News Agency reported that a massive cyberattack hit operating systems and servers of the Tel Aviv Metro. Iran’s Fars News Agency reported on Monday that operating systems and servers of the Tel Aviv Metro were hit by a massive cyberattack....Security Affairs
July 05, 2022 – Attack
NPM supply-chain attack impacts hundreds of websites and apps Full Text
Abstract
An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites.BleepingComputer
July 5, 2022 – Ransomware
AstraLocker Shuts Down Operations, May Switch to Cryptojacking Full Text
Abstract
AstraLocker ransomware is shutting down its operations and has released decryptors. The threat actor plans on moving to cryptojacking from extortion schemes. However, some of the speculations are that the group feared some action by global law enforcement. Emsisoft is planning to soon roll out a un ... Read MoreCyware Alerts - Hacker News
July 05, 2022 – Attack
Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies Full Text
Abstract
A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China's benefit. Targeted firms included Australia's Lynas Rare Earths Ltd, Canada's Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a report last week, calling the digital campaign Dragonbridge . "It targeted an industry of strategic significance to the PRC, including specifically three commercial entities challenging the PRC's global market dominance in that industry," Mandiant noted . The goal, the company noted, was to instigate environmental protests against the companies and propagate counter-narratives in response to potential or planned rare earths production activities involving the targets. This comprised a network of thousands of inauthentic accounts across numerous social mediThe Hacker News
July 5, 2022 – Criminals
Cyber Police of Ukraine arrested 9 men behind phishing attacks on Ukrainians attempting to capitalize on the ongoing conflict Full Text
Abstract
The Cyber Police of Ukraine arrested nine members of a cybercriminal gang that has stolen 100 million hryvnias via phishing attacks. The Cyber Police of Ukraine arrested nine members of a cybercriminal organization that stole 100 million hryvnias...Security Affairs
July 05, 2022 – Vulnerabilities
Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug Full Text
Abstract
Microsoft has confirmed it fixed a previously disclosed 'ShadowCoerce' vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks.BleepingComputer
July 5, 2022 – General
MITRE Reveals 2022 List of Most Dangerous Software Bugs Full Text
Abstract
MITRE has released the 2022 CWE most dangerous software bugs list, highlighting that enterprises still face a raft of common weaknesses that must be protected from exploitation. Bugs, which fall under the software weaknesses category also include flaws, vulnerabilities, and various other errors fou ... Read MoreCyware Alerts - Hacker News
July 05, 2022 – General
As New Clues Emerges, Experts Wonder: Is REvil Back? Full Text
Abstract
Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil ransomware gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia. The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In this apprehension, the 14 members of the gang were found in possession of 426 million roubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars were brought to justice. REvil Ransomware Gang- The Context The financially-motivated cybercriminal threat group Gold Southfield controlled ransomware group known as REvil emerged in 2019 and spread like wildfire after extorting $11 million from the meat-processor JBS. REvil would incentivize its affiliates to carry out cyberattacks for them by giving a percentage of the ransom pay-outs to those who help with infiltration activitieThe Hacker News
July 5, 2022 – Breach
Threat actors compromised British Army ’s Twitter, YouTube accounts to promote crypto scams Full Text
Abstract
Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and YouTube accounts of the British Army were used to promote NFT and other crypto scams. The YouTube account was used to transmit...Security Affairs
July 5, 2022 – Government
CISA Warns Against Exploitation of PwnKit Linux Vulnerability Full Text
Abstract
Federal agencies have been ordered to patch their Linux servers against PwnKit within three weeks. The most astounding part is that it remained hidden for over 12 years since pkexec's first release. Successful exploitation of the flaw could induce pkexec to execute arbitrary code. O ... Read MoreCyware Alerts - Hacker News
July 05, 2022 – Solution
Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web Full Text
Abstract
Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks said . "They use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote administration tasks." Also prominent are the use of the TOR network and DNS proxy registration services to provide an added layer of anonymity for their illegal operations. But by taking advantage of the threat actors' operational security missteps and other techniques, the cybersecurity firm disclosed last week that it was able to identify TOR hidden services hosted on public IP addresses, some of which are previously unknown inThe Hacker News
July 5, 2022 – Criminals
AstraLocker ransomware operators shut down their operations Full Text
Abstract
AstraLocker ransomware operators told BleepingComputer they're shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they're shutting down the operation and provided decryptors to the VirusTotal...Security Affairs
July 5, 2022 – Malware
YouTube Creators Accounts are a New Target for YTStealer Malware Full Text
Abstract
A new infostealer, named YTStealer, is targeting content creators on YouTube in an attempt to steal their authentication tokens and take over their accounts. The buyers of the compromised accounts typically use these stolen authentication cookies to hijack YouTube channels for various scams or dema ... Read MoreCyware Alerts - Hacker News
July 5, 2022 – Attack
8220 Gang Exploiting Vulnerabilities in WebLogic and Atlassian Servers - Warns Microsoft Full Text
Abstract
The recent campaign targets i686 and x86_64 Linux systems. It employs RCE exploits for CVE-2019-2725 (WebLogic) and CVE-2022-26134 (Atlassian Confluence Server and Data Center) for initial access.Cyware Alerts - Hacker News
July 5, 2022 – Attack
Attackers Targeting Microsoft Exchange Server Via SessionManager Backdoor Full Text
Abstract
Researchers from Kaspersky have named the backdoor SessionManage, which was first spotted the threat in early 2022. It is a native-code module for Microsoft's IIS web server software.Cyware Alerts - Hacker News
July 5, 2022 – Policy and Law
US DOJ sets new goals for responding to ransomware attacks Full Text
Abstract
In a recent document, the DoJ said that it pledges to increase “the percentage of reported ransomware incidents from which cases are opened, added to existing cases, or resolved or investigative actions are conducted within 72 hours to 65%.”The Record
July 5, 2022 – Breach
Dutch University Gets Cyber Ransom Money Back with Interest Full Text
Abstract
The southern Maastricht University in 2019 was hit by a large cyberattack in which criminals used ransomware, a type of malicious software that locks valuable data and can only be accessed once the victim pays a ransom amount.Security Week
July 04, 2022 – Vulnerabilities
Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild Full Text
Abstract
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294 , relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps. Heap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the heap area of the memory , leading to arbitrary code execution or a denial-of-service (DoS) condition. "Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code," MITRE explains . "When the consequence is arbitrary code execution, this can often be used to subvert any other security service." Credited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast ThreThe Hacker News
July 4, 2022 – Vulnerabilities
Google fixes the fourth Chrome zero-day in 2022 Full Text
Abstract
Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked...Security Affairs
July 4, 2022 – Criminals
Data of a billion Chinese residents available for sale on a cybercrime forum Full Text
Abstract
Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai...Security Affairs
July 04, 2022 – Ransomware
AstraLocker ransomware shuts down and releases decryptors Full Text
Abstract
The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they're shutting down the operation and plan to switch to cryptojacking.BleepingComputer
July 4, 2022 – Government
CISA Warns About MedusaLocker Ransomware’s Latest Activity Full Text
Abstract
As of May 2022, the operators of the ransomware are heavily relying on vulnerabilities in Remote Desktop Protocol (RDP) endpoints to access victims’ networks.Cyware Alerts - Hacker News
July 04, 2022 – Criminals
Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH Full Text
Abstract
The Cyber Police of Ukraine last week disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campaign aimed at capitalizing on the ongoing conflict. "Criminals created more than 400 phishing links to obtain bank card data of citizens and appropriate money from their accounts," the agency said in a press statement last week. "The perpetrators may face up to 15 years behind bars." The law enforcement operation culminated in the seizure of computer equipment, mobile phones, bank cards as well as the criminal proceeds illicitly obtained through the scheme. Some of the rogue domains registered by the actors included ross0.yolasite[.]com, foundationua[.]com, ua-compensation[.]buzz, www.bless12[.]store, help-compensation[.]xyz, newsukraine10.yolasite[.]com, and euro24dopomoga0.yolasite[.]com, among others. The roguThe Hacker News
July 4, 2022 – Vulnerabilities
Google fixes the fourth Chrome zero-day in 2022 Full Text
Abstract
Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked...Security Affairs
July 04, 2022 – Vulnerabilities
Google patches new Chrome zero-day flaw exploited in attacks Full Text
Abstract
Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.BleepingComputer
July 4, 2022 – Hacker
Hacker Claims to Have Stolen 1 Billion Records of Chinese Citizens Full Text
Abstract
A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history.Reuters
July 04, 2022 – Malware
Some Worms Use Their Powers for Good Full Text
Abstract
Gardeners know that worms are good. Cybersecurity professionals know that worms are bad . Very bad. In fact, worms are literally the most devasting force for evil known to the computing world. The MyDoom worm holds the dubious position of most costly computer malware ever – responsible for some $52 billion in damage. In second place… Sobig , another worm. It turns out, however, that there are exceptions to every rule. Some biological worms are actually not welcome in most gardens. And some cyber worms, it seems, can use their powers for good … Meet Hopper, The Good Worm Detection tools are not good at catching non-exploit-based propagation , which is what worms do best. Most cybersecurity solutions are less resilient to worm attack methods like token impersonation and others that take advantage of deficient internal configurations - PAM, segmentation, insecure credential storage, and more. So, what better way to beat a stealthy worm than with … another stealthy worm?The Hacker News
July 4, 2022 – Breach
Data of a billion Chinese residents available for sale on the dark web Full Text
Abstract
Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai...Security Affairs
July 04, 2022 – Breach
Hacker claims to have stolen data on 1 billion Chinese citizens Full Text
Abstract
An anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).BleepingComputer
July 4, 2022 – Hacker
Teen “Hackers” on Discord Selling Malware for Quick Cash Full Text
Abstract
Avast security researchers have discovered a server on Discord where a group of minors is involved in developing, upgrading, marketing, and selling malware and ransomware strains on the platform, supposedly to earn pocket money.Hackread
July 4, 2022 – Vulnerabilities
Popular Django web framework affected by a SQL Injection flaw. Upgrade it now! Full Text
Abstract
The development team behind the Django Project has addressed a high-severity SQL Injection flaw in its framework. Django is a free and open-source, Python-based web framework that follows the model–template–views (MTV) architectural pattern. Django...Security Affairs
July 04, 2022 – Breach
UK Army’s Twitter, YouTube accounts hacked to push crypto scam Full Text
Abstract
British Army's Twitter and YouTube accounts were hacked sometime yesterday and altered to promote online crypto scams. In a statement, UK's Ministry of Defence confirms it is investigating the attack.BleepingComputer
July 4, 2022 – General
‘Alarm sounded’ on Russian threat to Ireland Full Text
Abstract
Professor Edward Burke made the comment following the report of High Court judge Charles Meenan, who supervises the interception of phone calls and post, and access to traffic data on private communications.Irish Examiner
July 4, 2022 – Insider Threat
Unfaithful HackerOne employee steals bug reports to claim additional bounties Full Text
Abstract
Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly...Security Affairs
July 04, 2022 – Vulnerabilities
Django fixes SQL Injection vulnerability in new releases Full Text
Abstract
Django, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability impacts Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2, with patches and new releases issued fixing the vulnerability.BleepingComputer
July 4, 2022 – Malware
Raspberry Robin Worm Infects Windows Networks at Technology and Manufacturing Firms Full Text
Abstract
The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file.Neowin
July 4, 2022 – General
Threat Report Portugal: Q2 2022 Full Text
Abstract
The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators...Security Affairs
July 4, 2022 – Malware
Revive: New Android malware Posing as 2FA App for a Spanish Bank Full Text
Abstract
A new Revive banking trojan was found targeting users of BBVA, a Spanish financial services company. Revive follows a more focused approach - the bank and not customers as its prime targets. While the malware is in its early developmental stages, it is designed for persistent campaigns. Training em ... Read MoreCyware Alerts - Hacker News
July 4, 2022 – Government
CISA orders federal agencies to patch CVE-2022-26925 by July 22 Full Text
Abstract
US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities...Security Affairs
July 03, 2022 – Criminals
HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains Full Text
Abstract
Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it said . "In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data." The employee, who had access to HackerOne systems between April 4 and June 23, 2022, for triaging vulnerability disclosures associated with different customer programs, has since been terminated by the San Francisco-headquartered company as of June 30. Calling the incident as a "clear violation" of its values, culture, policies, and employment contracts, HackerOne said it was alerted to the breach on June 22 by an unnamed customer, which asked it to "investigate a suspicious vulnerabiThe Hacker News
July 03, 2022 – Breach
Privacy protection agency seizes servers of hacked travel company Full Text
Abstract
The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals.BleepingComputer
July 3, 2022 – Vulnerabilities
Tens of Jenkins plugins are affected by zero-day vulnerabilities Full Text
Abstract
Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched. Jenkins is the most popular open-source automation server, it is maintained by CloudBees and the Jenkins community....Security Affairs
July 03, 2022 – Privacy
Free smartphone stalkerware detection tool gets dedicated hub Full Text
Abstract
Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored.BleepingComputer
July 3, 2022 – Malware
Microsoft: Raspberry Robin worm already infected hundreds of networks Full Text
Abstract
Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable...Security Affairs
July 03, 2022 – Solution
Microsoft Defender adds network protection for Android, iOS devices Full Text
Abstract
Microsoft has announced the introduction of a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks.BleepingComputer
July 3, 2022 – General
Security Affairs newsletter Round 372 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. The role of Social Media in modern society – Social Media Day 22 interviewExperts shared PoC exploit...Security Affairs
July 3, 2022 – General
Half of actively exploited zero-day issues in H1 2022 are variants of previous flaws Full Text
Abstract
Google Project Zero states that in H1 2022 at least half of zero-day issues exploited in attacks were related to not properly fixed old flaws. Google Project Zero researcher Maddie Stone published a blog post that resumes her speech at the FIRST conference...Security Affairs
July 02, 2022 – Insider Threat
Rogue HackerOne employee steals bug reports to sell on the side Full Text
Abstract
A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards.BleepingComputer
July 02, 2022 – Breach
Verified Twitter accounts hacked to send fake suspension notices Full Text
Abstract
BleepingComputer
July 2, 2022 – General
The role of Social Media in modern society – Social Media Day 22 interview Full Text
Abstract
This is a transcription of an interview I had at Iran International broadcaster, I discussed about the role of social media in modern society. What's the Middle East government's role on Cyber bullying towards opposition activists? Middle East...Security Affairs
July 02, 2022 – Malware
Microsoft finds Raspberry Robin worm in hundreds of Windows networks Full Text
Abstract
Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.BleepingComputer
July 2, 2022 – Vulnerabilities
Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool Full Text
Abstract
Researchers shared technical details and proof-of-concept exploit code for the CVE-2022-28219 flaw in Zoho ManageEngine ADAudit Plus tool. Security researchers from Horizon3.ai have published technical details and proof-of-concept exploit code for a critical...Security Affairs
July 2, 2022 – Attack
Russian hackers allegedly target Ukraine’s biggest private energy firm Full Text
Abstract
Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate, the DTEK Group, in retaliation for its owner's opposition to Russia's war in Ukraine.CNN Money
July 2, 2022 – Outage
A ransomware attack forced publishing giant Macmillan to shuts down its systems Full Text
Abstract
A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat...Security Affairs
July 2, 2022 – Ransomware
AstraLocker 2.0 ransomware isn’t going to give you your files back Full Text
Abstract
Reversing Labs reports that the latest version of AstraLocker ransomware is engaged in a so-called “smash and grab” ransomware operation that is all about maxing out profits in the fastest time.Malwarebytes Labs
July 01, 2022 – Vulnerabilities
Zoho ManageEngine ADAudit Plus bug gets public RCE exploit Full Text
Abstract
Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.BleepingComputer
July 01, 2022 – Privacy
TikTok Assures U.S. Lawmakers it’s Working to Safeguard User Data From Chinese Staff Full Text
Abstract
Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators, which further noted that the procedure requires the individuals to clear numerous internal security protocols. The contents of the letter, first reported by The New York Times, shares more details about TikTok's plans to address data security concerns through a multi-pronged initiative codenamed "Project Texas." "Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team," TikTok CEO Shou Zi Chew wrote in the mThe Hacker News
July 01, 2022 – Ransomware
The Week in Ransomware - July 1st 2022 - Bug Bounties Full Text
Abstract
It has been relatively busy this week with new ransomware attacks unveiled, a bug bounty program introduced, and new tactics used by the threat actors to distribute their encryptors.BleepingComputer
July 01, 2022 – Malware
Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps Full Text
Abstract
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent. It's also different from other fleeceware threats in that the malicious functions are only carried out when a compromised device is connected to one of its target network operators. "It also, by default, uses cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available," Dimitrios Valsamaras and Sang Shin Jung of the Microsoft 365 Defender Research Team said in an exhaustive analysis. "Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscriptionThe Hacker News
July 1, 2022 – Malware
SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide Full Text
Abstract
Researchers warn of a new 'SessionManager' Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new 'SessionManager' Backdoor that was employed in attacks targeting...Security Affairs
July 01, 2022 – Government
CISA orders agencies to patch Windows LSA bug exploited in the wild Full Text
Abstract
CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft's May 2022 updates.BleepingComputer
July 1, 2022 – Ransomware
Black Basta Emerges From the Dead - Warn Experts Full Text
Abstract
Before deploying the ransomware, operators infiltrate and move laterally across the entire network, performing a full-fledged RansomOps attack. Similar to other groups, Black Basta employs the double extortion tactic.Cyware Alerts - Hacker News
July 01, 2022 – Solution
Google Improves Its Password Manager to Boost Security Across All Platforms Full Text
Abstract
Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post. The updates are also expected to automatically group multiple passwords for the same sites as well as introduce an option to manually add passwords. Although Google appears to be not ready yet to make Password Manager as a standalone app, users on Android can now add a shortcut to it on the homescreen. In a related change on iOS, should users opt for Chrome as the default autofill provider , Password Manager now comes with the ability to generate unique, strong passwords. The built-in Password Checkup feature on Android is receiving an upgrade of its own too. Beyond checking for hacked credentials, it can further higThe Hacker News
July 1, 2022 – Cryptocurrency
A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers Full Text
Abstract
Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group,...Security Affairs
July 01, 2022 – Solution
Microsoft updates Azure AD with support for temporary passcodes Full Text
Abstract
Azure Active Directory (Azure AD) now allows admins to issue time-limited passcodes that can be used to register new passwordless authentication methods, during Windows onboarding, or to recover accounts easier when losing credentials or FIDO2 keys.BleepingComputer
July 1, 2022 – Ransomware
Bumblebee Buzzes to Forefront of Ransomware Ecosystem Full Text
Abstract
Bumblebee has been linked to ransomware operations by Conti, Quantum, and Mountlocker, which signifies that the malware is now at the forefront of the ransomware ecosystem.Cyware Alerts - Hacker News
July 01, 2022 – Malware
New ‘SessionManager’ Backdoor Targeting Microsoft IIS Servers in the Wild Full Text
Abstract
A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager , the malicious tool masquerades as a module for Internet Information Services ( IIS ), a web server software for Windows systems, after exploiting one of the ProxyLogon flaws within Exchange servers. Targets included 24 distinct NGOs, government, military, and industrial organizations spanning Africa, South America, Asia, Europe, Russia and the Middle East. A total of 34 servers have been compromised by a SessionManager variant to date. This is far from the first time the technique has been observed in real-world attacks . The use of a rogue IIS module as a means to distribute stealthy implants has its echoes in an Outlook credential stealer called Owowa that came to light in December 2021. "Dropping an IIS module aThe Hacker News
July 1, 2022 – Denial Of Service
Pro-Russian hackers launched a massive DDoS attack against Norway Full Text
Abstract
Norway's National Security Authority (NSM) confirmed that a DDoS attack took down some of the country's most important websites. Norway's National Security Authority (NSM) confirmed that some of the country's most important websites and online services...Security Affairs
July 01, 2022 – Vulnerabilities
Jenkins discloses dozens of zero-day bugs in multiple plugins Full Text
Abstract
On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.BleepingComputer
July 1, 2022 – APT
Evilnum APT Returns with Better TTPs Full Text
Abstract
The campaign uses macro-laden documents that have varying filenames, containing the term ‘compliance’. At least nine such documents have been identified.Cyware Alerts - Hacker News
July 01, 2022 – Solution
Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree Full Text
Abstract
Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked , it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes? The Debricked team decided to find out. A forest full of fragile trees So, where do you even start? Firstly, there needs to be a way to fix the vulnerability, which, for indirect dependencies, is no walk in the park. Secondly, it needs to be done in a safe way, or, without anything breaking. You see, indirect dependencies are introduced deep down the dependency tree and it's very tricky to get to the exact version you want. As Debricked's Head of R&D once put it, " You are turning the knobs by playing around with your direct dependencies and praying to Torvalds that the correct indirect packages are resolved. When Torvalds is in your favour, you have to sacrifice some cloudThe Hacker News
July 1, 2022 – Malware
Microsoft Warns of Toll Fraud Malware on Android That Switches Off Wi-Fi, Empties Users’ Wallets Full Text
Abstract
Microsoft explains in a blogpost that WAP fraud malware on Android is capable of targeting users of specific network operators and uses dynamic code loading -- a method for hiding malicious behavior.ZDNet
July 01, 2022 – Vulnerabilities
Amazon Quietly Patches ‘High Severity’ Vulnerability in Android Photos App Full Text
Abstract
Amazon, in December 2021, patched a high severity vulnerability affecting its Photos app for Android that could have been exploited to steal a user's access tokens. "The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino said . "Others, like the Amazon Drive API, allow an attacker full access to the user's files." The Israeli application security testing company reported the issue to Amazon on November 7, 2021, following which the tech giant rolled out a fix on December 18, 2021. The leak is the result of a misconfiguration in one of the app's components named "com.amazon.gallery.thor.app.activity.ThorViewActivity" that's defined in the AndroidManifest.xml file and which, when launched, initiates an HTTP request with a header containing the access token. In a nutshell, itThe Hacker News
July 1, 2022 – Business
Inspectiv Closes USD8.6M in Series A Funding Full Text
Abstract
The Series A funding round, which brings total capital raised to more than $16 million, was led by StepStone Group with participation from Fika Ventures, Freestyle and Mucker Capital.FinSMEs
July 1, 2022 – Vulnerabilities
Gitlab patches critical RCE bug in latest security release Full Text
Abstract
The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.The Daily Swig