Link Search Menu Expand Document
BSafes Library

June, 2022

June 30, 2022 – Attack

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers Full Text

Abstract A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads over the last year." 8220, active since early 2017 , is a Chinese-speaking, Monero-mining threat actor so named for its preference to communicate with command-and-control (C2) servers over port 8220. It's also the developer of a tool called whatMiner, which has been co-opted by the Rocke cybercrime group in their attacks. In July 2019, the Alibaba Cloud Security Team uncovered an extra shift in the adversary's tactics, noting its use of rootkits to hide the mining program. Two years later, the gang resurfaced with Tsunami IRC botnet variants and a custom "

The Hacker News

June 30, 2022 – Malware

Toll fraud malware disables your WiFi to force premium subscriptions Full Text

Abstract Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services.

BleepingComputer

June 30, 2022 – Attack

Norway Hit by Disruptive Cyberattack, Pro-Russian Hacker Group Suspected to be the Culprit Full Text

Abstract Wednesday’s cyberattack on Norway came two days after a similar attack temporarily knocked out public and private websites in Lithuania with a pro-Moscow hacker group reportedly claiming responsibility.

CNBC

June 30, 2022 – Criminals

Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups Full Text

Abstract Google's Threat Analysis Group (TAG) on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the  surveillanceware ecosystem , hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, politicians, and other high-risk users. Where the two stand apart is that while customers purchase the spyware from commercial vendors and then deploy it themselves, the operators behind hack-for-hire attacks are known to conduct the intrusions on their clients' behalf in order to obscure their role. "The hack-for-hire landscape is fluid, both in how the attackers organize themselves and in the wide range of targets they pursue in a single campaign at the behest of disparate clients," Shane Huntley, director of Google TAG,  said  in a report. "Some hack-for-hire attackers openly adver

The Hacker News

June 30, 2022 – Ransomware

Korean cybersecurity agency released a free decryptor for Hive ransomware Full Text

Abstract Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor...

Security Affairs

June 30, 2022 – Outage

Macmillan shuts down systems after likely ransomware attack Full Text

Abstract Publishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack.

BleepingComputer

June 30, 2022 – Outage

Nebraska Department of Labor Website Goes Offline Due to Third-party Breach at Vendor Full Text

Abstract The Nebraska Department of Labor announced that the NEworks.nebraska.gov website is currently unavailable due to a national outage with their web vendor: Geographic Solutions, Inc.

ketv

June 30, 2022 – Government

U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores Full Text

Abstract One of the commissioners of the U.S. Federal Communications Commission (FCC) has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently unchecked access to that sensitive data," Brendan Carr, a Republican member of the FCC,  wrote  in a letter to Apple and Google's chief executives. TikTok, in September 2021,  disclosed  that there are one billion people who use its app every month, making it one of the largest social media platforms after Facebook, YouTube, WhatsApp, Instagram, and WeChat. Carr further emphasized that the short-form video service is far from just an app for sharing funny videos or memes, calling out its features as "sheep's clothing" intended to mask its core funct

The Hacker News

June 30, 2022 – APT

Experts blame North Korea-linked Lazarus APT for the Harmony hack Full Text

Abstract North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident...

Security Affairs

June 30, 2022 – Malware

Microsoft Exchange servers worldwide backdoored with new malware Full Text

Abstract A newly discovered lightweight and persistent malware was used by attackers to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa.

BleepingComputer

June 30, 2022 – Hacker

Update: North Korea-backed Hacking Collective Lazarus Group Suspected to be Behind Recent Harmony Bridge Attack Full Text

Abstract On June 27, the culprit is said to have begun moving funds amounting to $39 million through the Tornado Cash mixer service in an attempt to obscure the ill-gotten gains and make it difficult to trace the transaction trail back to the original theft.

IT Security Guru

June 30, 2022 – General

What is Shadow IT and why is it so risky? Full Text

Abstract Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively. An old school phenomenon  Shadow IT is not new. There have been countless examples of widespread shadow IT use over the years. In the early 2000s, for example, many organizations were reluctant to adopt Wi-Fi for fear that it could undermine their security efforts. However, users wanted the convenience of wireless device usage and often deployed wireless access points without the IT department's knowledge or consent. The same thing happened when the iPad first became popular. IT departments largely prohibited iPads from being used with business data because of the inability to apply group policy settings and other security controls to the devices. Even so, users often ignored IT and

The Hacker News

June 30, 2022 – Insider Threat

Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker Full Text

Abstract A former Canadian government IT worker admitted to being a high-level member of the Russian cybercrime group NetWalker. A former Canadian government employee, Sebastien Vachon-Desjardins, pleaded guilty in the U.S. to charges related to his involvement...

Security Affairs

June 30, 2022 – General

Ukraine targeted by almost 800 cyberattacks since the war started Full Text

Abstract Ukrainian government and private sector organizations have been the target of 796 cyberattacks since the start of the war on February 24, 2022, when Russia invaded Ukraine.

BleepingComputer

June 30, 2022 – Malware

Microsoft Warns of New Updated ‘8220’ Linux Malware that Installs Cryptominers Full Text

Abstract Microsoft has called out recent work from the so-called "8220 gang" group, which has recently been spotted exploiting the critical bug affecting Atlassian Confluence Server and Data Center, tracked as CVE-2022-26134.

ZDNet

June 30, 2022 – Policy and Law

Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks Full Text

Abstract A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate. Sebastien Vachon-Desjardins , who was  extradited to the U.S.  on March 10, 2022, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. The 34-year-old IT consultant from Gatineau, Quebec, was initially apprehended in January 2021 following a coordinated  law enforcement operation  to dismantle the dark web infrastructure used by the NetWalker ransomware cybercrime group to publish data siphoned from its victims. The takedown also brought its activities to a standstill. A search warrant executed at Vachon-Desjardins's home in Canada resulted in the seizure of 719 bitcoin, valued at approximately $28.1 million at the time, and $790,000 in Canadian currency. In February 2022, the Ontario Court

The Hacker News

June 30, 2022 – Malware

YTStealer info-stealing malware targets YouTube content creators Full Text

Abstract Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication...

Security Affairs

June 30, 2022 – Denial Of Service

Russian hacktivists take down Norway govt sites in DDoS attacks Full Text

Abstract Norway's National Security Authority (NSM) published a statement yesterday warning that some of the country's most important websites and online services are being rendered inaccessible due to distributed denial of service (DDoS) attacks.

BleepingComputer

June 30, 2022 – Vulnerabilities

Chromium browsers vulnerable to dangling markup injection Full Text

Abstract A recently-patched security hole in Chromium browsers allowed attackers to bypass safeguards against dangling markup injection’, an attack that extracts sensitive information from webpages.

The Daily Swig

June 30, 2022 – Hacker

North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack Full Text

Abstract The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the  Ronin bridge attack  in March 2022. The finding comes as Harmony  confirmed  that its Horizon Bridge, a  platform  that allows users to move cryptocurrency across different blockchains, had been breached last week. The incident involved the exploiter carrying out multiple transactions on June 23 that extracted tokens stored in the bridge and subsequently made away with about $100 million in cryptocurrency. "The stolen crypto assets included Ether (ETH), Tether (USDT), Wrapped Bitcoin (WBTC) and BNB," blockchain analytics company Elliptic  said  in a new report. "The thief immediately used Uniswap – a decentralized exchange (DEX) – to convert much of these assets into a total of 85,837 ETH." Days later, on June 27, the culprit is said to have begun moving funds amounting to $39

The Hacker News

June 30, 2022 – Malware

XFiles info-stealing malware adds support for Follina delivery Full Text

Abstract The XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers.

BleepingComputer

June 30, 2022 – Vulnerabilities

Brocade Vulnerabilities Could Impact Storage Solutions of Several Major Companies Full Text

Abstract According to Broadcom, the Brocade SANnav storage area network (SAN) management application is affected by nine vulnerabilities. Patches have been made available for these security holes.

Security Week

June 30, 2022 – Phishing

Google blocked dozens of domains used by hack-for-hire groups Full Text

Abstract Google's Threat Analysis Group (TAG) has blocked dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide.

BleepingComputer

June 30, 2022 – Encryption

Security experts urge agencies to test post-quantum cryptography algorithms now Full Text

Abstract Agencies should test post-quantum cryptography algorithms with their software and decide whether information security benefits outweigh the efficiency losses ahead of a federally mandated transition, according to security experts.

Fed Scoop

June 30, 2022 – Ransomware

AstraLocker 2.0 infects users directly from Word attachments Full Text

Abstract A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments.

BleepingComputer

June 30, 2022 – Breach

OpenSea discloses data breach, warns users of phishing attacks Full Text

Abstract OpenSea, the largest non-fungible token (NFT) marketplace, disclosed a data breach on Wednesday and warned users of phishing attacks that could target them in the coming days.

BleepingComputer

June 29, 2022 – Attack

Walmart denies being hit by Yanluowang ransomware attack Full Text

Abstract American retailer Walmart has denied being hit with a ransomware attack by the Yanluowang gang after the hackers claimed to encrypt thousands of computers.

BleepingComputer

June 29, 2022 – Malware

PyPi Packages Caught Stealing and Making AWS Keys and More Public Full Text

Abstract The PyPI repository containing malicious Python packages are steal sensitive data before sending it to publicly exposed endpoints. The sensitive data includes AWS credentials as well as environment variables. The stolen data is stored in TXT files and uploaded to a PyGrata[.]com domain. The endpoin ... Read More

Cyware Alerts - Hacker News

June 29, 2022 – Malware

New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators Full Text

Abstract Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other stealers sold on the dark web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of," security researcher Joakim Kenndy said in a report shared with The Hacker News. The malware's modus operandi, however, mirrors its counterparts in that it extracts the cookie information from the web browser's database files in the user's profile folder. The reasoning given behind targeting content creators is that it uses one of the installed browsers on the infected machine to gather YouTube channel

The Hacker News

June 29, 2022 – Vulnerabilities

Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers Full Text

Abstract Researchers discovered a new flaw in RARlab's UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab's UnRAR utility, tracked as CVE-2022-30333,...

Security Affairs

June 29, 2022 – Breach

Leaky Access Tokens Exposed Amazon Photos of Users Full Text

Abstract Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.

Threatpost

June 29, 2022 – Insider Threat

Avaya sysadmin indicted for illegally generating, selling VoIP licenses Full Text

Abstract Three defendants who allegedly sold over $88 million worth of software licenses belonging to Avaya Holdings Corporation have been charged in Oklahoma, U.S., facing 14 counts of wire fraud and money laundering.

BleepingComputer

June 29, 2022 – Ransomware

With LockBit 3.0 Launch, Hackers Announce Bug Bounty Program Full Text

Abstract The LockBit RaaS launched LockBit 3.0, the first-ever ransomware bug bounty program for security experts to submit bug reports and get rewarded with up to $1 million. Various bug bounty categories include website bugs (such as XSS vulnerabilities, and MySQL injections), Locker bugs (bugs in the ran ... Read More

Cyware Alerts - Hacker News

June 29, 2022 – Vulnerabilities

New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers Full Text

Abstract A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. Following responsible disclosure on May 4, 2022, the shortcoming was addressed by RarLab as part of  version 6.12  released on May 6. Other versions of the software, including those for Windows and Android operating systems, are not impacted. "An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive," SonarSource researcher Simon Scannell  said  in a Tuesday report. "If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arb

The Hacker News

June 29, 2022 – General

Mitre shared 2022 CWE Top 25 most dangerous software weaknesses Full Text

Abstract The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine...

Security Affairs

June 29, 2022 – Malware

New YTStealer malware steals accounts from YouTube Creators Full Text

Abstract A new information-stealing malware named YTStealer is targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels.

BleepingComputer

June 29, 2022 – Botnet

The Link Between AWM Proxy & the Glupteba Botnet – Krebs on Security Full Text

Abstract Despite all of the disruption caused by Google’s legal and technical meddling, AWM is still around and nearly as healthy as ever, although the service has been rebranded with a new name and there are dubious claims of new owners.

Krebs on Security

June 29, 2022 – Vulnerabilities

New ‘FabricScape’ Bug in Microsoft Azure Service Fabric Impacts Linux Workloads Full Text

Abstract Cybersecurity researchers from Palo Alto Networks Unit 42  disclosed  details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed  FabricScape  ( CVE-2022-30137 ), could be exploited on containers that are configured to have  runtime access . It has been  remediated  as of June 14, 2022, in  Service Fabric 9.0 Cumulative Update 1.0 . Azure Service Fabric  is Microsoft's platform-as-a-service ( PaaS ) and a container orchestrator solution used to build and deploy microservices-based cloud applications across a cluster of machines. "The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource's host SF node and the entire cluster," Microsoft  said  as part of the coordinated disclosure process. "Though the bug exists on both Operating System (OS)

The Hacker News

June 29, 2022 – Criminals

RansomHouse gang claims to have stolen 450GB of data from chip maker giant AMD Full Text

Abstract The RansomHouse gang claims to have breached the Chipmaker giant AMD and stole 450 GB of data from the company in 2021. The RansomHouse extortion gang claims to have stolen 450 GB of data from the chipmaker giant AMD in 2021 and threatens to leak...

Security Affairs

June 29, 2022 – Government

CISA warns of hackers exploiting PwnKit Linux vulnerability Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild.

BleepingComputer

June 29, 2022 – Malware

Keona Clipper Steals Cryptocurrency Payments Full Text

Abstract Keona Clipper, a new malware threat is stealing cryptocurrencies from infected computers by replacing the user wallet address with its own. It leverages Telegram to stay hidden. Researchers identified over 90 different iterations of Keona since May, indicating wide deployment. Users should take utm ... Read More

Cyware Alerts - Hacker News

June 29, 2022 – Vulnerabilities

Thunderbird 102 released with highly anticipated features, bug fixes Full Text

Abstract Mozilla has announced the release of Thunderbird 102, one of the world's most popular open-source email clients with an estimated userbase of over 25 million.

BleepingComputer

June 29, 2022 – Vulnerabilities

Firefox 102 Patches 19 Vulnerabilities, Improves Privacy Full Text

Abstract With the latest update, Mozilla has patched CVE-2022-34470, a high-severity use-after-free issue in nsSHistory that was triggered when navigating between XML documents, and which could lead to a potentially exploitable crash.

Security Week

June 29, 2022 – Criminals

Ukraine arrests cybercrime gang operating over 400 phishing sites Full Text

Abstract The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians.

BleepingComputer

June 29, 2022 – Attack

Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia Full Text

Abstract Mandiant’s security researchers have been tracking influence campaigns that a Chinese threat actor named Dragonbridge has been conducting against rare earth mining companies in Australia, Canada, and the United States.

Security Week

June 29, 2022 – Government

CISA warns orgs to switch to Exchange Online Modern Auth until October Full Text

Abstract CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication (MFA) support to Modern Authentication alternatives.

BleepingComputer

June 29, 2022 – Ransomware

AstraLocker 2.0 pushes ransomware direct from Office docs Full Text

Abstract ReversingLabs recently discovered a new version of the AstraLocker ransomware (AstraLocker 2.0) that was being distributed directly from Microsoft Office files used as bait in phishing attacks.

ReversingLabs

June 29, 2022 – Solution

Google Workspace now alerts of critical changes to admin accounts Full Text

Abstract Google Workspace (formerly G Suite) has been updated to notify admins of highly sensitive changes to configurations, including those made to single sign-on (SSO) profiles and admin accounts.

BleepingComputer

June 29, 2022 – Outage

Ready Meal Distributor Apetito Restores Limited Deliveries in UK Following Cyberattack Full Text

Abstract The impacted arm of Apetito in the U.K delivers ready meals to hospitals, care homes, schools, childcare facilities, and the homes of vulnerable people across the west of England.

The Daily Swig

June 29, 2022 – Vulnerabilities

Amazon fixes high-severity vulnerability in Android Photos app Full Text

Abstract Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store.

BleepingComputer

June 29, 2022 – Malware

Raccoon Stealer Reappears With a New Version Full Text

Abstract Raccoon Stealer v2 is written in C/C++ using WinApi. The malware downloads legitimate third-party DLLs from its C2 servers. It is believed that the new version was available on Telegram for sale since May 17.

Cyware Alerts - Hacker News

June 29, 2022 – Vulnerabilities

Microsoft Azure FabricScape bug let hackers hijack Linux clusters Full Text

Abstract Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric (SF) application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster.

BleepingComputer

June 28, 2022 – General

Top Six Security Bad Habits, and How to Break Them Full Text

Abstract Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.

Threatpost

June 28, 2022 – Government

CISA Warns of Active Exploitation of ‘PwnKit’ Linux Vulnerability in the Wild Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to  add  a Linux vulnerability dubbed  PwnKit  to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. The issue, tracked as  CVE-2021-4034  (CVSS score: 7.8), came to light in January 2022 and concerns a case of  local privilege escalation  in polkit's pkexec utility, which allows an authorized user to execute commands as another user. Polkit (formerly called PolicyKit) is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes. Successful exploitation of the flaw could induce pkexec to execute arbitrary code, granting an unprivileged attacker administrative rights on the target machine and compromising the host. It's not immediately clear how the vulnerability is being weaponized in the wild, nor is there any information on the identity of

The Hacker News

June 28, 2022 – Malware

ZuoRAT malware hijacks SOHO Routers to spy in the vitims Full Text

Abstract A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote...

Security Affairs

June 28, 2022 – Hacker

Evilnum hackers return in new operation targeting migration orgs Full Text

Abstract The Evilnum hacking group is showing renewed signs of malicious activity, targeting European organizations that are involved in international migration.

BleepingComputer

June 28, 2022 – Botnet

Scalper Bots Leave the Israeli Government Helpless Full Text

Abstract Scalper bots have gone out of control in Israel by signing up for public service appointments for several government services and then selling them to dissatisfied citizens.  The bot's operators attempted to sell appointments for multiple government agencies for over $100. In order to beat mo ... Read More

Cyware Alerts - Hacker News

June 28, 2022 – Malware

ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks Full Text

Abstract A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," researchers from Lumen Black Lotus Labs said in a report shared with The Hacker News. The stealthy operation, which targeted routers from ASUS, Cisco, DrayTek, and NETGEAR, is believed to have commenced in early 2020 during the initial months of the COVID-19 pandemic, effectively remaining under the radar for over two years. "Consumers and remote employees routinely use SOHO routers, but these devices are rarely monitored or patched, which makes them one of the weakest points of a network's perimeter," the company's threat intelligence team said. Initial access

The Hacker News

June 28, 2022 – General

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE Full Text

Abstract This paper provides a taxonomic classification of non-state actors in the cyberspace, analyzing their role and impact on a state’s socioeconomic structure Cyber Non-State Actors (CNSA) are key figures in our globalized world: their operations could...

Security Affairs

June 28, 2022 – Solution

New Firefox privacy feature strips URLs of tracking parameters Full Text

Abstract Mozilla Firefox 102 was released today with a new privacy feature that strips parameters from URLs that are used to track you around the web.

BleepingComputer

June 28, 2022 – Attack

New Attack Method Devised to Abuse Microsoft WebView2 and Bypass MFA Full Text

Abstract A new phishing attack could abuse Microsoft Edge WebView2 applications to steal victims’ authentication cookies, using which hackers bypass MFA for logging accounts. The attack includes a WebView2 executable, for which the researcher created a proof-of-concept that opens a genuine Microsoft login f ... Read More

Cyware Alerts - Hacker News

June 28, 2022 – APT

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor Full Text

Abstract Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021,  attributed  it to a previously unknown Chinese-speaking threat actor. Targets include organizations in the telecommunications, manufacturing, and transport sectors. "During the initial attacks, the group exploited an MS Exchange vulnerability to deploy ShadowPad malware and infiltrated  building automation systems  of one of the victims," the company said. "By taking control over those systems, the attacker can reach other, even more sensitive systems of the attacked organization." ShadowPad , which emerged in 2015 as the successor to PlugX, is a privately sold modular malware platform that has been put to use by many Chinese espionage actors over the years.  W

The Hacker News

June 28, 2022 – Ransomware

LockBit 3.0 introduces important novelties, including a bug bounty program Full Text

Abstract The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important noveòties such as a bug bounty program,...

Security Affairs

June 28, 2022 – Attack

AMD investigates RansomHouse hack claims, theft of 450GB data Full Text

Abstract Chip manufacturer AMD says they are investigating a cyberattack after threat actors claimed to have stolen 450 GB of data from the company last year.

BleepingComputer

June 28, 2022 – Government

House Passes ICS Cybersecurity Training Bill Full Text

Abstract The bill aims to provide the IT workforce with free ICS security training. This includes virtual and in-person training and courses that would be available at different skill levels to help participants develop and strengthen their skills.

Security Week

June 28, 2022 – General

Overview of Top Mobile Security Threats in 2022 Full Text

Abstract Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.  Consider the recent  discovery by Oversecured , a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? Well, the Google app uses code that does not come integrated with the app itself. Okay, this might sound confusing, but it all works in favor of optimizing certain processes. Thus, Google exploits code libraries pre-installed on Android phones to reduce their download size. In fact, many Android apps use this trick to optimize the storage space needed to run.  As revealed by Oversecured, perpetrators could compromise this retrieval of code from libraries. Instead of Google obtaining code from a reliable source, it could be tricked into taking code from malicious apps operating on the devic

The Hacker News

June 28, 2022 – Vulnerabilities

Latest OpenSSL version is affected by a remote memory corruption flaw Full Text

Abstract Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library...

Security Affairs

June 28, 2022 – General

MITRE shares this year’s list of most dangerous software bugs Full Text

Abstract MITRE shared this year's top 25 most common and dangerous weaknesses impacting software throughout the previous two calendar years.

BleepingComputer

June 28, 2022 – Government

Cyber Command urges private sector to share intelligence, aid defensive digital operations Full Text

Abstract U.S. Cyber Command wants more private companies to share more cybersecurity intelligence so that the organization can improve its defensive capabilities, Cyber Command Executive Director Dave Frederick said in an interview Monday.

CyberScoop

June 28, 2022 – Vulnerabilities

OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability Full Text

Abstract The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL  version 3.0.4 , which was released on June 21, 2022, and impacts x64 systems with the  AVX-512  instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. Security researcher Guido Vranken, who reported the bug at the end of May,  said  it "can be triggered trivially by an attacker." Although the shortcoming has been  fixed , no patches have been made available as yet. OpenSSL is a popular cryptography library that offers an open source implementation of the Transport Layer Security ( TLS ) protocol. Advanced Vector Extensions ( AVX ) are extensions to the x86 instruction set architecture for microprocessors from Intel and AMD. "I do not think this is a security vulnerability," Tomáš Mráz of the OpenSSL Foundation said in a GitHub issue thread.

The Hacker News

June 28, 2022 – Vulnerabilities

Two critical flaws affect CODESYS ICS Automation Software Full Text

Abstract CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation...

Security Affairs

June 28, 2022 – Malware

New ZuoRAT malware targets SOHO routers in North America, Europe Full Text

Abstract A newly discovered multistage remote access trojan (RAT) dubbed ZuoRAT has been used to target remote workers via small office/home office (SOHO) routers across North America and Europe undetected since 2020.

BleepingComputer

June 28, 2022 – Government

NIST Releases New macOS Security Guidance for Organizations Full Text

Abstract The guidance is derived from the macOS Security Compliance Project (mSCP), an open source effort aimed at creating customized security baselines to meet the cybersecurity needs of various organizations.

Security Week

June 28, 2022 – Malware

New Android Banking Trojan ‘Revive’ Targeting Users of Spanish Financial Services Full Text

Abstract A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware — dubbed  Revive  by Italian cybersecurity firm Cleafy — was first observed on June 15, 2022 and distributed by means of phishing campaigns. "The name Revive has been chosen since one of the functionality of the malware (called by the [threat actors] precisely 'revive') is restarting in case the malware stops working, Cleafy researchers Federico Valentini and Francesco Iubatti  said  in a Monday write-up. Available for download from rogue phishing pages ("bbva.appsecureguide[.]com" or "bbva.european2fa[.]com") as a lure to trick users into downloading the app, the malware impersonates the bank's two-factor authentication (2FA) app and is said to be inspired from open-source spyware called  Teardroid , with the authors tweaking the original source c

The Hacker News

June 28, 2022 – Government

FBI: Stolen PII and deepfakes used to apply for remote tech jobs Full Text

Abstract The Federal Bureau of Investigation (FBI) warns of an increase in complaints that cybercriminals are using Americans' stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions.

BleepingComputer

June 28, 2022 – Government

FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up Full Text

Abstract The FTC on Friday announced that it has finalized an order against CafePress, requiring it to improve its security posture following a cybersecurity incident that the company attempted to cover up.

Security Week

June 28, 2022 – General

Breaking Down the Zola Hack and Why Password Reuse is so Dangerous Full Text

Abstract In May of 2022, the wedding planning and registry site Zola suffered a major security breach due to a credential stuffing attack. due to password reuse. Here's what happened and what could have been done to prevent the attack.

BleepingComputer

June 28, 2022 – Attack

Tencent admits to poisoned QR code attack on QQ accounts Full Text

Abstract The problem manifested on Sunday night and saw an unnamed number of QQ users complain their credentials no longer allowed them access to their accounts. Tencent has characterized that issue as representing "stolen" accounts.

The Register

June 28, 2022 – Malware

Raccoon Stealer is back with a new version to steal your passwords Full Text

Abstract The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity.

BleepingComputer

June 28, 2022 – Business

Cerby Emerges From Stealth With Security Platform for Unmanageable Apps Full Text

Abstract Cerby has raised $12 million in seed funding from Ridge Ventures, Bowery Capital, Okta Ventures, Salesforce Ventures and others. This investment brings the total raised by the firm to $15.5 million.

Security Week

June 28, 2022 – Phishing

Malicious Messenger chatbots used to steal Facebook accounts Full Text

Abstract A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages.

BleepingComputer

June 28, 2022 – Vulnerabilities

Over 900,000 Kubernetes instances found exposed online Full Text

Abstract Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks.

BleepingComputer

June 27, 2022 – Skimming

Bank of the West found debit card-stealing skimmers on ATMs Full Text

Abstract The Bank of the West is warning customers that their debit card numbers and PINs have been stolen by skimmers installed on several of the bank's ATMs.

BleepingComputer

June 27, 2022 – General

Strengthen Cybersecurity Defense Against Ransomware | CSA Full Text

Abstract Ransomware dominated the news cycle in 2021, with a plethora of headline-grabbing attacks targeting industries from government to retail. The latest IDC report revealed staggering 37% of global organizations were the victim of a ransomware attack.

Cloud Security Alliance

June 27, 2022 – Ransomware

Cybersecurity Experts Warn of Emerging Threat of “Black Basta” Ransomware Full Text

Abstract The Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason  said  in a report. Similar to other ransomware operations, Black Basta is known to employ the tried-and-tested tactic of double extortion to plunder sensitive information from the targets and threaten to publish the stolen data unless a digital payment is made. A new entrant in the already crowded ransomware landscape, intrusions involving the threat have  leveraged QBot  (aka  Qakbot ) as a conduit to maintain persistence on the compromised hosts and harvest credentials, before moving later

The Hacker News

June 27, 2022 – General

The Strategic Relevance of Cybersecurity Skills Full Text

Abstract The lack of cybersecurity experts is an issue of strategic relevance as it undermines countries’ economic development and national security. Starting to consider the cyber skills shortage as a strategic public policy challenge should help stakeholders allocate the right resources when they plan to enhance the cyber resilience of their countries and organizations through a comprehensive skills strategy.

Lawfare

June 27, 2022 – Attack

The government of Lithuania confirmed it had been hit by an intense cyberattack Full Text

Abstract Lithuania confirmed it had been hit by an "intense" cyberattack, after Vilnius imposed restrictions on the rail transit of certain goods to Kaliningrad. The government of Lithuania announced on Monday that it had been hit by an "intense" cyberattack,...

Security Affairs

June 27, 2022 – Malware

Android malware ‘Revive’ impersonates BBVA bank’s 2FA app Full Text

Abstract A new Android banking malware named Revive has been discovered that impersonates a 2FA application required to log into BBVA bank accounts in Spain.

BleepingComputer

June 27, 2022 – Outage

Cyberattack Forces Iran Steel Company to Halt Production Full Text

Abstract The CEO of Khuzestan Steel Company claimed that Khuzestan Steel managed to thwart the cyberattack and prevent structural damage to production lines that would impact supply chains and customers.

Security Week

June 27, 2022 – Vulnerabilities

Critical Security Flaws Identified in CODESYS ICS Automation Software Full Text

Abstract CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service (DoS) condition, among others.  "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code execution," Chinese cybersecurity firm NSFOCUS  said . "In combination with industrial scenarios on the field, these vulnerabilities could expose industrial production to stagnation, equipment damage, etc." CODESYS is a  software   suite  used by automation specialists as a development environment for programmable logic controller applications ( PLCs ). Following responsible disclosure between September 2021 and January 2022, fixes were  shipped  by the German software company last week on June 23, 2022. Two of the bugs are rated as Critical, seven as High, and two as Me

The Hacker News

June 27, 2022 – Attack

New Matanbuchus Campaign drops Cobalt Strike beacons Full Text

Abstract Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam...

Security Affairs

June 27, 2022 – Criminals

US, Brazil seize 272 websites used to illegally download music Full Text

Abstract The domains of six websites that streamed and provided illegal downloads of copyrighted music were seized by U.S. Homeland Security Investigations (HSI) and the Department of Justice.

BleepingComputer

June 27, 2022 – Breach

Japanese worker loses city’s personal data in USB fail Full Text

Abstract A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data, including banking data, on the metropolis's 460,000 residents.

The Register

June 27, 2022 – General

What Are Shadow IDs, and How Are They Crucial in 2022? Full Text

Abstract Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool that they preferred over any other sanctioned products (which JPMorgan certainly has quite a few of.)  Visibility into unknown and unsanctioned applications has been required by regulators and also recommended by the Center for Internet Security community for a long time. Yet it seems like new and better approaches are still in demand. Gartner has identified External Attack Surface Management, Digital Supply Chain Risk, and Identity Threat Detection as the top three trends to focus on in 2022, all of which are closely intertwined with Shadow IT. "Shadow IDs," or in other words, unman

The Hacker News

June 27, 2022 – Outage

Cyberattack halted the production at the Iranian state-owned Khuzestan Steel company Full Text

Abstract Iranian state-owned Khuzestan Steel Company was hit by a cyber attack that forced the company to halt its production. The Khuzestan Steel Company is one of the major steel companies owned by the Iranian government. The company was forced...

Security Affairs

June 27, 2022 – Attack

Vice Society claims ransomware attack on Med. University of Innsbruck Full Text

Abstract The Vice Society ransomware gang has claimed responsibility for last week's cyberattack against the Medical University of Innsbruck, which caused severe IT service disruption and the alleged theft of data.

BleepingComputer

June 27, 2022 – General

5 years after NotPetya: Lessons learned Full Text

Abstract Although some experts consider NotPetya a variant of Petya, the two are generally regarded as separate and distinct. NotPetya is far more contagious than Petya, seemingly with no way to stop it from quickly spreading from one host to another.

CSO Online

June 27, 2022 – Policy and Law

Italy Data Protection Authority Warns Websites Against Use of Google Analytics Full Text

Abstract Following the footsteps of  Austria  and  France , the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release  published  last week, called out a local web publisher for using the widely used analytics tool in a manner that allowed key bits of users' personal data to be illegally transferred to the U.S. without necessary safeguards. This includes interactions of users with the websites, the individual pages visited, IP addresses of the devices used to access the websites, browser specifics, details related to the device's operating system, screen resolution, and the selected language, as well as the date and time of the visits. The Italian supervisory authority (SA) said that it arrived at this conclusion following a "complex fact-finding exercise" it commenced in collaboration with other E.

The Hacker News

June 27, 2022 – Malware

Ukrainian telecommunications operators hit by DarkCrystal RAT malware Full Text

Abstract The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications...

Security Affairs

June 27, 2022 – Vulnerabilities

Microsoft Exchange bug abused to hack building automation systems Full Text

Abstract A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.

BleepingComputer

June 27, 2022 – Cryptocurrency

Threat Actors Stole $100M in Crypto Assets From Harmony Full Text

Abstract Harmony pointed out that the consensus layer of the Harmony blockchain remains secure. No steps have currently been taken by the hacker to anonymize ownership of these assets.

Security Affairs

June 27, 2022 – Malware

Researchers Warn of ‘Matanbuchus’ Malware Campaign Dropping Cobalt Strike Beacons Full Text

Abstract A malware-as-a-service (Maas) dubbed  Matanbuchus  has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other  malware loaders  such as  BazarLoader ,  Bumblebee , and  Colibri , is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected systems without detection. Available on Russian-speaking cybercrime forums for a price of $2,500 since February 2021, the malware is equipped with capabilities to launch .EXE and .DLL files in memory and run arbitrary PowerShell commands. The findings, released by threat intelligence firm Cyble last week, document the latest infection chain associated with the loader, which is linked to a threat actor who goes by the online moniker BelialDemon. "If we look historically, BelialDemon has been involved in the development of malware loaders," Unit 42 researchers Jeff White

The Hacker News

June 27, 2022 – Criminals

Threat actors stole $100M in crypto assets from Harmony Full Text

Abstract Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. https://twitter.com/vxunderground/status/1540160287009038337 https://twitter.com/peckshield/status/1540215805366964224 The...

Security Affairs

June 27, 2022 – Ransomware

LockBit 3.0 introduces the first ransomware bug bounty program Full Text

Abstract The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.

BleepingComputer

June 27, 2022 – Vulnerabilities

Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors Full Text

Abstract Codesys admits that the vulnerabilities can be exploited remotely by an attacker with low skills, but the company says in many cases an attacker requires some form of access to the targeted system.

Security Week

June 26, 2022 – Government

LGBTQ+ community warned of extortionists abusing dating apps Full Text

Abstract The U.S. Federal Trade Commission (FTC) has warned this week of extortion scammers targeting the LGBTQ+ community by abusing online dating apps like Grindr and Feeld.

BleepingComputer

June 26, 2022 – Privacy

Spyware Targets Android and iOS Users in Italy and Kazakhstan Full Text

Abstract Google’s TAG reported that RCS Labs, an Italian surveillance firm, was aided by ISPs in Kazakhstan and Italy to compromise iOS and Android users with the Hermit spyware. The attackers provided a page in Italian language to download either Messenger, Instagram, or WhatsApp. For the iOS versio ... Read More

Cyware Alerts - Hacker News

June 26, 2022 – Criminals

Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0day Full Text

Abstract A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting...

Security Affairs

June 26, 2022 – Phishing

Fake copyright infringement emails install LockBit ransomware Full Text

Abstract LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims.

BleepingComputer

June 26, 2022 – Malware

CopperStealer Malware is Spreading Through Fake Cracks Full Text

Abstract Trend Micro observed a new CopperStealer malware variant propagated via websites offering fake cracks. The malware has resorted to using platforms such as Telegram. Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, and Yandex are among the browsers from which the malware can steal Facebook-rel ... Read More

Cyware Alerts - Hacker News

June 26, 2022 – General

Security Affairs newsletter Round 371 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Oracle...

Security Affairs

June 26, 2022 – Phishing

Clever phishing method bypasses MFA using Microsoft WebView2 apps Full Text

Abstract A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.

BleepingComputer

June 26, 2022 – APT

China-linked APT Bronze Starlight deploys ransomware as a smokescreen Full Text

Abstract China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from Secureworks reported that a China-linked APT group, tracked as Bronze Starlight (APT10),...

Security Affairs

June 26, 2022 – General

NetSec Goggle shows search results only from cybersecurity sites Full Text

Abstract A new Brave Search Goggle modifies Brave Search results to only show reputable cybersecurity sites, making it easier to search for and find security information.

BleepingComputer

June 26, 2022 – Attack

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas Full Text

Abstract Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion...

Security Affairs

June 25, 2022 – Education

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF Full Text

Abstract In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet  NIST standards . Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework — a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course  helps you understand this topic, with over 21 hours of video instruction. The training is worth a total of $295, but readers of The Hacker News can  get the course today for only $39 . Special Offer  — Normally priced at $295, this Risk Management Framework course is  now only $39 for a limited time , with lifetime access included. That's a massive 86% discount! Designed by the United States Government, the Risk Management Framework provides a complete guide to securing sensitive data. It also ensures that cybersecurity professionals comply with the various laws, directives, executive orders, and re

The Hacker News

June 25, 2022 – Malware

New Activities of RIG Exploit Kit Observed Full Text

Abstract RIG is one of the actively used exploit kits to distribute a variety of malware. First spotted in 2014, the kit has a unique capability to merge with different web technologies such as VB Script, Flash, and DoSWF to evade detection.

Cyware Alerts - Hacker News

June 25, 2022 – Hacker

China-Based Tropic Trooper Adopts New Malware Variants and Custom Encryption to Target Victims Full Text

Abstract The trojan is bundled in a greyware tool named SMS Bomber, which is used for DoS attacks against phones. Such types of tools are generally used by amateur threat actors who want to carry out attacks against sites.

Cyware Alerts - Hacker News

June 25, 2022 – Malware

PyPi python packages caught sending stolen AWS keys to unsecured sites Full Text

Abstract Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone.

BleepingComputer

June 25, 2022 – Privacy

Google details commercial spyware that targets both Android and iOS devices Full Text

Abstract According to Google Threat Analysis Group (TAG) researchers Benoit Sevens and Clement Lecigne, as well as Project Zero, a distinct government and enterprise-grade iOS and Android spyware variant is now in active circulation.

ZDNet

June 25, 2022 – Vulnerabilities

Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware Full Text

Abstract Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch. Security researchers have published technical details of a critical Fusion Middleware vulnerability,...

Security Affairs

June 25, 2022 – Attack

Automotive fabric supplier TB Kawashima announces cyberattack Full Text

Abstract TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack.

BleepingComputer

June 25, 2022 – Malware

This new malware diverts cryptocurrency payments to attacker-controlled wallets Full Text

Abstract Researchers from Cyble have analyzed a new malware dubbed Keona Clipper that aims to steal cryptocurrencies from infected computers and uses Telegram to increase its stealth.

Tech Republic

June 25, 2022 – Malware

Multiple malicious packages in PyPI repository found stealing AWS secrets Full Text

Abstract Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal...

Security Affairs

June 25, 2022 – Breach

Attackers exploited a zero-day in Mitel VOIP devices to compromise a network Full Text

Abstract Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against...

Security Affairs

June 24, 2022 – Ransomware

The Week in Ransomware - June 24th 2022 - Splinter Cells Full Text

Abstract The Conti ransomware gang has finally ended their charade and turned off their Tor data leak and negotiation sites, effectively shutting down the operation.

BleepingComputer

June 24, 2022 – Government

Cyber security threats are biggest risk to India’s national security: NCSC Full Text

Abstract Cyber security threats are the biggest risk to National security, and building cyber hygiene is very important, National Cyber Security Coordinator Rajesh Pant said on Thursday, June 23 ,2022.

The Hindu

June 24, 2022 – Attack

Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack Full Text

Abstract A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The  findings  come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously unknown exploit as well as a couple of anti-forensic measures adopted by the actor on the device to erase traces of their actions. The exploit in question is tracked as  CVE-2022-29499  and was fixed by Mitel in April 2022. It's rated 9.8 out of 10 for severity on the CVSS vulnerability scoring system, making it a critical shortcoming. "A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA) which could allow a malicious actor to perform remote code execution (CVE-2022-29499) within the context

The Hacker News

June 24, 2022 – Vulnerabilities

Threat actors continue to exploit Log4Shell in VMware Horizon Systems Full Text

Abstract The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER),...

Security Affairs

June 24, 2022 – Ransomware

Mitel zero-day used by hackers in suspected ransomware attack Full Text

Abstract Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack.

BleepingComputer

June 24, 2022 – Phishing

Phishing Attacks Using Microsoft’s Cloud CDN Service AFD Full Text

Abstract Resecurity spotted a surge in phishing messages delivered via Azure Front Door, Microsoft’s cloud CDN service. Most of the content targeted Amazon, SendGrid, and Docusign customers. Through well-known cloud services the criminals are constantly trying to evade detection of their phishing attacks by ... Read More

Cyware Alerts - Hacker News

June 24, 2022

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware Full Text

Abstract A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in  Google Play Protect  — Android's built-in malware defense service — to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group (TAG)  said  in a Thursday report. Hermit, the work of an Italian vendor named RCS Lab, was  documented  by Lookout last week, calling out its modular feature-set and its abilities to harvest sensitive information such as call logs, contacts, photos, precise location, and SMS messages. Once the threat has thoroughly insinuated itself into a device, it's also equipped to record audio and make and redirect phone calls, in addition to abusing its permissions to accessibility services to keep tabs on the foreground apps used by the victims. Its modularity also enables it t

The Hacker News

June 24, 2022 – Vulnerabilities

Vulnerabilities in the Jacuzzi SmartTub app could allow to access users’ data Full Text

Abstract Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub app web interface could have disclosed private data to attackers, security researcher...

Security Affairs

June 24, 2022 – Breach

CafePress fined $500,000 for breach affecting 23 million users Full Text

Abstract The U.S. Federal Trade Commission (FTC) today ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for attempting to cover up a major data breach impacting more than 23 million customers and failing to protect their data.

BleepingComputer

June 24, 2022 – Phishing

Phishing Alert: LNK-based Malware Distribution is on the Rise Full Text

Abstract Microsoft claimed that hackers are increasingly deploying malware, including QBot, Emotet, Bazarloader, and ICEID, through infected LNK files. To distribute LNK files to victims, threat actors use spam emails and malicious URLs. Users should exercise caution when opening dangerous links and at ... Read More

Cyware Alerts - Hacker News

June 24, 2022 – Malware

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys Full Text

Abstract Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as well as the endpoint have now been taken down. "Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job," Sharma  said . The malicious code injected into "loglib-modules" and "pygrata-utils" allow it to harvest AWS credentials, network interface information, and environment variables and export them to a remote endpoint: "hxxp://graph.pygrata[.]com:8000/upload." Troublingly, the endpoints hosting this information in the form of hundreds of .TXT files were not secured by any

The Hacker News

June 24, 2022 – Privacy

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users Full Text

Abstract Google's Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google's Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some...

Security Affairs

June 24, 2022 – Attack

Fast Shop Brazilian retailer discloses “extortion” cyberattack Full Text

Abstract Fast Shop, one of Brazil's largest retailers, has suffered an 'extortion' cyberattack that led to network disruption and the temporary closure of its online store.

BleepingComputer

June 24, 2022 – Criminals

The price of stolen info: Everything on sale on the dark web Full Text

Abstract Privacy Affairs researchers concluded criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses.

Help Net Security

June 24, 2022

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks Full Text

Abstract A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed  Bronze Starlight  by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0. "The ransomware could distract incident responders from identifying the threat actors' true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese threat group," the researchers  said  in a new report. "In each case, the ransomware targets a small number of victims over a relatively brief period of time before it ceases operations, apparently permanently." Bronze Starlight, active since mid-2021, is also tracked by Microsoft under the emerging threat cluster moniker DEV-0401, with the tech giant empha

The Hacker News

June 24, 2022 – Ransomware

Conti ransomware finally shuts down data leak, negotiation sites Full Text

Abstract The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.

BleepingComputer

June 24, 2022 – Vulnerabilities

Researchers Say Oracle Took 6 Months to Patch Critical Vulnerability Affecting Many Systems Full Text

Abstract Tracked as CVE-2022–21445 (CVSS score of 9.8), the vulnerability is described as a deserialization of untrusted data, which could be exploited to achieve arbitrary code execution.

Security Week

June 24, 2022 – General

Businesses risk ‘catastrophic financial loss’ from cyberattacks, US watchdog warns Full Text

Abstract The GAO has warned that private insurance companies are increasingly backing out of covering damages from major cyberattacks — leaving American businesses facing “catastrophic financial loss” unless another insurance model can be found.

The Verge

June 24, 2022 – Breach

Patients at Indiana University Health Affected by Third-party Breach Full Text

Abstract An unauthorized party accessed patients’ personal information at IU Health's vendor MCG Health, including names, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and Social Security numbers.

The Herald Bulletin

June 24, 2022 – Outage

Fast Shop Suffers Downtime Following Unauthorized Access to Company Systems Full Text

Abstract Electronics retailer Fast Shop suffered a hacker attack this Wednesday (June 22). Both the website and the app went offline, but the company said services have now been restored.

newsbulletin247

June 23, 2022 – Malware

New ‘Quantum’ Builder Lets Attackers Easily Create Malicious Windows Shortcuts Full Text

Abstract A new malware tool that enables cybercriminal actors to build malicious Windows shortcut ( .LNK ) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder , the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support  UAC  and  Windows SmartScreen  bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities to generate .HTA and disk image (.ISO) payloads. Quantum Builder is available for lease at different price points: €189 a month, €355 for two months, €899 for six months, or as a one-off lifetime purchase for €1,500. ".LNK files are shortcut files that reference other files, folders, or applications to open them," Cyble researchers  said  in a report. "The [threat actor] leverages the .LNK files and drops malicious payloads using  LOLBins  [living-off-the-land binaries]." Early evidence of malware samples using Quantum Builder in the wild is said to da

The Hacker News

June 23, 2022 – Vulnerabilities

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and [Unified Access Gateway] servers," the agencies  said . "As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command-and-control (C2)." In one instance, the adversary is said to have been able to move laterally inside the victim network, obtain access to a disaster recovery network, and collect and exfiltrate sensitive law enforcement data. Log4Shell , tracked as  CVE-2021-44228  (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache

The Hacker News

June 23, 2022 – Botnet

Scalper bots out of control in Israel, selling state appointments Full Text

Abstract Out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.

BleepingComputer

June 23, 2022 – Malware

AvosLocker Adopts a Mix of Commercial Tools and Malicious Payloads Full Text

Abstract The attackers have used Cobalt Strike, Sliver, and several commercially available network scanners. They targeted an ESXi server exposed over VMWare Horizon UAG by exploiting the Log4Shell flaw.

Cyware Alerts - Hacker News

June 23, 2022 – Privacy

NSO Confirms Pegasus Spyware Used by at least 5 European Countries Full Text

Abstract The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a  report  from Politico. Acknowledging that it had "made mistakes," the company also stressed on the need for an international standard to regulate the government use of spyware. The disclosure comes as a special inquiry committee was  launched in April 2022  to investigate alleged breaches of E.U. law following revelations that the company's Pegasus spyware is being used to snoop on phones belonging to politicians, diplomats, and civil society members. "The committee is going to look into existing national laws regulating surveillance, and whether Pegasus spyware was us

The Hacker News

June 23, 2022 – General

Bolt-On vs Baked-In Cybersecurity Full Text

Abstract Real cybersecurity involves trade-offs in functional requirements.

Lawfare

June 23, 2022 – APT

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor Full Text

Abstract China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate...

Security Affairs

June 23, 2022 – Government

CISA: Log4Shell exploits still being used to hack VMware servers Full Text

Abstract CISA warned today that threat actors including state-backed hacking groups are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability.

BleepingComputer

June 23, 2022 – Phishing

Phishing Kits, Credential Theft, and Social Media Scam Trends Q1 2022 Full Text

Abstract While there has been a slight increase in the traditional email phishing attack, the other trends include social media impersonation scams, dark web threats, hybrid vishing attacks, and BEC attacks.

Cyware Alerts - Hacker News

June 23, 2022 – General

Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation Full Text

Abstract When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the  2022 SaaS Security Survey Report.  The survey report, completed by Adaptive Shield in conjunction with Cloud Security Alliance (CSA), dives into how CISOs today are managing the growing SaaS app attack surface and the steps they are taking to secure their organizations.  The report finds that at least 43% of organizations have experienced a security incident as a result of a SaaS misconfiguration; however, with another 20% being "unsure," the real number could be  as high as 63% . These numbers are particularly striking when compared to the 17% of organizations experiencing security incidents due to an IaaS misconfiguration.  Bearing this

The Hacker News

June 23, 2022 – Policy and Law

NSO Group told lawmakers that Pegasus spyware was used by at least 5 European countries Full Text

Abstract The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least...

Security Affairs

June 23, 2022 – Privacy

Spyware vendor works with ISPs to infect iOS and Android users Full Text

Abstract Google's Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools.

BleepingComputer

June 23, 2022 – Criminals

Crypto Scammers Turn to LinkedIn to Target Victims Full Text

Abstract The scams work in a similar manner as on other platforms. Scammers create professional-looking fake profiles and attempt to strike up conversations with users using the in-built messaging feature.

Cyware Alerts - Hacker News

June 23, 2022 – Hacker

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside Full Text

Abstract A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity company Check Point  said  in a report. "Whoever crafted the Nim loader took special care to give it the same executable icon as the SMS Bomber that it drops and executes," the researchers said. "Therefore the entire bundle works as a trojanized binary." SMS Bomber, as the name indicates, allows a user to input a phone number (not their own) so as to flood the victim's device with messages and potentially render it unusable in what's a denial-of-service (DoS) attack. The fact that the binary doubles up as SMS Bomber and a backdoor suggests that t

The Hacker News

June 23, 2022 – Vulnerabilities

QNAP warns of a critical PHP flaw that could lead to remote code execution Full Text

Abstract Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that...

Security Affairs

June 23, 2022 – Denial Of Service

Lithuania warns of rise in DDoS attacks against government sites Full Text

Abstract The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in distributed denial of service (DDoS) attacks directed against public authorities in the country.

BleepingComputer

June 23, 2022 – Malware

New Activities of RIG Exploit Kit Observed Full Text

Abstract According to Bitdefender researchers, the operators behind the RIG exploit kit have swapped the Raccoon Stealer malware with Dridex trojan as part of an ongoing campaign that commenced in January 2021.

Cyware Alerts - Hacker News

June 23, 2022 – Vulnerabilities

Researchers found flaws in MEGA that allowed to decrypt of user data Full Text

Abstract Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption of user data MEGA has addressed multiple vulnerabilities in its cloud storage service that could have allowed threat...

Security Affairs

June 23, 2022 – Attack

Malicious Windows ‘LNK’ attacks made easy with new Quantum builder Full Text

Abstract Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack.

BleepingComputer

June 23, 2022 – Vulnerabilities

ICS Vendors Respond to OT:Icefall Vulnerabilities Impacting Critical Infrastructure Full Text

Abstract Affected vendors include Baker Hughes (Bentley Nevada), Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. One of the impacted vendors has not been named as the disclosure process is still ongoing.

Security Week

June 23, 2022 – Attack

Automotive hose maker Nichirin hit by ransomware attack Full Text

Abstract Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline.

BleepingComputer

June 23, 2022 – Hacker

Bronze Starlight Hacker Group Spreads Ransomware Using HUI Loader Full Text

Abstract According to Secureworks' Counter Threat Unit (CTU) research team, two activity clusters related to HUI Loader have been connected to Chinese-speaking threat actors, namely Bronze Riverside and Bronze Starlight.

ZDNet

June 23, 2022 – Hacker

Chinese hackers use ransomware as decoy for cyber espionage Full Text

Abstract Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities.

BleepingComputer

June 23, 2022 – Policy and Law

MCG Health Faces Lawsuit Over Data Breach Impacting 1.1 Million Individuals Full Text

Abstract On June 10, the company started to inform potentially impacted individuals of a data breach that occurred on March 25, and which might have resulted in their personal information being accessed by a third-party.

Security Week

June 23, 2022 – Phishing

New MetaMask phishing campaign uses KYC lures to steal passphrases Full Text

Abstract A new phishing campaign is targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases.

BleepingComputer

June 23, 2022 – General

Your email is a major source of security risks and it’s getting worse Full Text

Abstract Malware delivered to email accounts rose 196% in 2021 year-on-year, according to Trend Micro, which warns that email remains a major avenue for criminals looking to deliver malware and phish account credentials.

ZDNet

June 23, 2022 – Breach

Conti ransomware hacking spree breaches over 40 orgs in a month Full Text

Abstract The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month.

BleepingComputer

June 23, 2022 – Vulnerabilities

Severe Parse Server bug impacts Apple Game Center Full Text

Abstract Tracked as CVE-2022-31083 and issued a CVSS severity score of 8.6, the security issue is described as a scenario in which the authentication adapter for Apple Game Center’s security certificate is not validated.

The Daily Swig

June 22, 2022 – Vulnerabilities

Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks Full Text

Abstract QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor  said  in an advisory. "If exploited, the vulnerability allows attackers to gain remote code execution." The vulnerability, tracked as  CVE-2019-11043 , is rated 9.8 out of 10 for severity on the CVSS vulnerability scoring system. That said, it's required that Nginx and php-fpm are running in appliances using the following QNAP operating system versions - QTS 5.0.x and later QTS 4.5.x and later QuTS hero h5.0.x and later QuTS hero h4.5.x and later QuTScloud c5.0.x and later "As QTS, QuTS hero or QuTScloud does not have nginx installed by default, QNAP NAS are not aff

The Hacker News

June 22, 2022 – Government

NSA shares tips on securing Windows devices with PowerShell Full Text

Abstract The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines.

BleepingComputer

June 22, 2022 – APT

Russian Hackers APT28 and UAC-0098 Target Ukraine Again Full Text

Abstract CERT-UA issued two separate alerts unveiling the malicious activity by APT28 and UAC-0098 hacker groups as they weaponized Follina to deploy Cobalt Strike beacon and CredoMap malware, respectively. APT28 is sending emails laden with a malicious document that tries to exploit the fear among Ukr ... Read More

Cyware Alerts - Hacker News

June 22, 2022 – Vulnerabilities

Researchers Uncover Ways to Break the Encryption of ‘MEGA’ Cloud Storage Service Full Text

Abstract A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled " MEGA: Malleable Encryption Goes Awry ," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files. "Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client," ETH Zurich's Matilda Backendal, Miro Haller, and Kenneth G. Paterson said in an analysis of the service's cryptographic architecture. MEGA, which  advertises  itself as the "privacy company" and claims to provide user-controlled end-to-end encrypted cloud storage, has more than 10 million daily active users, w

The Hacker News

June 22, 2022 – Attack

Exclusive: Lithuania under cyber-attack after the ban on Russian railway goods Full Text

Abstract Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian...

Security Affairs

June 22, 2022 – General

You’ve Been Warned: Overlook Security Basics at Your Peril Full Text

Abstract Ransomware shows no sign of abating and hackers are becoming more cautious and making risk/reward calculations before targeting companies. Additionally, companies are also grappling with supply chain attacks originating through open source software using a variety of mass-market applications and operating systems.

Threatpost

June 22, 2022 – Attack

Chinese hackers target script kiddies with info-stealer trojan Full Text

Abstract Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.

BleepingComputer

June 22, 2022 – Phishing

Fake Voicemail Campaign Steals Microsoft 365 Credentials Full Text

Abstract A Voicemail messaging campaign is targeting individuals in the key vertical markets of the U.S. to steal their Office365 and Outlook credentials, while evading anti-phishing tools through a CAPTCHA check. The email has an HTML attachment using a music note character to impersonate the file as a sou ... Read More

Cyware Alerts - Hacker News

June 22, 2022 – Attack

Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine Full Text

Abstract The Computer Emergency Response Team of Ukraine (CERT-UA) has  cautioned  of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap. Follina ( CVE-2022-30190 , CVSS score: 7.8), which concerns a case of remote code execution affecting the Windows Support Diagnostic Tool (MSDT), was addressed by Microsoft on June 14, 2022, as part of its  Patch Tuesday updates . According to an independent report published by Malwarebytes,  CredoMap  is a variant of the .NET-based credential stealer that Google Threat Analysis Group (TAG)  divulged  last month as having been depl

The Hacker News

June 22, 2022 – Attack

Magecart attacks are still around but are more difficult to detect Full Text

Abstract Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors have switched most of their operations server-side to avoid detection of security firms. However, Malwarebytes...

Security Affairs

June 22, 2022 – Attack

Microsoft: Russia stepped up cyberattacks against Ukraine’s allies Full Text

Abstract Microsoft said today that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after Russia's invasion.

BleepingComputer

June 22, 2022 – Phishing

Threat Actors Target EI-ISAC Members with Fake Facebook Email Full Text

Abstract Attackers are leveraging fake Facebook email uses copyrights to lure members of the Elections Infrastructure Information Sharing and Analysis Center (Ei-ISAC). The body of the email informed EI-ISAC that Facebook had taken down some of its content, as the result of a copyright infringement. Th ... Read More

Cyware Alerts - Hacker News

June 22, 2022 – Skimming

Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign Full Text

Abstract A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that  two   malware  domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis. "We were able to connect these two domains with a  previous campaign from November 2021  which was the first instance to our knowledge of a skimmer checking for the use of virtual machines," Jérôme Segura  said . "However, both of them are now devoid of VM detection code. It's unclear why the threat actors removed it, unless perhaps it caused more issues than benefits." The earliest evidence of the campaign's activity, based on the additional domains uncovered, suggests it dates back to at least May 2020. Magecart  refers to a cybercrim

The Hacker News

June 22, 2022 – General

Thank you!!! SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022 Full Text

Abstract I’m proud to announce that SecurityAffairs was awarded as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards 2022. The winners of the annual European Cybersecurity Blogger Awards have been announced. Security...

Security Affairs

June 22, 2022 – Vulnerabilities

MEGA fixes critical flaws that allowed the decryption of user data Full Text

Abstract MEGA has released a security update to address a set of severe vulnerabilities that could have exposed user data, even if the data had been stored in encrypted form.

BleepingComputer

June 22, 2022 – Vulnerabilities

SMA Technologies Patches Critical Security Issue in Workload Automation Solution Full Text

Abstract Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations.

Security Week

June 22, 2022 – Criminals

Europol Busts Phishing Gang Responsible for Millions in Losses Full Text

Abstract Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse and a 25-year-old woman from Deventer, according to a  statement  from the National Police Force. Also confiscated as part of 24 house searches were firearms, ammunition, jewelry, designer clothing, expensive watches, electronic devices, tens of thousands of euros in cash, and cryptocurrency, the officials said. "The criminal group contacted victims by email, text message and through mobile messaging applications," the agency  noted . "These messages were sent by the members of the gang and contained a phishing link leading to a bogus banking website." Unsu

The Hacker News

June 22, 2022 – Criminals

Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer Full Text

Abstract Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware. Since January 2022, the Bitdefender Cyber Threat Intelligence Lab observed operators behind the RIG Exploit Kit pushing the Dridex...

Security Affairs

June 22, 2022 – Vulnerabilities

Critical PHP flaw exposes QNAP NAS devices to RCE attacks Full Text

Abstract QNAP has warned customers today that many of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution.

BleepingComputer

June 22, 2022 – Attack

DFSCoerce: A New NTLM Relay Attack for Complete Account Takeover Full Text

Abstract A new DFSCoerce Windows NTLM relay attack uses MS-DFSNM to entirely take over a Windows domain. The script used is based on the PetitPotam exploit. For this attack, researchers abused the Microsoft Active Directory Certificate Services, which is exposed to NTLM relay attacks. The best way to stop s ... Read More

Cyware Alerts - Hacker News

June 22, 2022 – Breach

Flagstar Bank discloses a data breach that impacted 1.5 Million individuals Full Text

Abstract US Flagstar Bank disclosed a data breach that exposed files containing the personal information of 1.5 million individuals. US-based Flagstar Bank disclosed a data breach that impacted roughly 1.5 million individuals, but the company did not share...

Security Affairs

June 22, 2022 – Vulnerabilities

Google Patches 14 Vulnerabilities With Release of Chrome 103 Full Text

Abstract The most severe of these bugs is CVE-2022-2156, which is described as a critical-severity use-after-free issue in Base. The security flaw was identified by Mark Brand of Google Project Zero.

Security Week

June 22, 2022 – Business

RevealSecurity Raises $23 Million for Application Detection and Response Full Text

Abstract The Series A financing provides capital for the Tel Aviv-based company to build "Application Detection and Response" technology capable of ferreting out malicious activities executed by insiders and imposters in enterprise applications.

Security Week

June 21, 2022 – General

Modern IT Security Teams’ Inevitable Need for Advanced Vulnerability Management Full Text

Abstract Traditional vulnerability management programs are outdated, with little to no innovation in the last two decades. Today’s dynamic IT environment demands an advanced vulnerability management program to deal with the complex attack surface and curb security risks.

Threatpost

June 21, 2022 – Privacy

Kazakh Govt. Used Spyware Against Protesters Full Text

Abstract Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.

Threatpost

June 21, 2022 – Phishing

Voicemail Scam Steals Microsoft Credentials Full Text

Abstract Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details.

Threatpost

June 21, 2022 – Malware

RIG Exploit Kit Now Infects Victims’ PCs With Dridex Instead of Raccoon Stealer Full Text

Abstract The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi,  spotted  by Romanian company Bitdefender, comes in the wake of Raccoon Stealer  temporarily closing the project  after one of its team members responsible for critical operations passed away in the Russo-Ukrainian war in March 2022. The Rig Exploit Kit is notable for its abuse of browser exploits to distribute an array of malware. First spotted in 2019, Raccoon Stealer is a credential-stealing trojan that's advertised and sold on underground forums as a malware-as-a-service (MaaS) for $200 a month. That said, the Raccoon Stealer actors are already working on a second version that's expected to be "rewritten from scratch and optimized." But the void left by the malware's exit is being filled by other information stealers such as RedLine Stealer and Vidar.

The Hacker News

June 21, 2022 – Outage

Yodel parcel company confirms cyberattack is disrupting delivery Full Text

Abstract Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online.

BleepingComputer

June 21, 2022 – Attack

VIP3R Campaign Uses HTML Attachments to Bypass Email Security Full Text

Abstract Researchers have observed new spear-phishing campaigns, dubbed VIP3R, aimed at certain organizations and individuals via infected HTML attachments. If opened, victims are directed at a phishing page impersonating a service often used by them, where they are are urged to input their username and pas ... Read More

Cyware Alerts - Hacker News

June 21, 2022 – Hacker

New ToddyCat Hacker Group on Experts’ Radar After Targeting MS Exchange Servers Full Text

Abstract An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell and activate a multi-stage infection chain. Other prominent countries targeted include Afghanistan, India, Indonesia, Iran, Kyrgyzstan, Malaysia, Pakistan, Russia, Slovakia, Thailand, the U.K., and Uzbekistan, just as the threat actor evolved its toolset over the course of different campaigns. "The first wave of attacks exclusively targeted Microsoft Exchange Servers, which were compromised with Samurai, a sophisticated passive backdoor that usually works on ports 80 and 443," Russian cybersecurity company Kaspersky  said  in a report published today. "The malware allows arbitrary C#

The Hacker News

June 21, 2022 – APT

New ToddyCat APT targets high-profile entities in Europe and Asia Full Text

Abstract Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020. Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks...

Security Affairs

June 21, 2022 – General

Modern IT Security Teams’ Inevitable Need for Advanced Vulnerability Management Full Text

Abstract Traditional vulnerability management programs are outdated, with little to no innovation in the last two decades. Today’s dynamic IT environment demands an advanced vulnerability management program to deal with the complex attack surface and curb security risks.

Threatpost

June 21, 2022 – Solution

7-zip now supports Windows ‘Mark-of-the-Web’ security feature Full Text

Abstract 7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files.

BleepingComputer

June 21, 2022– Ransomware

After Deadbolt, eCh0raix Ransomware Targets QNAP NAS Devices Full Text

Abstract Taiwanese vendor QNAP has been hit by another ransomware attack with the latest one coming from the eCh0raix. For this, only a few dozen eCh0raix samples have been submitted so far. To prevent from this, QNAP has urged customers to update their devices' QTS or QuTS hero operating systems to the lat ... Read More

Cyware Alerts - Hacker News

June 21, 2022 – Vulnerabilities

Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors Full Text

Abstract Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology (OT) vendors due to what researchers call are "insecure-by-design practices." Collectively dubbed  OT:ICEFALL  by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. "Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts," the company said in a technical report. These vulnerabilities could have disastrous consequences considering the impacted products are widely employed in critical infrastructure industries such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, min

The Hacker News

June 21, 2022 – Attack

New DFSCoerce NTLM relay attack allows taking control over Windows domains Full Text

Abstract Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control...

Security Affairs

June 21, 2022 – Attack

Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware Full Text

Abstract The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons.

BleepingComputer

June 21, 2022 – Vulnerabilities

Jacuzzi customer details could be exposed by SmartTub web bugs, claims researcher Full Text

Abstract Vulnerabilities in the web interface of Jacuzzi’s SmartTub app could have enabled an attacker to view and potentially manipulate the personal data of hot tub owners, a security researcher claims.

The Daily Swig

June 21, 2022 – General

Mitigate Ransomware in a Remote-First World Full Text

Abstract Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge for  organizations everywhere. 2021 was a case study in ransomware due to the wide variety of attacks, significant financial and economic impact, and diverse ways that organizations responded.  These attacks  should be seen as a lesson that can inform future security strategies to mitigate ransomware risk. As an organization continues to evolve, so should its security strategy. The Remote Environment Is Primed for Ransomware With organizations continuing to support remote and hybrid work, they no longer have the visibility and control they once had inside their perimeter. Attackers are  exploiting this weakness  and profiting. Here are three reasons they're able to do so: Visibility and control have changed.  Most organizations now have employees working from anywhere. These employees expect seamless access to

The Hacker News

June 21, 2022 – Phishing

Cybercriminals Use Azure Front Door in Phishing Attacks Full Text

Abstract Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service...

Security Affairs

June 21, 2022 – General

Adobe Acrobat may block antivirus tools from monitoring PDF files Full Text

Abstract Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users.

BleepingComputer

June 21, 2022 – Outage

Yodel Blames Cyber Incident for Disruption and Parcel Tracking Problems Full Text

Abstract "Yodel is currently experiencing service delays due to a system-wide outage," said an update on Beer Hawk's website, which says the issues have been affecting their deliveries since at least Monday.

ZDNet

June 21, 2022 – Policy and Law

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach Full Text

Abstract A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the  2019 Capital One breach . Paige Thompson , who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The seven-day trial saw the jury acquitted her of other charges, including access device fraud and aggravated identity theft. She is scheduled for sentencing on September 15, 2022. Cumulatively, the offenses are punishable by up to 25 years in prison. "Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,"  said  U.S. Attorney Nick Brown. "Far from being an ethical hacker trying to help companies with their computer s

The Hacker News

June 21, 2022 – Criminals

Phishing gang behind millions in losses dismantled by police Full Text

Abstract Members of a phishing gang behind millions of euros in losses were arrested today following a law enforcement operation coordinated by the Europol. 

BleepingComputer

June 21, 2022 – General

Security Lessons From Protecting Live Events Full Text

Abstract Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always.

Dark Reading

June 21, 2022 – Attack

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain Full Text

Abstract A new kind of Windows NTLM relay attack dubbed  DFSCoerce  has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory Certificate Services]? Don't worry MS-DFSNM have (sic) your back," security researcher Filip Dragovic  said  in a tweet. MS-DFSNM  provides a remote procedure call (RPC) interface for administering distributed file system configurations. The NTLM (NT Lan Manager) relay attack is a well-known method that exploits the challenge-response mechanism. It allows malicious parties to sit between clients and servers and intercept and relay validated authentication requests in order to gain unauthorized access to network resources, effectively gaining an initial foothold in Active Di

The Hacker News

June 21, 2022 – Attack

Microsoft Exchange servers hacked by new ToddyCat APT gang Full Text

Abstract An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020.

BleepingComputer

June 21, 2022 – General

UK: House of Lords move to protect cyber researchers from prosecution Full Text

Abstract A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers being prosecuted in the course of their work.

Computer Weekly

June 21, 2022 – Vulnerabilities

Icefall: 56 flaws impact thousands of exposed industrial devices Full Text

Abstract A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments.

BleepingComputer

June 21, 2022 – Criminals

Avos Ransomware Group Expands Attack Arsenal to VMware Horizon Access Gateways Full Text

Abstract The initial ingress point was a pair of VMWare Horizon Unified Access Gateways that were vulnerable to Log4Shell. The attackers utilized several different tools, including Cobalt Strike, Sliver, and multiple commercial network scanners.

Cisco Talos

June 21, 2022 – Attack

Client-side Magecart attacks still around, but more covert Full Text

Abstract For now, researchers say that Magecart client-side attacks are still around and that we could easily be missing them if we rely on automated crawlers and sandboxes, at least if we don’t make them more robust.

Malwarebytes Labs

June 20, 2022 – Attack

New DFSCoerce NTLM Relay attack allows Windows domain takeover Full Text

Abstract A new Windows NTLM relay attack called DFSCoerce has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain.

BleepingComputer

June 20, 2022 – Criminals

What do Ransomware Actors Want? Full Text

Abstract The Pain Points: Ransomware Data Disclosure Trends by Rapid7 uncovers the kind of data ransomware actors want and how they pressure victims into getting it back by paying a ransom.

Cyware Alerts - Hacker News

June 20, 2022 – Education

Do You Have Ransomware Insurance? Look at the Fine Print Full Text

Abstract Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current climate, war exclusion clauses are increasingly rendering ransomware insurance of reduced value – and why your organization should focus on protecting itself instead. What is ransomware insurance In recent years, ransomware insurance has grown as a product field because organizations are trying to buy protection against the catastrophic effects of a successful ransomware attack. Why try to buy insurance? Well, a single, successful attack can just about wipe out a large organization, or lead to crippling costs –  NotPetya alone led to a total of $10bn in damages .  Ransomware attacks

The Hacker News

June 20, 2022 – APT

Russian APT28 hacker accused of the NATO think tank hack in Germany Full Text

Abstract The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka "blabla1234565" and "kazak")...

Security Affairs

June 20, 2022 – Breach

Flagstar Bank discloses data breach impacting 1.5 million customers Full Text

Abstract Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack.

BleepingComputer

June 20, 2022 – Business

Google no longer allows username and passwords on third-party email applications Full Text

Abstract App-specific passwords are used in conjunction with two-factor authentication on your Google account. Most applications do not know how to handle two-factor, which is why app-specific passwords were created.

Neowin

June 20, 2022 – Vulnerabilities

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild Full Text

Abstract A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as  CVE-2022-22620  (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to gain arbitrary code execution. In early February 2022, Apple shipped patches for the bug across Safari, iOS, iPadOS, and macOS, while acknowledging that it "may have been actively exploited." "In this case, the variant was completely patched when the vulnerability was initially reported in 2013," Maddie Stone of Google Project Zero  said . "However, the variant was reintroduced three years later during large refactoring efforts. The vulnerability then continued to exist for 5 years until it was fixed as an in-the-wild zero-day in January 2022." While both th

The Hacker News

June 20, 2022 – Vulnerabilities

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild Full Text

Abstract Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The...

Security Affairs

June 20, 2022 – Criminals

New ‘BidenCash’ site sells your stolen credit card for just 15 cents Full Text

Abstract A recently launched carding site called 'BidenCash' is trying to get notoriety by leaking credit card details along with information about their owners.

BleepingComputer

June 20, 2022 – Outage

Many OT Security Incidents Result in Outages Posing Physical Safety Risk: Fortinet Full Text

Abstract The most common types of attacks involved malware and phishing, but Fortinet pointed out that these types of incidents have significantly declined in North America — along with insider breaches — compared to the previous year.

Security Week

June 20, 2022 – General

Security Affairs newsletter Round 370 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. US...

Security Affairs

June 20, 2022 – Attack

Microsoft 365 credentials targeted in new fake voicemail campaign Full Text

Abstract A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials.

BleepingComputer

June 20, 2022 – Vulnerabilities

Attackers Can Use ‘Scroll to Text Fragment’ Web Browser Feature to Steal Data Full Text

Abstract Scroll to Text Fragment (STTF), a feature that can be used to directly browse to a specific text fragment on a webpage, can be exploited to leak sensitive user information, a security researcher has found.

The Daily Swig

June 20, 2022 – Vulnerabilities

Cisco will not address critical RCE in end-of-life Small Business RV routers Full Text

Abstract Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers. Cisco will not release updates to address the CVE-2022-20825 RCE flaw in end-of-life Small Business RV routers and encourage...

Security Affairs

June 20, 2022 – Solution

RubyGems trials 2FA-by-default in code repo’s latest security effort Full Text

Abstract The package manager has started alerting the maintainers of gems with more than 165 million downloads via the RubyGems command-line tool and website, recommending that they enable MFA on their accounts.

The Daily Swig

June 20, 2022 – Malware

BRATA Android Malware evolves and targets the UK, Spain, and Italy Full Text

Abstract The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. The malware was first...

Security Affairs

June 20, 2022 – Breach

Internet scans find 1.6 million secrets leaked by websites Full Text

Abstract Security researchers have apparently discovered more than 1.6 million secrets leaked by websites, including more than 395,000 exposed by the one million most popular domains.

The Daily Swig

June 20, 2022 – Policy and Law

New EU Laws Will Improve Firms’ Cyber Resilience Globally: Moody’s Full Text

Abstract The Digital Operational Resilience Act would force non-EU companies with a significant presence in member states to create subsidiaries that can be regulated under their jurisdiction.

Nextgov

June 20, 2022 – Vulnerabilities

AutomationDirect Patches Vulnerabilities in PLC, HMI Products Full Text

Abstract The US CISA has informed organizations that AutomationDirect has patched several high-severity vulnerabilities in some of its programmable logic controller (PLC) and human-machine interface (HMI) products.

Security Week

June 20, 2022 – Government

Energy Department Releases Strategy to Build Cyber-Resilient Energy Systems Full Text

Abstract The Department of Energy this week released its national Cyber-Informed Engineering Strategy that provides guidance for building resilient energy systems that can withstand cyberattacks.

Nextgov

June 19, 2022 – Malware

BRATA Android Malware Gains Advanced Mobile Threat Capabilities Full Text

Abstract The operators behind  BRATA  have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy  said  in a report last week. "This term is used to describe an attack campaign in which criminals establish a long-term presence on a targeted network to steal sensitive information." An acronym for "Brazilian Remote Access Tool Android," BRATA was first  detected  in the wild in Brazil in late 2018, before making its first appearance in Europe last April, while masquerading as antivirus software and other common productivity tools to trick users into downloading them. The change in the attack pattern, which scaled new highs in early April 2022, involves tailoring the malware to strike a specific financial institution at a time, switching to a differe

The Hacker News

June 19, 2022 – Privacy

Google Chrome extensions can be fingerprinted to track you online Full Text

Abstract A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online.

BleepingComputer

June 19, 2022 – Ransomware

Ransomware Attacks on Microsoft Cloud’s Versioning Feature are Likely Full Text

Abstract Researchers say ransomware actors can exploit a functionality flaw in Microsoft Office 365 suite to encrypt files stored on SharePoint and OneDrive Online. The attack uses the versioning (or autosave) feature for the files edited on OneDrive or SharePoint as it creates cloud backups of older file v ... Read More

Cyware Alerts - Hacker News

June 19, 2022 – Vulnerabilities

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild Full Text

Abstract A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms,...

Security Affairs

June 19, 2022 – Malware

Android-wiping BRATA malware is evolving into a persistent threat Full Text

Abstract The threat actors operating the BRATA banking trojan have evolved their tactics and incorporated new information-stealing features into their malware.

BleepingComputer

June 19, 2022 – Privacy

Kazakh People Targeted via Hermit Android Spyware Full Text

Abstract Hermit, an enterprise-grade Android spyware, has been used by organizations in Kazakhstan, Italy, and Syria to exploit a rooted Android device and collect data. The website used to mask its malicious activity is an official Oppo support page in the Kazakh language. Users should stay cautious with f ... Read More

Cyware Alerts - Hacker News

June 19, 2022 – Attack

Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS Full Text

Abstract Experts warn of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices. Bleeping Computer and MalwareHunterTeam researchers, citing user reports and sample submissions on the ID Ransomware platform, warn...

Security Affairs

June 19, 2022 – Attack

Chinese Hackers Abuse Zero-day Bug in Sophos Firewall Full Text

Abstract Volexity researchers laid bare a sophisticated campaign by Chinese APT abusing a critical zero-day in Sophos’ firewall product. Sophos has fixed the flaw; provided mitigations to help organizations use their firewall and protect against threat actors abusing the vulnerability.

Cyware Alerts - Hacker News

June 18, 2022 – Attack

QNAP NAS devices targeted by surge of eCh0raix ransomware attacks Full Text

Abstract This week a new series of ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices according to user reports and sample submissions on the ID-Ransomware platform.

BleepingComputer

June 18, 2022 – Botnet

US DoJ announced to have shut down the Russian RSOCKS Botnet Full Text

Abstract The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS. The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS...

Security Affairs

June 18, 2022 – Phishing

New phishing attack infects devices with Cobalt Strike Full Text

Abstract Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines.

BleepingComputer

June 18, 2022 – Vulnerabilities

Follina Patch Finally Out! Full Text

Abstract Referred to as Follina, the flaw is tracked as CVE-2022-30190. It affects multiple Office versions, including Office 2013, Office 2016, Office 2021, and Office Pro Plus.

Cyware Alerts - Hacker News

June 18, 2022 – Attack

MaliBot Android Banking Trojan targets Spain and Italy Full Text

Abstract Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet...

Security Affairs

June 18, 2022 – Phishing

Fake Facebook Email Uses Copyrights to Trick EI-ISAC Members Full Text

Abstract Malicious cyber actors recently targeted members of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) with a copyright-themed fake Facebook email.

CIS

June 18, 2022 – Breach

Inverse Finance Looted for $1.2 Million via Flash Loan Attack Full Text

Abstract A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.

The Register

June 18, 2022 – Vulnerabilities

15 vulnerabilities discovered in Siemens industrial control management system Full Text

Abstract Fifteen security vulnerabilities affecting Siemens SINEC network management system (NMS) were unveiled this week, according to new research published by security company Claroty.

The Record

June 18, 2022 – Malware

New IceXLoader 3.0 – Developers Warm Up to Nim Full Text

Abstract The latest version is written in Nim, a relatively new language utilized by threat actors over the past two years, most notably by the NimzaLoader variant of BazarLoader used by the TrickBot group.

Fortinet

June 17, 2022 – Vulnerabilities

Over a Dozen Flaws Found in Siemens’ Industrial Network Management System Full Text

Abstract Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution in certain circumstances," industrial security company Claroty  said  in a new report. The shortcomings in question — tracked from CVE-2021-33722 through CVE-2021-33736 — were addressed by Siemens in version V1.0 SP2 Update 1 as part of updates shipped on October 12, 2021. "The most severe could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions," Siemens  noted  in an advisory at the time. Chief among the weaknesses is CVE-2021-33723 (CVSS score: 8.8), which allows for privilege escalation to

The Hacker News

June 17, 2022 – Education

Learn Cybersecurity with Palo Alto Networks Through this PCCSA Course @ 93% OFF Full Text

Abstract In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides services to over 70,000 organizations in 150 countries. The  Palo Alto Networks Cybersecurity Fundamentals (PCCSA)  course helps you gain that same level of credibility, with 27 tutorials working towards official certification. It's normally priced at $295, but readers of The Hacker News can currently  get the training for only $19.99 . Special Offer  — The Palo Alto Networks Cybersecurity Fundamentals (PCCSA) course is worth $295, but you can  grab it today for just $19.99  with lifetime access included. That's 93% off the full price! There are many different certifications you can earn in cybersecurity today. With the backing of a respect

The Hacker News

June 17, 2022 – Botnet

Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices Full Text

Abstract The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things (IoT) devices, Android phones, and computers for use as a proxy service. Botnets, a constantly evolving threat, are networks of hijacked computer devices that are under the control of a single attacking party and are used to facilitate a variety of large-scale cyber intrusions such as distributed denial-of-service (DDoS) attacks, email spam, and cryptojacking. "The RSOCKS botnet offered its clients access to IP addresses assigned to devices that had been hacked," the DoJ  said  in a press release. "The owners of these devices did not give the RSOCKS operator(s) authority to ac

The Hacker News

June 17, 2022 – Vulnerabilities

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners Full Text

Abstract A recently patched  critical security flaw  in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a  crypto miner  called z0miner on victim networks. The bug ( CVE-2022-26134 , CVSS score: 9.8), which was  patched  by Atlassian on June 3, 2022, enables an unauthenticated actor to inject malicious code that paves the way of remote code execution (RCE) on affected installations of the collaboration suite. All supported versions of Confluence Server and Data Center are affected. Other notable malware pushed as part of disparate instances of attack activity include Mirai and Kinsing bot variants, a rogue package called  pwnkit , and Cobalt Strike by way of a web shell deployed after gaining an initial foothold into the

The Hacker News

June 17, 2022 – Ransomware

The Week in Ransomware - June 17th 2022 - Have I Been Ransomed? Full Text

Abstract Ransomware operations are constantly evolving their tactics to pressure victims to pay. For example, this week, we saw a new extortion tactic come into play with the creation of dedicated websites to extort victims with searchable data.

BleepingComputer

June 17, 2022 – Criminals

Cyberattackers Using MonkeyPox-Themed Attacks to Lure Victims Full Text

Abstract Cybercriminals are using monkeypox outbreaks to fool victims into disclosing their personal information. Monkeypox is high on the news agenda and has people’s attention. The email claims that their organization has been monitoring the spread of the disease in the local area, and the updates provide ... Read More

Cyware Alerts - Hacker News

June 17, 2022 – Privacy

Researchers Uncover ‘Hermit’ Android Spyware Used in Kazakhstan, Syria, and Italy Full Text

Abstract An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front company. The San Francisco-based cybersecurity firm said it detected the campaign aimed at Kazakhstan in April 2022. Hermit is modular and comes with myriad capabilities that allow it to "exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages," Lookout researchers Justin Albrecht and Paul Shunk  said  in a new write-up. The spyware is believed to be distributed via SMS messages that trick users into installing what are seemingly innocuous apps from Samsung, Vivo, and Oppo, w

The Hacker News

June 17, 2022 – APT

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed Full Text

Abstract China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040, in Sophos Firewall...

Security Affairs

June 17, 2022 – Vulnerabilities

Cisco says it won’t fix zero-day RCE in end-of-life VPN routers Full Text

Abstract Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched.

BleepingComputer

June 17, 2022 – Breach

BlackCat Launches Dedicated Site for Victims to Search Their Stolen Data Full Text

Abstract In a new initiative, the BlackCat group has begun publishing details of victims on websites open to the public Internet, with the data available in a searchable form. It has already listed 112GB of stolen data, including Social Security numbers, from 1,500 employees of a hotel and spa in Oregon.

Cyware Alerts - Hacker News

June 17, 2022 – General

Reimagine Hybrid Work: Same CyberSec in Office and at Home Full Text

Abstract It was first the pandemic that changed the usual state of work - before, it was commuting, working in the office & coming home for most corporate employees. Then, when we had to adapt to the self-isolation rules, the work moved to home offices, which completely changed the workflow for many businesses. As the pandemic went down, we realized success never relied on where the work was done. Whether your office is your kitchen, your bedroom, a nearby cafe, or your actual workplace in an office building, it all comes down to the fact that job success has nothing to do with your location.  The role of the office in the hybrid era is also changing - according to the research conducted by  PwC , it now serves the purpose of collaborating with team members and building relationships. From an employee's side, it sounds pretty logical and obvious.  However, if we look at hybrid work with the eyes of an employer, things get complicated. How does one make sure corporate devices & da

The Hacker News

June 17, 2022 – Hacker

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company Full Text

Abstract Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit,...

Security Affairs

June 17, 2022 – Botnet

Russian RSocks botnet disrupted after hacking millions of devices Full Text

Abstract The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers.

BleepingComputer

June 17, 2022 – Attack

Robert Half Discloses Hacking Attack Impacting Over 1,000 Customer Accounts Full Text

Abstract Information provided by the company to the Maine Attorney General shows that threat actors targeted Robert Half between April 26 and May 16. The incident, discovered on May 31, impacts 1,058 individuals.

Security Week

June 17, 2022 – Attack

Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity Full Text

Abstract A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks against the customer's staff," Volexity  said  in a report. "These attacks aimed to further breach cloud-hosted web servers hosting the organization's public-facing websites." The zero-day flaw in question is tracked as  CVE-2022-1040  (CVSS score: 9.8), and concerns an authentication bypass vulnerability that can be weaponized to execute arbitrary code remotely. It affects Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. The cybersecurity firm, which issued a patch for the flaw on March 25, 2022, noted that it was abused to "target a small set of spec

The Hacker News

June 17, 2022 – Vulnerabilities

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould Full Text

Abstract Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure. Researchers from Proofpoint reported that a feature in the in Microsoft 365 suite could be abused...

Security Affairs

June 17, 2022 – Attack

QNAP ‘thoroughly investigating’ new DeadBolt ransomware attacks Full Text

Abstract Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware.

BleepingComputer

June 17, 2022 – Attack

MaliBot Banking Trojan Targets Android Users in Italy and Spain Full Text

Abstract F5 Labs discovered new Android-based information-stealing malware, dubbed MaliBot. It was spotted targeting online banking and cryptocurrency wallet users in Italy and Spain. Some of the banks targeted by MaliBot using this approach include UniCredit, Santander, CaixaBank, and CartaBCC. Due to the ... Read More

Cyware Alerts - Hacker News

June 17, 2022 – Vulnerabilities

Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability Full Text

Abstract WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild. The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11. Ninja Forms is a  customizable contact form builder  that has over 1 million installations. According to Wordfence, the bug "made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection." "This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate [property oriented programming] chain was present," Chloe Chamberland of Wordfence  noted . Suc

The Hacker News

June 17, 2022 – Vulnerabilities

Reddit patches CSRF vulnerability that forced users to view NSFW content Full Text

Abstract The medium severity security bug disabled the option to turn on certain settings, meaning that any user who has opted to restrict adult content could instead be directed towards it by malicious hackers.

The Daily Swig

June 17, 2022 – Disinformation

Microsoft Dismisses False Reports About End of Patch Tuesday Full Text

Abstract Microsoft has dismissed media reports about June 14 being the last Patch Tuesday, as the upcoming rollout of the Windows Autopatch service seems to be causing some confusion.

Security Week

June 17, 2022 – Phishing

Shipping Scams of the Week: BHL and USPS Full Text

Abstract The scammers have borrowed the DHL company brand — even going so far as to mimic its colors, logo, and web design. Netizens have also reported receiving phishing emails from scammers posing as USPS.

Trend Micro

June 16, 2022 – General

Ransomware Risk in Healthcare Endangers Patients Full Text

Abstract Ryan Witt, Proofpoint’s Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care.

Threatpost

June 16, 2022 – Vulnerabilities

Sophos Firewall zero-day bug exploited weeks before fix Full Text

Abstract Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.

BleepingComputer

June 16, 2022 – Breach

2 Texas hospital networks infected by malicious code Full Text

Abstract On April 20, the hospitals learned that malicious code had infected their networks as a result of an unauthorized party gaining access to certain systems between ??March 31 and April 24.

Becker’s Health IT Review

June 16, 2022 – Criminals

BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers Full Text

Abstract Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for  unpatched Exchange server  vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out credential theft and lateral movement activities, before harvesting intellectual property and dropping the ransomware payload. The entire sequence of events played out over the course of two full weeks, the Microsoft 365 Defender Threat Intelligence Team  said  in a report published this week. "In another incident we observed, we found that a ransomware affiliate gained initial access to the environment via an internet-facing Remote Desktop server using compromised credentials to sign in," the researchers said, pointing out how "no two BlackCat 'lives' or deployments might look the same." BlackCat , also known by the names ALPHV and Noberus, is a relatively n

The Hacker News

June 16, 2022 – Attack

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers Full Text

Abstract The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations...

Security Affairs

June 16, 2022 – General

2022 SaaS Security Survey Report: 7 Key Findings Full Text

Abstract Learn the growing risks in SaaS security and how different organizations are currently working to secure themselves.

Threatpost

June 16, 2022 – Policy and Law

iCloud hacker gets 9 years in prison for stealing nude photos Full Text

Abstract A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021.

BleepingComputer

June 16, 2022 – Business

Jit Banks Massive $38.5 Million Seed Round Funding Full Text

Abstract The $38.5 million round is abnormally high for seed-stage funding and signals a strategic shift to make bigger bets on early-stage companies with brand-new products and no significant revenue stream.

Security Week

June 16, 2022 – Vulnerabilities

A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage Full Text

Abstract A "dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack makes it possible to launch file-encrypting malware to "encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," Proofpoint  said  in a report published today. The infection sequence can be carried out using a combination of Microsoft APIs, command-line interface (CLI) scripts, and PowerShell scripts, the enterprise security firm added. The attack, at its core, hinges on a Microsoft 365 feature called AutoSave that creates copies of older file versions as and when users make edits to a file stored on OneDrive or SharePoint Online. It commences with gaining unauthorized access to a target user's SharePoint Onlin

The Hacker News

June 16, 2022 – Criminals

ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web Full Text

Abstract ALPHV/BlackCat ransomware group began publishing victims' data on the clear web to increase the pressure on them and force them to pay the ransom. ALPHV/BlackCat ransomware group has adopted a new strategy to force victims into paying the ransom,...

Security Affairs

June 16, 2022 – Malware

New MaliBot Android banking malware spreads as a crypto miner Full Text

Abstract Threat analysts have discovered a new Android malware strain named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain.

BleepingComputer

June 16, 2022 – Breach

Microsoft Under Attack by BlackCat: Exchange Servers hacked Full Text

Abstract Microsoft stated that BlackCat RaaS affiliates are targeting Microsoft Exchange Servers by exploiting unpatched bugs. The unknown threat actor delivered BlackCat ransomware payloads via PsExec. The extent of damage is still unknown, and also there wasn’t any mention of the Exchange vulnerability us ... Read More

Cyware Alerts - Hacker News

June 16, 2022 – Education

Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning Full Text

Abstract For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the strengths and weaknesses of each approach, but let's wind it back a second for those who aren't sure why they should even do internal scanning in the first place. Why should you perform internal vulnerability scanning? While  external vulnerability scanning  can give a great overview of what you look like to a hacker, the information that can be gleaned without access to your systems can be limited. Some serious vulnerabilities can be discovered at this stage, so it's a must for many organizations, but that's not where hackers stop.  Techniques like phishing, targeted malware,

The Hacker News

June 16, 2022 – Vulnerabilities

Researchers disclosed a remote code execution flaw in Fastjson Library Full Text

Abstract Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson...

Security Affairs

June 16, 2022 – Vulnerabilities

730K WordPress sites force-updated to patch critical plugin bug Full Text

Abstract WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild.

BleepingComputer

June 16, 2022 – Privacy

Lookout Uncovers Android Spyware Deployed in Kazakhstan Full Text

Abstract Based on Lookout's analysis, the spyware is likely developed by Italian spyware vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company suspected to be operating as a front company.

Lookout

June 16, 2022 – Vulnerabilities

High-Severity RCE Vulnerability Reported in Popular Fastjson Library Full Text

Abstract Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as  CVE-2022-25845  (CVSS score: 8.1), the  issue  relates to a case of  deserialization of untrusted data  in a supported feature called "AutoType." It was patched by the project maintainers in  version 1.2.83  released on May 23, 2022. "This vulnerability affects all Java applications that rely on Fastjson versions 1.2.80 or earlier and that pass user-controlled data to either the JSON.parse or JSON.parseObject APIs without specifying a specific  class  to deserialize," JFrog's Uriya Yavnieli  said  in a write-up. Fastjson  is a Java library that's used to convert Java Objects into their  JSON  representation and vice versa.  AutoType , the function vulnerable to the flaw, is enabled by default and is designed to specify a custom type when parsing

The Hacker News

June 16, 2022 – Vulnerabilities

Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager Full Text

Abstract Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email...

Security Affairs

June 16, 2022 – Vulnerabilities

Anker Eufy smart home hubs exposed to RCE attacks by critical flaw Full Text

Abstract Anker's central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw.

BleepingComputer

June 16, 2022 – Malware

RedLine Stealer Returns in a New Campaign Full Text

Abstract It spreads via fake software imitating legitimate cryptocurrency or NFT wallet applications such as Gigaland NFT marketplace and Dinox (NFT-themed collectible game) to lure users.

Cyware Alerts - Hacker News

June 16, 2022 – Malware

Malicious apps continue to spread through the Google Play Store Full Text

Abstract Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing...

Security Affairs

June 16, 2022 – Solution

New cloud-based Microsoft Defender for home now generally available Full Text

Abstract Microsoft has announced today the general availability of Microsoft Defender for individuals, the company's new security solution for personal phones and computers.

BleepingComputer

June 16, 2022 – Vulnerabilities

GhostTouch: Hackers can reach your phone’s touchscreen without even touching it Full Text

Abstract According to the researchers’ findings, an attacker can use GhostTouch to carry out several types of malicious actions, including initiating calls and downloading malware.

The Daily Swig

June 16, 2022 – Cryptocurrency

MetaMask, Phantom warn of flaw that could steal your crypto wallets Full Text

Abstract MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it.

BleepingComputer

June 16, 2022 – Solution

Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol Full Text

Abstract A detailed technical outline of the experimental protocol, which its developers hope will attract wide-scale experimentation and interoperability, was published last week.

The Daily Swig

June 16, 2022 – Education

Revisit Your Password Policies to Retain PCI Compliance Full Text

Abstract Organizations that are subject to the PCI regulations must carefully consider how best to address these new requirements. Some of the requirements are relatively easy to address. Even so, some of the new requirements go beyond what Windows native security mechanisms are capable of. Here is what you need to know.

BleepingComputer

June 16, 2022 – Ransomware

Microsoft Office 365 feature can help cloud ransomware attacks Full Text

Abstract Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage.

BleepingComputer

June 15, 2022 – Criminals

DragonForce Gang Unleash Hacks Against Govt. of India Full Text

Abstract In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India.

Threatpost

June 15, 2022 – Malware

MaliBot: A New Android Banking Trojan Spotted in the Wild Full Text

Abstract A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled  FluBot . The information stealing trojan, codenamed  MaliBot  by F5 Labs, is as feature-rich as its  counterparts , allowing it to steal credentials and cookies, bypass multi-factor authentication (MFA) codes, and abuse Android's Accessibility Service to monitor the victim's device screen. MaliBot is known to primarily disguise itself as cryptocurrency mining apps such as Mining X or The CryptoApp that are distributed via fraudulent websites designed to attract potential visitors into downloading them. It also takes another leaf out of the mobile banking trojan playbook in that it employs smishing as a distribution vector to proliferate the malware by accessing an infected smartphone's contacts and sending SMS messages containing links to the malware. "Mal

The Hacker News

June 15, 2022 – Vulnerabilities

Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication Full Text

Abstract Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication. Assigned the CVE identifier CVE-2022-20798 , the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper authentication checks when an affected device uses Lightweight Directory Access Protocol ( LDAP ) for external authentication. "An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device," Cisco noted in an advisory. "A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device." The flaw, which it said was identified during the resolution of a technical assistance center (TAC) case, impacts ESA and Secure Email and Web Manager running vulnerable

The Hacker News

June 15, 2022 – Attack

Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike Full Text

Abstract The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources.

BleepingComputer

June 15, 2022 – Cryptocurrency

Crypoto Wallet Apps Cloned to Steal Crypto Full Text

Abstract Web3 users are being targeted under the SeaFlower operation that aims to infect users through imposter websites and SEO poisoning and black SEO techniques promoting fake crypto wallets. The attackers seem to be Chinese, according to hints such as the language of the comments in source code. To stay ... Read More

Cyware Alerts - Hacker News

June 15, 2022 – Botnet

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers Full Text

Abstract A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed  Panchan  by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "harvests SSH keys to perform lateral movement." The feature-packed botnet, which relies on a basic list of default SSH passwords to carry out a  dictionary attack  and expand its reach, primarily functions as a cryptojacker designed to hijack a computer's resources to mine cryptocurrencies. The cybersecurity and cloud service company noted it first spotted Panchan's activity on March 19, 2022, and attributed the malware to a likely Japanese threat actor based on the language used in the administrative panel baked into the binary to edit the mining configuration. Panchan is known to deploy and execute two miners, XMRig and nbhash, on the host

The Hacker News

June 15, 2022 – Policy and Law

European Security Officials Double Down on Automated Moderation and Client-Side Scanning Full Text

Abstract A proposed regulation would compel firms to deploy systems for the automated detection and removal of content that might foster child abuse, rather than incentivizing and encouraging the development of these systems informally.

Lawfare

June 15, 2022 – Vulnerabilities

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips Full Text

Abstract Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington,...

Security Affairs

June 15, 2022 – General

In Cybersecurity, What You Can’t See Can Hurt You Full Text

Abstract The dangers to SMBs and businesses of all sizes from cyberattacks are well known. But what’s driving these attacks, and what do cybersecurity stakeholders need to do that they’re not already doing?

Threatpost

June 15, 2022 – Vulnerabilities

Cisco Secure Email bug can let attackers bypass authentication Full Text

Abstract Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations.

BleepingComputer

June 15, 2022 – APT

Gallium Group Expands to New Geographical Areas with PingPull RAT Full Text

Abstract Chinese state-sponsored Gallium APT group is using a new, difficult-to-detect RAT—PingPull—in its espionage campaigns. The RAT can leverage ICMP, raw TCP, and HTTP(S) protocols for C2 communication. The targeted entities are based in Australia, Russia, the Philippines, Belgium, Vietnam, Malaysia, C ... Read More

Cyware Alerts - Hacker News

June 15, 2022 – Vulnerabilities

New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs Full Text

Abstract A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed  Hertzbleed  by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling ( DVFS ), power and thermal management feature employed to conserve power and reduce the amount of heat generated by a chip. "The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second)," the researchers said. This can have significant security implications on cryptographic libraries even when implemented correctly as  constant-time code  to prevent timing-based side channels, effectively enabling an attacker to leverage the execution t

The Hacker News

June 15, 2022 – Vulnerabilities

A critical flaw in Citrix Application Delivery Management allows resetting admin passwords Full Text

Abstract Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked...

Security Affairs

June 15, 2022 – Vulnerabilities

Zimbra bug allows stealing email logins with no user interaction Full Text

Abstract Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction.

BleepingComputer

June 15, 2022 – Attack

Iranian Hacking Campaign that Included Former U.S. Ambassador Full Text

Abstract Alleged Iranian hackers were found targeting former Israeli officials, a former U.S. ambassador, the head of a security think tank, and high-ranking military personnel via spearphishing attacks. Reports in Israel also speculate that the campaign could be the work of Phosphorus, a prolific Iranian g ... Read More

Cyware Alerts - Hacker News

June 15, 2022 – General

Comprehensive, Easy Cybersecurity for Lean IT Security Teams Starts with XDR Full Text

Abstract Breaches don't just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact,  43%  of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses ( 83% ), however, don't have the financial resources to recover if they are a victim of an attack.  These small security teams were getting lost in the shuffle...until now.  The rise of XDR  As the threat landscape changes and bad actors continue to evolve their tactics, the industry is responding with new solutions and approaches to the way we do cybersecurity. The most recent evolution of cybersecurity technology is extended detection and response (XDR). There's no doubt you've heard of it. But do you have a firm grasp on what it really is and its unique value? If you shook your head "no" – you aren't alone. Industry exper

The Hacker News

June 15, 2022 – Botnet

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign Full Text

Abstract Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022. Akamai security researchers discovered a new Golang-based P2P Botnet, tracked as Panchan, that...

Security Affairs

June 15, 2022 – Attack

Extortion gang ransoms Shoprite, largest supermarket chain in Africa Full Text

Abstract Shoprite Holdings, Africa's largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack.

BleepingComputer

June 15, 2022 – Vulnerabilities

Attackers Can Exploit Critical Citrix ADM Vulnerability to Reset Admin Passwords Full Text

Abstract Tracked as CVE-2022-27511, the newly addressed security bug is described as an improper access control issue that could allow a remote, unauthenticated attacker to corrupt the system and trigger an administrator password reset.

Security Week

June 15, 2022 – General

Let’s give a look at the Dark Web Price Index 2022 Full Text

Abstract PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. Privacy Affairs published the Dark Web Index, an analysis of prices for illegal services/products...

Security Affairs

June 15, 2022 – Vulnerabilities

Citrix warns critical bug can let attackers reset admin passwords Full Text

Abstract Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords.

BleepingComputer

June 15, 2022 – Policy and Law

Canada wants companies to report cyber attacks and hacking incidents Full Text

Abstract The legislation identifies finance, telecommunications, energy and transportation sectors as being vital to national security and public safety, but stops short of naming any companies.

Yahoo Finance

June 15, 2022 – Criminals

Interpol seizes $50 million, arrests 2000 social engineers Full Text

Abstract An international law enforcement operation, codenamed 'First Light 2022,' has seized 50 million dollars and arrested thousands of people involved in social engineering scams worldwide.

BleepingComputer

June 15, 2022 – Vulnerabilities

Multiple Critical Flaws in Carrier’s Access Control Systems Full Text

Abstract Researchers found a total of eight vulnerabilities in Carrier’s LenelS2 access control products using HID Mercury controllers. Out of eight flaws, seven were identified as critical. These can be exploited by hackers to remotely unlock doors and perform command injection, DoS conditions, information ... Read More

Cyware Alerts - Hacker News

June 15, 2022 – General

InQuest Labs: Man + Machine vs Business Email Compromise (BEC) Full Text

Abstract Attackers only have to be right once while defenders need to be right 100% of the time. To help combat this asymmetric disadvantage, InQuest provides an open research portal that combines crowdsourced efforts with machine learning to combat the likes of Bumblebee and other BEC related threats.

BleepingComputer

June 15, 2022 – Malware

PureCrypter Loader Updated with New Modules Full Text

Abstract Written in .NET language and obfuscated with SmartAssembly, the loader makes use of compression and encryption to evade detection by antivirus software. It first appeared in March 2021 and has since been put for sale at a price of $59.

Cyware Alerts - Hacker News

June 15, 2022 – Botnet

New peer-to-peer botnet infects Linux servers with cryptominers Full Text

Abstract A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency.

BleepingComputer

June 15, 2022 – Breach

Data Breach at US Ambulance Billing Service Comstar Exposed Patients’ Healthcare Information Full Text

Abstract In a data breach notification issued on June 14, Comstar said it “immediately took steps to secure our network, and launched a thorough investigation, with the assistance of third-party experts, to determine the nature and scope of the incident”.

The Daily Swig

June 15, 2022 – Vulnerabilities

Microsoft: June Windows Server updates may cause backup issues Full Text

Abstract Microsoft says that some applications might fail to backup data using Volume Shadow Copy Service (VSS) after applying the June 2022 Patch Tuesday Windows updates.

BleepingComputer

June 15, 2022 – Breach

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs Full Text

Abstract For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub.

BleepingComputer

June 14, 2022 – Denial Of Service

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second Full Text

Abstract Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak. The botnet is said to have created a flood of more than 212 million HTTPS requests within less than 30 seconds from over 1,500 networks in 121 countries, including Indonesia, the U.S., Brazil, Russia, and India. Roughly 3% of the attack came through Tor nodes. The attack "originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things

The Hacker News

June 14, 2022 – Vulnerabilities

Patch Tuesday: Microsoft Issues Fix for Actively Exploited ‘Follina’ Vulnerability Full Text

Abstract Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are  55 other flaws , three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately,  five other shortcomings  were resolved in the Microsoft Edge browser. Tracked as  CVE-2022-30190  (CVSS score: 7.8), the  zero-day bug  relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool (MSDT) when it's invoked using the "ms-msdt:" URI protocol scheme from an application such as Word. The vulnerability can be trivially exploited by means of a specially crafted Word document that downloads and loads a malicious HTML file through Word's remote template feature. The HTML file ultimately permits the attacker to load and execute PowerShell code within Windows. "An attacker who successfully exploits this

The Hacker News

June 14, 2022 – Criminals

Ransomware gang creates site for employees to search for their stolen data Full Text

Abstract The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack

BleepingComputer

June 14, 2022 – General

How DOJ took the malware fight into your computer Full Text

Abstract The latest example of this approach came in April, when U.S. authorities wiped malware off of hacked servers used to control a Russian intelligence agency’s botnet, preventing operators from sending instructions to the thousands of infected devices.

Politico

June 14, 2022 – Vulnerabilities

New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials Full Text

Abstract A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information," SonarSource  said  in a report shared with The Hacker News. Tracked as  CVE-2022-27924  (CVSS score: 7.5), the issue has been characterized as a case of "Memcached poisoning with unauthenticated request," leading to a scenario where an adversary can inject malicious commands and siphon sensitive information. This is made possible by poisoning the  IMAP  route cache entries in the Memcached server that's used to look up Zimbra users and forward their HTTP requests to appropriate backend services. Given that Memcached parses incoming

The Hacker News

June 14, 2022 – Vulnerabilities

A flaw in Zimbra email suite allows stealing login credentials of the users Full Text

Abstract A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of users. Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite,...

Security Affairs

June 14, 2022 – General

What the New OWASP Top 10 Changes Mean to You? Full Text

Abstract The OWASP top 10 list of critical security risks will have a big impact on how businesses address application security moving forward. The changes to the list will require businesses to reevaluate their application security posture holistically. Learn more about the most significant changes that have emerged and how businesses can address them.

Threatpost

June 14, 2022 – Attack

New Hertzbleed side-channel attack affects Intel, AMD CPUs Full Text

Abstract A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS).

BleepingComputer

June 14, 2022 – Attack

Conti’s Attack Against Costa Rica Sparks a New Ransomware Era Full Text

Abstract Conti claimed responsibility for the first attack against Costa Rica’s government and is believed to have some links to the ransomware-as-a-service operation HIVE, which was responsible for the second attack impacting the country's healthcare system.

Wired

June 14, 2022 – General

What is the Essential Eight (And Why Non-Aussies Should Care) Full Text

Abstract In 2017, The Australian Cyber Security Center (ACSC) published a set of mitigation strategies that were designed to help organizations to protect themselves against cyber security incidents. These strategies, which became known as  the Essential Eight , are designed specifically for use on Windows networks, although variations of these strategies are commonly applied to other platforms. What is the Essential Eight?  The Essential Eight is essentially a cyber security framework that is made up of objectives and controls (with each objective including multiple controls). Initially, the Australian government only mandated that companies adhere to four of the security controls that were included in the first objective. Starting in June of 2022 however, all 98 non-corporate Commonwealth entities (NCCEs) are going to be  required to comply with the entire framework . Non-Australians take note  Although the Essential Eight is specific to Australia, organizations outside of Australia shou

The Hacker News

June 14, 2022 – Education

API Security Best Practices Full Text

Abstract Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data...

Security Affairs

June 14, 2022 – Malware

Android malware on the Google Play Store gets 2 million downloads Full Text

Abstract Cybersecurity researchers have discovered adware and information-stealing malware on the Google Play Store last month, with at least five still available and having amassed over two million downloads.

BleepingComputer

June 14, 2022 – Malware

Industroyer: A cyber‑weapon that brought down a power grid Full Text

Abstract On June 12, 2017, ESET researchers published their findings about a malware that was capable of causing a widespread blackout. Industroyer, as they named it, was the first known piece of malware that was developed specifically to target a power grid.

ESET Security

June 14, 2022 – Vulnerabilities

Technical Details Released for ‘SynLapse’ RCE Vulnerability Reported in Microsoft Azure Full Text

Abstract Microsoft has incorporated additional improvements to address the recently disclosed  SynLapse  security vulnerability in order to meet comprehensive  tenant isolation   requirements  in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client certificate to access other tenants' information. "This means that if an attacker could execute code on the  integration runtime , it is never shared between two different tenants, so no sensitive data is in danger," Orca Security said in a technical report detailing the flaw. The high-severity issue, tracked as  CVE-2022-29972  (CVSS score: 7.8) and disclosed early last month, could have allowed an attacker to perform remote command execution and gain access to another Azure client's cloud environment. Originally reported by the cloud security company on January 4

The Hacker News

June 14, 2022 – Attack

SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases Full Text

Abstract Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users....

Security Affairs

June 14, 2022 – Vulnerabilities

Microsoft patches actively exploited Follina Windows zero-day Full Text

Abstract Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks.

BleepingComputer

June 14, 2022 – Attack

PACMAN Attack Targets Apple M1 Chip Embedded CPUs Full Text

Abstract Researchers devised a new hardware attack aimed at Pointer Authentication in Apple M1 chip-based CPUs, that may allow an attacker to run arbitrary code on Mac systems. The attack is an exploitation technique but it cannot affect the system on its own. Apple has claimed that the issue does not ... Read More

Cyware Alerts - Hacker News

June 14, 2022 – Vulnerabilities

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens Full Text

Abstract An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub," researchers from cloud security firm Aqua  said  in a Monday report. Travis CI is a  continuous integration  service used to build and test software projects hosted on cloud repository platforms such as GitHub and Bitbucket. The issue, previously reported in 2015 and  2019 , is rooted in the fact that the  API  permits access to historical logs in cleartext format, enabling a malicious party to even "fetch the logs that were previously unavailable via the API." The logs go all

The Hacker News

June 14, 2022 – Malware

Experts spotted Syslogk, a Linux rootkit under development Full Text

Abstract Experts spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted "magic packets" to activate a dormant backdoor on the device. Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses...

Security Affairs

June 14, 2022 – Vulnerabilities

Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws Full Text

Abstract Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws.

BleepingComputer

June 14, 2022 – Phishing

At least $413,000 lost to parcel scams in Singapore since Jan Full Text

Abstract Phishing scams involving the delivery of parcels have resulted in a loss of at least S$574,000 (~$413,000) since the start of 2022. The scams have claimed at least 415 victims, the Singapore Police Force said.

Yahoo Finance

June 14, 2022 – Malware

New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using “Magic Packets” Full Text

Abstract A new covert Linux kernel rootkit named  Syslogk  has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a  magic network traffic packet . "The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect," Avast security researchers David Álvarez and Jan Neduchal  said  in a report published Monday. Adore-Ng, an  open-source rootkit  available since 2004, equips the attacker with full control over a compromised system. It also facilitates hiding processes as well as custom malicious artifacts, files, and even the kernel module, making it harder to detect. "The module starts by hooking itself into various file systems. It digs up the inode for the root filesystem, and replaces that inode's  readdir()  function pointer with one of its own," LWN.net  noted  at the time. "The Adore ver

The Hacker News

June 14, 2022 – Denial Of Service

Owner of ‘DownThem’ DDoS service gets 2 years in prison Full Text

Abstract Matthew Gatrel, 33, a citizen of Illinois, has been sentenced to two years in prison for operating platforms offering DDoS (distributed denial of service) services to subscribers.

BleepingComputer

June 14, 2022 – Vulnerabilities

Researcher Shows How Tesla Key Card Feature Can Be Abused to Steal Cars Full Text

Abstract The researcher found that when a Tesla is unlocked using the key card via NFC, there is a 130-second window when an attacker within Bluetooth range of the targeted vehicle can add their own key, which they can later use to unlock and drive the car.

Security Week

June 14, 2022 – Criminals

Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware Full Text

Abstract Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed  PureCrypter  that's being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products," Zscaler's Romain Dumont  said  in a new report. Some of the malware families distributed using PureCrypter include  Agent Tesla ,  Arkei ,  AsyncRAT ,  AZORult ,  DarkCrystal RAT  (DCRat),  LokiBot ,  NanoCore ,  RedLine Stealer ,  Remcos ,  Snake Keylogger , and  Warzone RAT . Sold for a price of $59 by its developer named "PureCoder" for a one-month plan (and $249 for a one-off lifetime purchase) since at least March 2021, PureCrypter is advertised as the "only crypter in the market that uses offline and online delivery technique." Crypters act as the  first layer of de

The Hacker News

June 14, 2022 – Solution

Firefox now blocks cross-site tracking by default for all users Full Text

Abstract Mozilla says that starting today, all Firefox users will now be protected by default against cross-site tracking while browsing the Internet.

BleepingComputer

June 14, 2022 – Denial Of Service

Cloudflare mitigates record-breaking HTTPS DDoS attack Full Text

Abstract Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date.

BleepingComputer

June 13, 2022 – Breach

Kaiser Permanente data breach exposes health data of 69K people Full Text

Abstract Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals.

BleepingComputer

June 13, 2022 – Malware

Three PyPI Packages Found Including Password Stealer by Mistake Full Text

Abstract Three PyPI packages were found to contain a backdoor due to a malicious dependency within certain versions, thereby exposing users to supply chain attacks. The threat included with the ‘Keep’ package is pretty high as it particularly receives over 8,000 downloads per week on average. Even if P ... Read More

Cyware Alerts - Hacker News

June 13, 2022 – Cryptocurrency

Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users Full Text

Abstract A technically sophisticated threat actor known as  SeaFlower  has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, the cluster of activity "hint[s] to a strong relationship with a Chinese-speaking entity yet to be uncovered," based on the macOS usernames, source code comments in the backdoor code, and its abuse of Alibaba's Content Delivery Network (CDN). "As of today, the main current objective of SeaFlower is to modify Web3 wallets with backdoor code that ultimately exfiltrates the seed phrase," Confiant's Taha Karim  said  in a technical deep-dive of the campaign. Targeted apps include Android and iOS versions of Coinbase Wallet, MetaMask, TokenPocket, and imToken. SeaFlower's modus operandi involves setting up cloned websites that act as a conduit to download

The Hacker News

June 13, 2022 – APT

Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability Full Text

Abstract Ukraine's Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine's Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting...

Security Affairs

June 13, 2022 – Attack

Gallium hackers backdoor finance, govt orgs using new PingPull malware Full Text

Abstract The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.

BleepingComputer

June 13, 2022 – Breach

Credentials for thousands of open source projects free for the taking Full Text

Abstract A series of two batches of data the Aqua Security researchers accessed using the Travis CI programming interface yielded 4.28 million and 770 million logs from 2013 through May 2022.

ARS Technica

June 13, 2022 – Attack

Chinese ‘Gallium’ Hackers Using New PingPull Malware in Cyberespionage Attacks Full Text

Abstract A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called  PingPull , the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol ( ICMP ) for command-and-control (C2) communications, according to new research published by Palo Alto Networks Unit 42 today. Gallium is known for its attacks primarily aimed at telecom companies dating as far back as 2012. Also tracked under the name  Soft Cell  by Cybereason, the state-sponsored actor has been  connected  to a broader set of attacks targeting five major telecom companies located in Southeast Asian countries since 2017. Over the past year, however, the group is said to have expanded its victimology footprint to include financial institutions and government entities located in Afghanistan, Australia, Belgium, Cambodi

The Hacker News

June 13, 2022 – APT

GALLIUM APT used a new PingPull RAT in recent campaigns Full Text

Abstract China-linked Gallium APT employed a previously undocumented RAT, tracked as PingPull, in recent cyber espionage campaign targeting South Asia, Europe, and Africa. China-linked Gallium APT (aka Softcell) used a previously undocumented remote access...

Security Affairs

June 13, 2022 – Cryptocurrency

Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto Full Text

Abstract Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services.

BleepingComputer

June 13, 2022 – Breach

Africa: Shoprite Group issues warning on ‘suspected data compromise’ Full Text

Abstract The Shoprite Group said on Friday evening it had become aware of a suspected data compromise, including names and ID numbers, which may affect some customers who engaged in money transfers to and within Eswatini and within Namibia and Zambia.

Sowetan Live

June 13, 2022 – Vulnerabilities

Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses Full Text

Abstract Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as  CVE-2022-29854  and  CVE-2022-29855  (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022. "Due to this undocumented backdoor, an attacker with physical access to a vulnerable desk phone can gain root access by pressing specific keys on system boot, and then connect to a provided Telnet service as root user," SySS researcher Matthias Deeg said in a statement shared with The Hacker News. Specifically, the issue relates to a previously unknown functionality present in a shell script ("check_mft.sh") in the phones' firmware that's designed to be executed at system boot. "The shell script 'check_mft.sh,' which is located in the direc

The Hacker News

June 13, 2022 – Attack

HelloXD Ransomware operators install MicroBackdoor on target systems Full Text

Abstract Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware,...

Security Affairs

June 13, 2022 – Malware

Metasploit 6.2.0 improves credential theft, SMB support features, more Full Text

Abstract ​Metasploit 6.2.0 has been released with 138 new modules, 148 new improvements/features, and 156 bug fixes since version 6.1.0 was released in August 2021.

BleepingComputer

June 13, 2022 – Government

FBI, DOJ say less than 25% of NetWalker ransomware victims reported incidents Full Text

Abstract The FBI and DOJ officials were able to obtain a trove of information on the group after seizing NetWalker’s backend servers in Bulgaria during an investigation throughout 2020.

The Record

June 13, 2022 – Education

Quick and Simple: BPFDoor Explained Full Text

Abstract BPFDoor isn't new to the  cyberattack  game — in fact, it's gone undetected for years — but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the  stealthy nature of malware , how it works, and how it can be prevented. What's BPFDoor? BPFDoor  is a piece of malware associated with China-based threat actor Red Menshen that has hit mostly Linux operating systems. It's undetected by firewalls and goes unnoticed by most detection systems — so unnoticed that it's been a work in progress over the last five years, going through various phases of development and complexity. How Does It Work? BPF stands for Berkley Packet Filters, which is appropriate given that the virus exploits packet filters. BPFDoor uses BPF " sniffers " to see all network traffic and find vulnerabilities. Packet filters are programs that analyze "packets" (files, metadata, network traffic) and permit or dec

The Hacker News

June 13, 2022 – Privacy

Using WiFi connection probe requests to track users Full Text

Abstract Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify...

Security Affairs

June 13, 2022 – Attack

Microsoft: Exchange servers hacked to deploy BlackCat ransomware Full Text

Abstract Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.

BleepingComputer

June 13, 2022 – Ransomware

HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems Full Text

Abstract Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through  Tox chat  and onion-based messenger instances," Daniel Bunce and Doel Santos, security researchers from Palo Alto Networks Unit 42,  said  in a new write-up. HelloXD  surfaced in the wild on November 30, 2021, and is based off leaked code from Babuk, which was  published  on a Russian-language cybercrime forum in September 2021. The ransomware family is no exception to the norm in that the operators follow the tried-and-tested approach of  double extortion  to demand cryptocurrency payments by exfiltrating a victim's sensitive data in addition to encrypting it and threatening to publicize the inform

The Hacker News

June 13, 2022 – Malware

New Syslogk Linux rootkit uses magic packets to trigger backdoor Full Text

Abstract A new rootkit malware named 'Syslogk' has been spotted in the wild, and it features advanced process and file hiding techniques that make detection highly unlikely.

BleepingComputer

June 13, 2022 – Attack

Russian hackers start targeting Ukraine with Follina exploits Full Text

Abstract Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190.

BleepingComputer

June 12, 2022 – Attack

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks Full Text

Abstract The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar  said  in a report published last week. "The malware leverages a DNS attack technique called 'DNS Hijacking' in which an attacker-controlled DNS server manipulates the response of DNS queries and resolves them as per their malicious requirements." DNS hijacking is a  redirection attack  in which DNS queries to genuine websites are intercepted to take an unsuspecting user to fraudulent pages under an adversary's control. Unlike  cache poisoning , DNS hijacking targets the DNS record of the website on the nameserver, rather than a resolver's cache. Lyceum , also known as Hexane, Spirli

The Hacker News

June 12, 2022 – Malware

PyPI package ‘keep’ mistakenly included a password stealer Full Text

Abstract PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to contain a password-stealer and a backdoor due to the presence of malicious 'request' dependency within some versions.

BleepingComputer

June 12, 2022 – General

Security Affairs newsletter Round 369 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Ransomware...

Security Affairs

June 12, 2022 – Privacy

New Vytal Chrome extension hides location info that your VPN can’t Full Text

Abstract A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN.

BleepingComputer

June 12, 2022 – Criminals

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers Full Text

Abstract Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability,...

Security Affairs

June 12, 2022 – Ransomware

Hello XD ransomware now drops a backdoor while encrypting Full Text

Abstract Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption.

BleepingComputer

June 12, 2022 – Vulnerabilities

HID Mercury Access Controller flaws could allow to unlock Doors Full Text

Abstract Experts found vulnerabilities in HID Mercury Access Controllers can be exploited by attackers to remotely unlock doors. Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited...

Security Affairs

June 11, 2022 – Malware

Emotet Goes After Google Chrome Users to Steal Credit Card Details Full Text

Abstract Emotet was found dropping a new module to pilfer credit card information stored in the Chrome web browser. During April, Emotet malware activity increased, and one week later, it began using Windows shortcut files (.LNK) to execute PowerShell commands on victims' devices.

Cyware Alerts - Hacker News

June 11, 2022 – Vulnerabilities

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched Full Text

Abstract A novel hardware attack dubbed  PACMAN  has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan  said  in a new paper. What's more concerning is that "while the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be," the researchers added. The vulnerability is rooted in pointer authentication codes ( PACs ), a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to  pointers  — objects that store a memory address — in memory. PACs aim to solve a common problem in software secur

The Hacker News

June 11, 2022 – Criminals

Microsoft Derails Bohrium Hackers’ Spear-phishing Operation Full Text

Abstract The Microsoft Digital Crimes Unit has dismantled a spear-phishing campaign run by an Iranian threat actor Bohrium to target users in the U.S., Middle East, and India. Bohrium actors often create fake social media profiles, often posing as recruiters. The companies need to stay vigilant to keep them ... Read More

Cyware Alerts - Hacker News

June 11, 2022 – Malware

PoC Exploits for Atlassian RCE Bug Exploit Released Online Full Text

Abstract Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers is out. The vulnerability that can be exploited by a threat actor to execute unauthenticated RCE, leading to a total domain takeover. However, this vulne ... Read More

Cyware Alerts - Hacker News

June 11, 2022 – Privacy

WiFi probing exposes smartphone users to tracking, info leaks Full Text

Abstract Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby's WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it.

BleepingComputer

June 11, 2022 – Ransomware

Exposing HelloXD Ransomware and x4k Full Text

Abstract Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead it prefers to direct the impacted victim to negotiations through TOX chat and onion-based messenger instances.

Palo Alto Networks

June 11, 2022 – APT

Iran-linked Lyceum APT adds a new .NET DNS Backdoor to its arsenal Full Text

Abstract Iran-linked Lyceum APT group uses a new .NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new .NET-based DNS backdoor in a campaign aimed at companies...

Security Affairs

June 11, 2022 – Attack

Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware Full Text

Abstract Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks.

BleepingComputer

June 11, 2022 – Attack

PACMAN, a new attack technique against Apple M1 CPUs Full Text

Abstract PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple...

Security Affairs

June 10, 2022 – Ransomware

The Week in Ransomware - June 10th 2022 - Targeting Linux Full Text

Abstract It has been relatively quiet this week with many companies and researchers at the RSA conference. However, we still had some interesting ransomware reports released this week.

BleepingComputer

June 10, 2022 – Vulnerabilities

‘PACMAN’ Hardware Vulnerability Can Enable Memory Defense Bypass Full Text

Abstract Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success.

The Register

June 10, 2022 – Vulnerabilities

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones Full Text

Abstract A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer fingerprint." "To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals," the researchers  said  in a  new paper   titled  "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices." The  attack  is made possible due to the ubiquitous nature of Bluetooth Low Energy (BLE) beacons that are continuously transmitted by modern devices to enable crucial functions such as  contact tracing  during public health emergencies. The hardwa

The Hacker News

June 10, 2022 – Attack

Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign Full Text

Abstract Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code...

Security Affairs

June 10, 2022 – Attack

New PACMAN hardware attack targets Macs with Apple M1 CPUs Full Text

Abstract A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems.

BleepingComputer

June 10, 2022 – Malware

New Variant of Black Basta Targets VMware ESXi Servers Full Text

Abstract The Black Basta ransomware developed a Linux version that is now targeting VMware ESXi servers. The updated version allows faster encryption of multiple servers with a single command. Recently, the ransomware group joined hands with QBot to move laterally across the victim's network. Organizations ... Read More

Cyware Alerts - Hacker News

June 10, 2022 – Criminals

Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users Full Text

Abstract Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. "As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies," Proofpoint  said  in a new report. "The rise and proliferation of cryptocurrency has also provided attackers with a new method of financial extraction." The targeting of sensitive cryptocurrency data by threat actors was recently echoed by the Microsoft 365 Defender Research Team, which warned about the emerging threat of  cryware  wherein private keys, seed phrases, and wallet addresses are plundered with the goal of siphoning virtual currencies by means of fraudulent transfers. The  swift popularity of We

The Hacker News

June 10, 2022 – Ransomware

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques Full Text

Abstract The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims...

Security Affairs

June 10, 2022 – Attack

Iranian hackers target energy sector with new DNS backdoor Full Text

Abstract The Iranian Lycaeum APT hacking group uses a new .NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors.

BleepingComputer

June 10, 2022 – Vulnerabilities

8 zero-day vulnerabilities discovered in popular industrial control system from Carrier Full Text

Abstract Carrier’s LenelS2 Mercury access control panels are widely used across hundreds of companies in the healthcare, education, and transportation industries as well as federal government agencies and organizations.

The Record

June 10, 2022 – Vulnerabilities

Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier Full Text

Abstract As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security researchers Steve Povolny and Sam Quinn said in a report shared with The Hacker News. The issues, in a nutshell, could be weaponized by a malicious actor to gain full system control, including the ability to manipulate door locks. One of the bugs (CVE-2022-31481) includes an unauthenticated remote execution flaw that's rated 10 out of 10 for severity on the CVSS scoring system. Other shortcomings could lead to command injection (CVE-2022-31479, CVE-2022-31486), denial-of-service (CVE-2022-31480, CVE-2022-31482), user modification (CVE-2022-31484), and information spoofing (CVE

The Hacker News

June 10, 2022 – Criminals

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site Full Text

Abstract The Vice Society group has claimed responsibility for the ransomware attack that hit the Italian city of Palermo forcing the IT admins to shut down its infrastructure. The Vice Society ransomware group has claimed responsibility for the recent cyber...

Security Affairs

June 10, 2022 – Cryptocurrency

Hackers exploit recently patched Confluence bug for cryptomining Full Text

Abstract A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers.

BleepingComputer

June 10, 2022 – Vulnerabilities

InfiRay Thermal Camera Flaws Can Allow Hackers to Tamper With Industrial Processes Full Text

Abstract Researchers at Austria-based cybersecurity consultancy SEC Consult discovered that at least one of the vendor’s thermal cameras, the A8Z3 model, is affected by several potentially serious vulnerabilities.

Security Week

June 10, 2022 – Vulnerabilities

Chrome 102 Update Patches High-Severity Vulnerabilities Full Text

Abstract Tracked as CVE-2022-2007, the first of these bugs is described as a use-after-free in WebGPU. The security hole was reported by David Manouchehri, who received a $10,000 bug bounty reward for his finding.

Security Week

June 10, 2022 – Malware

Emotet Banking Trojan Resurfaces, Skating Past Email Security Full Text

Abstract "The attacks are using hijacked email threads and then using those accounts as a launch point to trick victims into enabling macros of attached malicious office documents," a Thursday report from Deep Instinct explained.

Dark Reading

June 10, 2022 – Business

DigiCert Acquires DNS Made Easy Full Text

Abstract The addition of DNS Made Easy enhances the company's certificate validation and lifecycle management portfolio, it said in a company statement on the acquisition. The terms of the deal were not disclosed.

Dark Reading

June 10, 2022 – Vulnerabilities

Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups Full Text

Abstract The security vulnerabilities were present in the enterprise-grade Fujitsu Eternus CS8000 (Control Center) V8.1. Researchers from the NCC Group found two separate issues due to a lack of user input validation in two PHP scripts.

The Daily Swig

June 10, 2022 – Business

Whistic Raises $35 Million in Series B Funding for Vendor Security Network Full Text

Abstract The new funding round was led by JMI Equity, with participation from Album VC, Emergence Capital, Forgepoint Capital, and FJ Labs. This brings the total investment in the company to $51 million.

Security Week

June 9, 2022 – Government

Feds Forced Travel Firms to Share Surveillance Data on Hacker Full Text

Abstract Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

Threatpost

June 09, 2022 – Ransomware

Roblox Game Pass store used to sell ransomware decryptor Full Text

Abstract A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service's in-game Robux currency.

BleepingComputer

June 09, 2022 – Ransomware

Bizarre ransomware sells decryptor on Roblox Game Pass store Full Text

Abstract A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service's in-game Robux currency.

BleepingComputer

June 9, 2022 – Government

Multifactor authentication could be long haul for some federal agencies, CISA official says Full Text

Abstract Congressional exasperation with the slow pace of agencies deploying MFA emerged at a House hearing last month. The May executive order had “aggressive but achievable” deadlines, a White House official said last year.

CyberScoop

June 09, 2022 – Privacy

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing Full Text

Abstract A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information.  Dubbed  Peekaboo  by researchers from Carnegie Mellon University, the  system  "leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to external cloud servers." Peekaboo operates on the principle of data minimization, which refers to the practice of limiting data collection to only what is required to fulfill a specific purpose. To achieve this the system requires developers to explicitly declare the relevant data collection behaviors in the form of a manifest file that's then fed into an in-home trusted hub to transmit sensitive data from smart home apps such as smart doorbells on a need-to-know basis. The hub not only functions as a mediator between raw data from IoT devices and the respec

The Hacker News

June 9, 2022 – General

Medical Device Security Offers Proving Ground for Cybersecurity Action Full Text

Abstract Legislation moving through Congress on medical devices suggests broader lessons for how to improve the cybersecurity of essential products and critical infrastructures. The bill’s proposed system of regulation and oversight holds promise for meeting the competing criteria of certainty and flexibility, stability and adaptability, mandate and innovation.

Lawfare

June 9, 2022 – Malware

Symbiote, a nearly-impossible-to-detect Linux malware Full Text

Abstract Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes...

Security Affairs

June 09, 2022 – Solution

Microsoft Defender now isolates hacked, unmanaged Windows devices Full Text

Abstract Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.

BleepingComputer

June 9, 2022 – Attack

Cyber Spetsnaz’s Operation Panopticon Launches Espionage Attacks Full Text

Abstract Researchers have identified an increase in activity by a new hacktivist group called Cyber Spetsnaz that has been targeting NATO infrastructure. In April, Cyber Spetsnaz created its first division called Zarya, with a bunch of experienced penetration testers, OSINT specialists, and hackers. The gro ... Read More

Cyware Alerts - Hacker News

June 09, 2022 – Malware

Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector Full Text

Abstract Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed  Symbiote  by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a  parasite . The operators behind Symbiote are believed to have commenced development on the malware in November 2021, with the threat actor predominantly using it to target the financial sector in Latin America, including banks like Banco do Brasil and Caixa. "Symbiote's main objective is to capture credentials and to facilitate backdoor access to a victim's machine," researchers Joakim Kennedy and Ismael Valenzuela said in a report shared with The Hacker News. "What makes Symbiote different from other Linux malware is that it infects running processes rather than

The Hacker News

June 9, 2022 – APT

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia Full Text

Abstract Researchers spotted a previously undocumented Chinese-speaking APT, tracked as Aoqin Dragon, targeting entities in Southeast Asia and Australia. SentinelOne documented a series of attacks aimed at government, education, and telecom entities in Southeast...

Security Affairs

June 09, 2022 – Attack

Vice Society ransomware claims attack on Italian city of Palermo Full Text

Abstract The Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage.

BleepingComputer

June 9, 2022 – Vulnerabilities

Three Actively Exploited SAP Vulnerabilities Identified Full Text

Abstract Recently, Onapsis researchers detected exploitation activity related to three vulnerabilities that were already patched by SAP - CVE-2021-38163, CVE-2016-2386, and CVE-2016-2388.

Onapsis

June 09, 2022 – General

Even the Most Advanced Threats Rely on Unpatched Systems Full Text

Abstract Common cybercriminals are a menace, there's no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups. In fact, these tools can prove almost impossible to detect – and guard against. BVP47 is a case in point. In this article, we'll outline how this powerful state-sponsored malware has been quietly circulating for years, how it so cleverly disguises itself, and explain what that means for cybersecurity in the enterprise. Background story behind BVP47 It's a long story, fit for a spy novel. Earlier this year, a Chinese cybersecurity research group called Pangu Lab published an in-depth, 56-page report covering a piece of malicious code that the research group decided to call BVP47 (because BVP was the most common string in

The Hacker News

June 09, 2022 – Criminals

Dark web sites selling alleged Western weapons sent to Ukraine Full Text

Abstract Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders.

BleepingComputer

June 9, 2022 – Phishing

Summer holiday season fuels upswing of travel-themed spam Full Text

Abstract Current phishing emails run the gamut from airline ticket giveaways, gift cards, and offers of bonus flight hours to booking confirmations and bargain offers for holiday rentals and all-inclusive deals.

Help Net Security

June 09, 2022 – Malware

New Symbiote malware infects all running processes on Linux systems Full Text

Abstract Threat analysts have discovered a new malware targeting Linux systems that operates as a symbiote in the host, blending perfectly with running processes and network traffic to steal account credentials and give its operators backdoor access.

BleepingComputer

June 9, 2022 – General

Top three most critical areas of web security Full Text

Abstract Recent analysis of ransomware attack trends by Akamai highlights the risks and suggest mitigation, while an analysis of Web app and API attack trends offers a fresh look at the infection vectors used by ransomware operators and others.

Help Net Security

June 9, 2022 – Government

Experts, NSA cyber director say ransomware could threaten campaigns in 2022 Full Text

Abstract With the 2022 election season around the corner, campaigns of all sizes need to be prepared for a widened set of potential cybersecurity risks, experts and a top intelligence official said.

CyberScoop

June 9, 2022 – Breach

MyEasyDocs Exposed 30GB of Israeli and Indian Students PII Data Full Text

Abstract The team of IT security researchers at vpnMentor led by Noam Rotem identified a misconfigured Microsoft Azure server that exposed the personal and educational records of tens of thousands of students from India and Israel.

Hackread

June 9, 2022 – APT

Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years Full Text

Abstract The threat actor has a history of using document lures with pornographic themes to infect users and makes heavy use of USB shortcut techniques to spread the malware and infect additional targets.

Sentinel One

June 09, 2022 – Hacker

Chinese hacking group Aoqin Dragon quietly spied orgs for a decade Full Text

Abstract A previously unknown Chinese-speaking threat actor has been uncovered by threat analysts SentinelLabs who were able to link it to malicious activity going as far back as 2013.

BleepingComputer

June 9, 2022 – Policy and Law

India Revamps Rules On Mandatory Incident Reporting and Allied Compliances Full Text

Abstract Considering the wide wording of the Direction, it is likely to be applicable to almost each and every type of business operating within India. The Direction will be effective from June 28, 2022.

The National Law Review

June 09, 2022 – Attack

A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia Full Text

Abstract A previously undocumented Chinese-speaking advanced persistent threat (APT) actor dubbed  Aoqin Dragon  has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. "Aoqin Dragon seeks initial access primarily through document exploits and the use of fake removable devices," SentinelOne researcher Joey Chen  said  in a report shared with The Hacker News. "Other techniques the attacker has been observed using include DLL hijacking,  Themida-packed files , and DNS tunneling to evade post-compromise detection." The group is said to have some level of association with another threat actor known as  Naikon  (aka Override Panda), with campaigns primarily directed against targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Infections chains mounted by Aoqin Dragon have banked on Asia-Pacific political affairs and pornographic-themed docu

The Hacker News

June 9, 2022 – Government

CISA director promotes collaboration and trust at RSAC 2022 Full Text

Abstract CISA Director Jen Easterly said there's growing momentum for stronger collaboration and communication between government agencies like CISA and private-sector cybersecurity companies.

Tech Target

June 9, 2022 – Outage

Decentralized Crypto Exchange Goes Offline After Hacker Steals $113 Million Full Text

Abstract According to a blockchain researcher who goes by Foudres, the hacker stole around 1,650,000 EGLD, the native token of the Elrond blockchain, with around $113 million at the time of the hack.

Vice

June 9, 2022 – General

The scope of artificial intelligence in fighting cybercrime Full Text

Abstract Effective use of new-age technologies like artificial intelligence, machine learning, and blockchain can help prevent cyber frauds and make ecosystems safe and secure for individuals and businesses.

The Times Of India

June 9, 2022 – Malware

New Emotet variant uses a module to steal data from Google Chrome Full Text

Abstract Researchers spotted a new variant of the Emotet bot that uses a new module to steal credit card information stored in the Chrome web browser. Proofpoint researchers reported a new wave of Emotet infections, in particular, a new variant is using a new info-stealing...

Security Affairs

June 9, 2022 – Government

CISA Clarifies Criteria for Adding Vulnerabilities to ‘Must Patch’ List Full Text

Abstract Some of the vulnerabilities added by CISA to its Must Patch list were discovered more than a decade ago and for some flaws there do not appear to be any public reports describing malicious exploitation.

Security Week

June 9, 2022 – Attack

Tainted CCleaner Pro Cracker spreads via Black Seo campaign Full Text

Abstract Threat actors spread info-stealing malware through the search results for a pirated copy of the CCleaner Pro Windows optimization program. Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search...

Security Affairs

June 9, 2022 – Attack

MakeMoney malvertising campaign adds fake update template Full Text

Abstract Malwarebytes researchers identified a malvertising campaign leading to a fake Firefox update. The template is strongly inspired from similar schemes and in particular the one distributed by the FakeUpdates (SocGholish) threat actors.

Malwarebytes Labs

June 08, 2022 – Education

Kali Linux team to stream free penetration testing course on Twitch Full Text

Abstract Offensive Security, the creators of Kali Linux, announced today that they would be offering free access to their live-streamed 'Penetration Testing with Kali Linux (PEN-200/PWK)' training course later this month.

BleepingComputer

June 08, 2022 – Malware

New Emotet Variant Stealing Users’ Credit Card Information from Google Chrome Full Text

Abstract Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company  Proofpoint , which observed the component on June 6. The development comes amid a  spike  in  Emotet   activity  since it was resurrected late last year following a 10-month-long hiatus in the wake of a law enforcement operation that  took down its attack infrastructure  in January 2021. Emotet, attributed to a threat actor known as TA542 (aka Mummy Spider or Gold Crestwood), is an advanced, self-propagating and modular trojan that's delivered via email campaigns and is used as a distributor for other payloads such as ransomware. As of April 2022, Emotet is still the most popular malware with a global impac

The Hacker News

June 08, 2022 – Phishing

Massive Facebook Messenger phishing operation generates millions Full Text

Abstract Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements.

BleepingComputer

June 08, 2022 – Vulnerabilities

Researchers Warn of Unpatched “DogWalk” Microsoft Windows Vulnerability Full Text

Abstract An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. The issue — referenced as  DogWalk  — relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a potential target opens a specially crafted ".diagcab" archive file that contains a diagnostics configuration file. The idea is that the payload would get executed the next time the victim logs in to the system after a restart. The vulnerability affects all Windows versions, starting from Windows 7 and Server Server 2008 to the latest releases. DogWalk was originally  disclosed  by security researcher Imre Rad in January 2020 after Microsoft, having acknowledged the problem, deemed it as not a security issue. "There are a number of file types that can execute code in such a way but aren't techni

The Hacker News

June 08, 2022 – Botnet

Linux botnets now exploit critical Atlassian Confluence bug Full Text

Abstract Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs.

BleepingComputer

June 08, 2022 – Government

U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers Full Text

Abstract U.S. cybersecurity and intelligence agencies have  warned  about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices with the goal of gaining deeper access to victim networks. In addition, the actors used these compromised devices as route command-and-control (C2) traffic to break into other targets at scale, the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI)  said  in a joint advisory. The perpetrators, besides shifting their tactics in response to public disclosures, are known to employ a mix of open-source and custom tools for reconnaissance and vulnerability scanning as well as to obscure and ble

The Hacker News

June 8, 2022 – Vulnerabilities

0Patch released unofficial security patch for new DogWalk Windows zero-day Full Text

Abstract 0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed...

Security Affairs

June 08, 2022 – Malware

Emotet malware now steals credit cards from Google Chrome users Full Text

Abstract The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles.

BleepingComputer

June 8, 2022 – Government

CISA Issues Warning on Chinese Cyber Espionage Attacks Full Text

Abstract Attackers are exploiting vulnerabilities affecting Cisco devices, four affecting QNAP devices, two affecting Pulse Secure devices, and one each in devices from Citrix, D-Link, Fortinet, Netgear, MikroTik, and DrayTek. 

Cyware Alerts - Hacker News

June 8, 2022 – Criminals

US dismantled and seized SSNDOB cybercrime marketplace Full Text

Abstract An international operation led by the US authorities dismantled and seized the infrastructure of the online marketplace SSNDOB. US DoJ announced the seizure of the SSNDOB Marketplace, a series of websites offering personal information, including...

Security Affairs

June 08, 2022 – Ransomware

Cuba ransomware returns to extorting victims with updated encryptor Full Text

Abstract The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks.

BleepingComputer

June 8, 2022 – General

Evolving Ransomware Tactics and Trends Observed in Q1 2022 Full Text

Abstract In a Q1 2022 ransomware report, KELA researchers revealed that more than 150 networks were accessed in ransomware attacks carried out by BlackByte, Quantum, and BlackCat.

Cyware Alerts - Hacker News

June 8, 2022 – Breach

China-linked threat actors have breached telcos and network service providers Full Text

Abstract China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have...

Security Affairs

June 08, 2022 – Phishing

Poisoned CCleaner search results spread information-stealing malware Full Text

Abstract Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program.

BleepingComputer

June 8, 2022 – Criminals

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques Full Text

Abstract While the updates did not change much in terms of overall functionality, researchers believe that it aims to optimize its execution, minimize unintended system behavior, and provide technical support to ransomware victims if they choose to negotiate.

Trend Micro

June 8, 2022 – Ransomware

Black Basta ransomware now supports encrypting VMware ESXi servers Full Text

Abstract Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers...

Security Affairs

June 8, 2022 – Business

Cloud Data Access Firm Immuta Raises $100 Million Full Text

Abstract Boston-based cloud data access and security firm Immuta has raised $100 million in a Series E round led by NightDragon, and joined by new investor Snowflake Ventures (the VC arm of Snowflake), with participation from existing investors.

Security Week

June 7, 2022 – General

Cyber Risk Retainers: Not Another Insurance Policy Full Text

Abstract The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk.

Threatpost

June 7, 2022 – Attack

Follina Exploited by State-Sponsored Hackers Full Text

Abstract A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

Threatpost

June 07, 2022 – Criminals

FBI Seizes ‘SSNDOB’ ID Theft Service for Selling Personal Info of 24 Million People Full Text

Abstract An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue. The action saw the seizure of several domains associated with the marketplace — ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz — in cooperation with authorities from Cyprus and Latvia. According to blockchain analytics firm  Chainalysis , SSNDOB's Bitcoin payment processing system has received nearly $22 million worth of Bitcoin across over 100,000 transactions since April 2015. Furthermore, bitcoin transfers to the tune of more than $100,000 have been unearthed between SSNDOB and  Joker's Stash , another darknet market that specialized in stolen credit card information and voluntarily c

The Hacker News

June 07, 2022 – Criminals

US seizes SSNDOB market for selling personal info of 24 million people Full Text

Abstract SSNDOB, an online marketplace that sold the names, social security numbers, and dates of birth of approximately 24 million US people, has been taken offline following an international law enforcement operation.

BleepingComputer

June 7, 2022 – Phishing

Follina Exploited in Phishing Attacks Full Text

Abstract U.S. local governments and European governments were targeted in a phishing campaign using malicious RTF documents that abuse the Windows Follina flaw. The attack gathers passwords from a large number of browsers including Chrome, Firefox, Edge, Opera, Yandex, Vivaldi, and CentBrowser. The CISA sug ... Read More

Cyware Alerts - Hacker News

June 07, 2022 – Criminals

Evil Corp Cybercrime Group Shifts to LockBit Ransomware to Evade Sanctions Full Text

Abstract The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around  sanctions  imposed by the U.S. Treasury in December 2019. "These actors have shifted away from using exclusive ransomware variants to LockBit — a well-known ransomware as a service (RaaS) — in their operations, likely to hinder attribution efforts in order to evade sanctions," threat intelligence firm Mandiant  noted  in an analysis last week. Active since 2019, UNC2165 is known to obtain initial access to victim networks via stolen credentials and a JavaScript-based downloader malware called  FakeUpdates  (aka SocGholish), leveraging it to previously deploy  Hades  ransomware. Hades is the work of a financially motivated hacking group named Evil Corp, which is also called by the monikers Gold Drake and Indrik Spider and has been attributed to the infamous  Dridex

The Hacker News

June 7, 2022 – Ransomware

Evil Corp gang starts using LockBit Ransomware to evade sanctions Full Text

Abstract Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat...

Security Affairs

June 7, 2022 – General

Conducting Modern Insider Risk Investigations Full Text

Abstract Insider Risk Management requires a different approach than to those from external threats. IRM is unique from other domains of security in that the data sources which serve as inputs are as often people as they are tools. Shifting the analyst‘s mindset when handling risks presented by insiders requires us to move through the stages of inquiry, investigation, and determining outcomes.

Threatpost

June 07, 2022 – Breach

US: Chinese govt hackers breached telcos to snoop on network traffic Full Text

Abstract Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data.

BleepingComputer

June 7, 2022 – Criminals

QBot Delivers Black Basta Ransomware Full Text

Abstract NCC Group has reported that the Black Basta ransomware group has formed an alliance with QBot for lateral movement across the target network. Additionally, the attackers were spotted using Cobalt Strike beacons during the compromise. QBot is still propagated via malicious emails, users should stay ... Read More

Cyware Alerts - Hacker News

June 07, 2022 – Education

Hacking Scenarios: How Hackers Choose Their Victims Full Text

Abstract Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year.  May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January . Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for infecting hundreds of servers with malware to gain corporate data or digital damage systems, essentially spreading misery to individuals and hospitals, businesses, government agencies and more all over the world. So, how different is a  ransomware attack  like Conti from the infamous "WannaCry" or "NotPetya"? While other Ransomware variants can spread fast and encrypt files within short time frames, Conti ransomware has demonstrated unmatched speed by which it can access victims' systems. Given the recent spate of data breaches, it is extremely challengin

The Hacker News

June 7, 2022 – Criminals

Black Basta ransomware operators leverage QBot for lateral movements Full Text

Abstract The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware...

Security Affairs

June 07, 2022 – Malware

New SVCReady malware loads from Word doc properties Full Text

Abstract A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines.

BleepingComputer

June 7, 2022 – Ransomware

Deadbolt Ransomware Adopts Multi-Tiered Extortion Scheme Full Text

Abstract Not only QNAP but Asustor—another NAS devices vendor—underwent DeadBolt attacks in February. The next month, the attackers again shifted to targeting QNAP devices and the number of infections reached 1,146.

Cyware Alerts - Hacker News

June 07, 2022 – Attack

Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware Full Text

Abstract A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady . "The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP,  said  in a technical write-up. SVCReady is said to be in its early stage of development, with the authors iteratively updating the malware several times last month. First signs of activity date back to April 22, 2022. Infection chains involve sending Microsoft Word document attachments to targets via email that contain VBA macros to activate the deployment of malicious payloads. But where this campaign stands apart is that instead of employing PowerShell or MSHTA to retrieve next-stage executables from a remote server, the macro runs shellcode stored in the  document properties , which subsequently drops the SVCReady malware. In addition to achieving persistence on the i

The Hacker News

June 07, 2022 – Malware

Qbot malware now uses Windows MSDT zero-day in phishing attacks Full Text

Abstract A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware.

BleepingComputer

June 7, 2022 – General

Around 94% Reduction in Average Ransomware Attack Duration - IBM Full Text

Abstract IBM X-Force has analyzed multiple ransomware attack investigations and shared multiple insights for attacks that occurred between 2019 and 2021. The average attack time got reduced to 3.85 days in 2021. X-Force disclosed five main security controls to stop the ransomware attack lifecycle, such as i ... Read More

Cyware Alerts - Hacker News

June 07, 2022 – Ransomware

Linux version of Black Basta ransomware targets VMware ESXi servers Full Text

Abstract Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers.

BleepingComputer

June 7, 2022 – Government

Karakurt Steals Data and Demands Ransom - FBI Warns Full Text

Abstract As a part of the extortion routine, the attackers send ransom notes to the employees of the victim firm, threatening to leak the stolen information. The twist is that although there is a deadline for paying the ransom, the hackers do not sit and wait.

Cyware Alerts - Hacker News

June 07, 2022 – Vulnerabilities

New ‘DogWalk’ Windows zero-day bug gets free unofficial patches Full Text

Abstract Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. 

BleepingComputer

June 7, 2022 – Ransomware

YourCyanide: Latest CMD-Based Ransomware with Advanced Capabilities Full Text

Abstract With multiple obfuscation layers, the ransomware leverages custom environment variables, as well as the Enable Delayed Expansion function, to evade detection. 

Cyware Alerts - Hacker News

June 07, 2022 – Attack

Online gun shops in the US hacked to steal credit cards Full Text

Abstract Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites.

BleepingComputer

June 7, 2022 – General

Language-based BEC Attacks on the Rise Full Text

Abstract Apart from socially engineered emails, attackers are adopting graymail. Graymails are legitimate-looking emails that can bypass spam filters and can enable attackers to identify out-of-office employees. 

Cyware Alerts - Hacker News

June 07, 2022 – Breach

Shields Health Care Group data breach affects 2 million patients Full Text

Abstract Shields Health Care Group (Shields) suffered a data breach that exposed the data of approximately 2,000,000 people in the United States after hackers breached their network and stole data.

BleepingComputer

June 7, 2022 – Business

Security Awareness Firm CybSafe Bags $28 Million in Series B Funding Full Text

Abstract The new Series B investment round was led by Evolution Equity Partners, with participation from Emerald Development Managers, Hannover Digital Investments (HDI), and IQ Capital.

Security Week

June 07, 2022 – General

Why Netflix isn’t the Only One Bummed About Password Sharing Full Text

Abstract Carnegie Mellen found that as much as 28% of end-users willingly share passwords with others, and a Specops study found that of those who share passwords 21% of people don't know who else their password has been shared with. That's a lot of sharing going on.

BleepingComputer

June 07, 2022 – Vulnerabilities

Android June 2022 updates bring fix for critical RCE vulnerability Full Text

Abstract Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical.

BleepingComputer

June 06, 2022 – Solution

Apple’s New Feature Will Install Security Updates Automatically Without Full OS Update Full Text

Abstract Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a reboot," the company  said  in a statement on Monday. The feature, which also works on iOS , aims to separate regular software updates from critical security improvements and are applied automatically so that users are quickly protected against in-the-wild attacks and unexpected threats. It's worth noting that Apple tested an analogous option in iOS 14.5. Rapid Security Response, viewed in that light, mirrors a similar approach taken by Google through Play Services and Play Protect to secure Android devices from malware and other kinds of fraud. Another key security fea

The Hacker News

June 06, 2022 – Criminals

QBot now pushes Black Basta ransomware in bot-powered attacks Full Text

Abstract The Black Basta ransomware gang has partnered with the QBot malware operation to gain spread laterally through hacked corporate environments.

BleepingComputer

June 6, 2022 – Criminals

Evil Corp Shifts to LockBit to Evade Sanctions Full Text

Abstract In 2019, the U.S. Treasury issued sanctions against 17 individuals and seven entities of Evil Corp cyber operations for causing financial losses of more than $100 million with the Dridex malware. 

Cyware Alerts - Hacker News

June 06, 2022 – Malware

10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users Full Text

Abstract 10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf - Mon Compte, Postepay, and BBVA México. These apps alone account for more than 260 million downloads from the official app marketplace. Of the 639 apps tracked, 121 are based in the U.S., followed by the U.K. (55), Italy (43), Turkey (34), Australia (33), France (31), Spain (29), and Portugal (27). " TeaBot  is targeting 410 of the 639 applications tracked," mobile security company Zimperium  said  in a new analysis of Android threats during the first half of 2022. " Octo  targets 324 of the 639 applications tracked and is the only one targeting popular, non-financial applications for credential theft." Aside from  TeaBot  (

The Hacker News

June 6, 2022 – General

Hack Global, Buy Local: The Inefficiencies of the Zero-Day Exploit Market Full Text

Abstract Why the market for zero-day exploits is less efficient and more local than you might think.

Lawfare

June 6, 2022 – Attack

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant Full Text

Abstract LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb...

Security Affairs

June 06, 2022 – Attack

Mandiant: “No evidence” we were hacked by LockBit ransomware Full Text

Abstract American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data.

BleepingComputer

June 6, 2022 – Attack

SMSFactory Targets Android Users Across Eight Countries Full Text

Abstract SMSFactory has already targeted more than 165,000 Avast customers from May 2021 to May 2022. Most of the victims were located in Brazil, Ukraine, Argentina, Russia, and Turkey. The main goal is to send premium texts and make calls to premium phone numbers. However, the malware can steal the contact ... Read More

Cyware Alerts - Hacker News

June 06, 2022 – Vulnerabilities

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices Full Text

Abstract Cybersecurity researchers have disclosed  two unpatched security vulnerabilities  in the open-source U-Boot boot loader. The issues, which were uncovered in the  IP defragmentation  algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a  boot loader  used in Linux-based embedded systems such as ChromeOS as well as ebook readers such as Amazon Kindle and Kobo eReader. The issues are summarized below - CVE-2022-30790  (CVSS score: 9.6) - Hole Descriptor overwrite in U-Boot IP packet defragmentation leads to an arbitrary out-of-bounds write primitive. CVE-2022-30552  (CVSS score: 7.1) - Large buffer overflow leads to DoS in U-Boot IP packet defragmentation code It's worth noting that both the flaws are exploitable only from the local network. But doing so can enable an attacker to root the devices and lead to a DoS by crafting a malformed packet. The shortcomings are expected to be addr

The Hacker News

June 6, 2022 – APT

Microsoft seized 41 domains used by Iran-linked Bohrium APT Full Text

Abstract Microsoft's Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns. Microsoft's Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation...

Security Affairs

June 06, 2022 – Criminals

Ransomware gangs now give victims time to save their reputation Full Text

Abstract Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries.

BleepingComputer

June 6, 2022 – Criminals

Microsoft Shuts Down Bohrium and Polonium Operations Full Text

Abstract Microsoft Digital Crimes Unit (DCU) has successfully dismantled a spear-phishing operation associated with an Iranian threat actor, named Bohrium, that targeted customers in the Middle East, the U.S., and India.

Cyware Alerts - Hacker News

June 06, 2022 – Attack

Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers Full Text

Abstract Microsoft's Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed  Bohrium  in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU  said  in a tweet. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware." According to an  ex parte order  shared by the tech giant, the goal of the intrusions was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance. To halt the malicious activities of Bohrium, Microsoft said it took down 41 ".com," ".info

The Hacker News

June 6, 2022 – Attack

Another nation-state actor exploits Microsoft Follina to attack European and US entities Full Text

Abstract A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks against government entities in Europe and the U.S. An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability...

Security Affairs

June 06, 2022 – Phishing

Windows zero-day exploited in US local govt phishing attacks Full Text

Abstract European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina.

BleepingComputer

June 6, 2022 – Criminals

AlphaBay Is Taking Over the Dark Web—Again Full Text

Abstract In July 2017, a global law enforcement sting called Operation Bayonet took down AlphaBay’s sprawling marketplace, seizing the site’s central server in Lithuania and arresting its creator, Alexandre Cazes, outside his home in Bangkok.

Wired

June 06, 2022 – General

Be Proactive! Shift Security Validation Left Full Text

Abstract "Shifting (security)" left approach in Software Development Life Cycle (SDLC) means starting security earlier in the process. As organizations realized that software never comes out perfectly and are riddled with many exploitable holes, bugs, and business logic vulnerabilities that require going back to fix and patch, they understood that building secure software requires incorporating and consolidating numerous resources. This conclusion led DevOps and R&D leaders to become proactive, acquiring technology to find and close these gaps in advance, with the aim of reducing the cost and effort while improving the quality of their outcomes.  With emerging comprehensive  continuous security validation technology , the demonstrated benefits of 'shifting left' as a fundamental part of SDLC can now be applied to your cybersecurity program, with results far exceeding the purely technical aspects of security posture management.  At the development level, the conceptuali

The Hacker News

June 6, 2022 – Vulnerabilities

Red TIM Research discovers a Command Injection with a 9,8 score on Resi Full Text

Abstract During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It’s been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8. ...

Security Affairs

June 06, 2022 – Outage

Italian city of Palermo shuts down all systems to fend off cyberattack Full Text

Abstract The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists.

BleepingComputer

June 6, 2022 – Attack

WatchDog Targets Docker And Redis Servers In New Cryptojacking Campaign Full Text

Abstract The group targets misconfigured Docker Engine API endpoints with an open port 2375 for accessing daemon in default settings. Subsequently, it lists or modifies containers and runs arbitrary shell commands.

Cyware Alerts - Hacker News

June 06, 2022 – Government

CISA Warned About Critical Vulnerabilities in Illumina’s DNA Sequencing Devices Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing ( NGS ) software. Three of the flaws are rated 10 out of 10 for severity on the Common Vulnerability Scoring System ( CVSS ), with two others having severity ratings of 9.1 and 7.4. The issues impact software in medical devices used for "clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only,"  according to the FDA . "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA  said  in an alert. "An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the c

The Hacker News

June 6, 2022 – Attack

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies Full Text

Abstract Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups, they’re leveraging...

Security Affairs

June 6, 2022 – Vulnerabilities

Unpatched bug chain poses ‘mass account takeover’ threat to Yunmai weight monitoring app Full Text

Abstract A chained, zero-day exploit could potentially expose all user data in the backend of the companion mobile application for a popular smart weight scale, security researchers have claimed.

The Daily Swig

June 6, 2022 – General

As Linux Malware is on the Rise, Look Out for These Attacks Full Text

Abstract Although 90% of cloud apps run on Linux, not much is being done to protect them from malware. Ransomware gangs and cryptomining attackers have put their sights on Linux environments.

Cyware Alerts - Hacker News

June 6, 2022 – Breach

Personal Information of Over 30,000 Students Exposed in Unprotected Database Full Text

Abstract The exposed information included full names, email addresses, and phone numbers, along with credit card information, transaction and purchased meals details, and login information stored in plain text.

Security Week

June 05, 2022 – Attack

State-Backed Hackers Exploit Microsoft ‘Follina’ Bug to Target Entities in Europe and U.S Full Text

Abstract A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked  CVE-2022-30190  (CVSS score: 7.8). No less than 1,000 phishing messages containing a lure document were sent to the targets. "This campaign masqueraded as a salary increase and utilized an RTF with the exploit payload downloaded from 45.76.53[.]253," the company  said  in a series of tweets. The payload, which manifests in the form of a PowerShell script, is Base64-encoded and functions as a downloader to retrieve a second PowerShell script from a remote server named "seller-notification[.]live." "This script checks for virtualization, steals information from local browsers, mail clients and file services, conducts machine recon

The Hacker News

June 05, 2022 – Vulnerabilities

Exploit released for Atlassian Confluence RCE bug, patch now Full Text

Abstract Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend.

BleepingComputer

June 5, 2022 – Vulnerabilities

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online Full Text

Abstract Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center...

Security Affairs

June 05, 2022 – Phishing

Evasive phishing mixes reverse tunnels and URL shortening services Full Text

Abstract Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners​​​​​​​ for large-scale phishing campaigns, making the malicious activity more difficult to stop.

BleepingComputer

June 5, 2022 – General

Security Affairs newsletter Round 368 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Anonymous:...

Security Affairs

June 5, 2022 – Cryptocurrency

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club Full Text

Abstract Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold...

Security Affairs

June 5, 2022 – General

Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild Full Text

Abstract Atlassian has addressed on Friday an actively exploited critical remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Early this week, Atlassian warned of a critical unpatched remote code execution vulnerability...

Security Affairs

June 4, 2022 – Cryptocurrency

Clipminer group rakes in $1.7 million in crypto hijacking Full Text

Abstract The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions.

The Register

June 04, 2022 – Attack

Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild Full Text

Abstract Atlassian on Friday rolled out fixes to address a  critical security flaw  affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as  CVE-2022-26134 , the issue is similar to  CVE-2021-26084  — another security flaw the Australian software company patched in August 2021. Both relate to a case of Object-Graph Navigation Language ( OGNL ) injection that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance. The newly discovered shortcoming impacts all supported versions of Confluence Server and Data Center, with every version after 1.3.0 also affected. It's been resolved in the following versions - 7.4.17 7.13.7 7.14.3 7.15.2 7.16.4 7.17.4 7.18.1 According to stats from internet asset discovery platform  Censys , there are about 9,325 services across 8,347 distinct hosts running a vulnerable version of Atlassian Confluenc

The Hacker News

June 4, 2022 – Business

Ten Eleven Ventures Raises $600M Fund for Cybersecurity Investments Full Text

Abstract On the heels of similar announcements by YL Ventures and SYN Ventures, Ten Eleven this week announced it had raised $600 million for its third generation fund to invest in the next wave of security companies, from seed to growth stages.

Security Week

June 04, 2022 – Cryptocurrency

Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack Full Text

Abstract Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam.

BleepingComputer

June 4, 2022 – Breach

Australian Trading Giant ACY Securities Exposed 60GB of User Data Full Text

Abstract The data breach happened due to a misconfigured database owned by ACY Securities. The worse part of the data leak is the fact that it contained over 60GB worth of data that was left exposed without any security authentication.

Hackread

June 04, 2022 – General

Apple blocked 1.6 millions apps from defrauding users in 2021 Full Text

Abstract Apple said this week that it blocked more than 343,000 iOS apps were blocked by the App Store App Review team for privacy violations last year, while another 157,000 were rejected for attempting to mislead or spamming iOS users.

BleepingComputer

June 04, 2022 – Malware

SMSFactory Android malware sneakily subscribes to premium services Full Text

Abstract Security researchers are warning of an Android malware named SMSFactory that adds unwanted costs to the phone bill by subscribing victims to premium services.

BleepingComputer

June 4, 2022 – General

Anonymous: Operation Russia after 100 days of war Full Text

Abstract Operation Russia continues, albeit much more slowly than last month, RKPLaw, Vyberi Radio, and Metprom Group are the last victims. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, albeit much more slowly...

Security Affairs

June 4, 2022 – Vulnerabilities

GitLab addressed critical account take over via SCIM email change Full Text

Abstract GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users' accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680...

Security Affairs

June 03, 2022 – Ransomware

The Week in Ransomware - June 3rd 2022 - Evading sanctions Full Text

Abstract Ransomware gangs continue to evolve their operations as victims refuse to pay ransoms due to sanctions or other reasons.

BleepingComputer

June 3, 2022 – Attack

Several Elasticsearch Databases Attacked for Ransom Full Text

Abstract Secureworks spotted a new campaign targeting vulnerable Elasticsearch databases to replace their indexes with a ransom note; a total ransom of $280,000 has been demanded. The attackers have used an automated script to parse unprotected databases, wipe out their data, and add the ransom note. Admins ... Read More

Cyware Alerts - Hacker News

June 03, 2022 – Vulnerabilities

GitLab Issues Security Patch for Critical Account Takeover Vulnerability Full Text

Abstract GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as  CVE-2022-1680 , the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1. "When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus — in the absence of 2FA — take over those accounts," GitLab  said . Having achieved this, a malicious actor can also change the display name and username of the targeted account, the DevOps platform provider cautioned in its

The Hacker News

June 3, 2022 – APT

LuoYu APT delivers WinDealer malware via man-on-the-side attacks Full Text

Abstract Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An "extremely sophisticated" China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have...

Security Affairs

June 03, 2022 – Attack

Novartis says no sensitive data was compromised in cyberattack Full Text

Abstract Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang.

BleepingComputer

June 3, 2022 – Policy and Law

Global Law Enforcement Operation Shuts Down FluBot Full Text

Abstract Europol, along with law enforcement agencies from Finland, Austria, Belgium, Ireland, Spain, Sweden, Hungary, the U.S., the Netherlands, and Switzerland, took down FluBot's infrastructure. The Dutch Police claimed to have disconnected 10,000 victims from the FluBot network and stopped over 6.5 mill ... Read More

Cyware Alerts - Hacker News

June 03, 2022 – Cryptocurrency

WatchDog hacking group launches new Docker cryptojacking campaign Full Text

Abstract ​The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software.

BleepingComputer

June 3, 2022 – Government

CISA Warns of Critical Vulnerabilities in Illumina Genetic Analysis Devices Full Text

Abstract The flaws affect Illumina Local Run Manager (LRM), which is used by sequencing instruments designed for clinical diagnostic use in the sequencing of a person's DNA, testing for various genetic conditions, as well as research.

Security Week

June 03, 2022 – Vulnerabilities

Atlassian fixes Confluence zero-day widely exploited in attacks Full Text

Abstract Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers.

BleepingComputer

June 3, 2022 – APT

SideWinder Launched More than 1,000 Attacks in Two Years Full Text

Abstract The SideWinder APT has launched more than 1,000 attacks while leveraging over 400 domains and subdomains, with additional stealth mechanisms. The threat group is maintaining a large C2 infrastructure comprising more than 400 domains and subdomains that were used to host malicious payloads and manag ... Read More

Cyware Alerts - Hacker News

June 03, 2022 – General

Americans report losing over $1 billion to cryptocurrency scams Full Text

Abstract The U.S. Federal Trade Commission (FTC) says over 46,000 people Americans have reported losing more than $1 billion worth of cryptocurrency to scams between January 2021 and March 2022.

BleepingComputer

June 3, 2022 – Business

Chainguard raises $50M Series A for supply chain security Full Text

Abstract The round was led by Sequoia Capital. Amplify, the Chainsmokers’ Mantis VC, LiveOak Venture Partners, Banana Capital, K5/JPMC, and CISOs from Google and Square, among others, also participated in this round.

Tech Crunch

June 03, 2022 – Criminals

Microsoft disrupts Bohrium hackers’ spear-phishing operation Full Text

Abstract The Microsoft Digital Crimes Unit (DCU) has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India.

BleepingComputer

June 3, 2022 – General

The Underground Company That Hacks iPhones for Ordinary Consumers Full Text

Abstract An underground group is offering people a way to strip that lock from certain iPhones with its pay-for-hacking service. iOS security experts suspect it is being used to remove protections from stolen iPhones.

Vice

June 3, 2022 – Criminals

Access Brokers and Ransomware-as-a-Service Gangs Tighten Relationships Full Text

Abstract Dark web watchers have noted the increasing professionalism of cybercrime groups over the last few years. Criminal groups are well-organized and have just one purpose: streamlining operations to maximize profits.

Security Week

June 03, 2022 – Vulnerabilities

GitLab security update fixes critical account take over flaw Full Text

Abstract GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.

BleepingComputer

June 3, 2022 – Business

Logging and Security Analytics Firm Devo Banks New $100 Million Investment Full Text

Abstract The Series F round was led by Eurazeo, a global investment firm with over $30 billion in assets under management. Existing investors Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, and Kibo Ventures also participated.

Security Week

June 03, 2022 – Attack

Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor Full Text

Abstract An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed  LuoYu  has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky  said  in a new report. "Such attacks are especially dangerous and devastating because they do not require any interaction with the target to lead to a successful infection." Known to be active since 2008, organizations targeted by LuoYu are predominantly foreign diplomatic organizations established in China and members of the academic community as well as financial, defense, logistics, and telecommunications companies. LuoYu's use of  WinDealer  was first documented by Taiwanese cybersecurity firm  TeamT5  at the Japan Security Analyst Conference (JSAC) in January 2021. S

The Hacker News

June 3, 2022 – Botnet

Clipminer Botnet already allowed operators to make at least $1.7 Million Full Text

Abstract The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made...

Security Affairs

June 3, 2022 – General

The Ultimate SaaS Security Posture Management (SSPM) Checklist Full Text

Abstract As one might expect, not all SSPM solutions are created equal. Monitoring, alerts, and remediation should sit at the heart of your SSPM solution. They ensure that any vulnerabilities are quickly closed before they are exploited by cyberattacks.

Threatpost

June 3, 2022 – Outage

Exiled Iran Group Claims Tehran Hacking Attack Full Text

Abstract Iranian state media said earlier that the internal computer system of the municipality of Tehran was targeted in a "deliberate" shutdown Thursday in the latest apparent cyberattack in the country.

Security Week

June 03, 2022 – Malware

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Full Text

Abstract The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name "NDSW/NDSX," said that "the malware was one of the top infections" detected in 2021, accounting for more than 61,000 websites. Parrot TDS was  documented  in April 2022 by Czech cybersecurity company Avast, noting that the PHP script had ensnared web servers hosting more than 16,500 websites to act as a gateway for further attack campaigns. This involves appending a piece of malicious code to all JavaScript files on compromised web servers hosting content management systems (CMS) such as WordPress that are in turn said to be breached by taking advantage of weak login credentials and vulnerable plugins. Besides using different obfuscation tactics to conceal the code, the "injected JavaScript may also be found well indent

The Hacker News

June 3, 2022 – Vulnerabilities

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited Full Text

Abstract Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence...

Security Affairs

June 3, 2022 – Policy and Law

China’s draft cybersecurity rules pose risks for financial firms, lobby group warns Full Text

Abstract China's proposed cybersecurity rules for financial firms could pose risks to the operations of western companies by making their data vulnerable to hacking, among other things, a leading lobby group has said in a letter seen by Reuters.

Reuters

June 03, 2022 – Attack

Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies Full Text

Abstract Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive applications created and that it notified affected organizations. "The observed activity was coordinated with other actors affiliated with Iran's Ministry of Intelligence and Security (MOIS), based primarily on victim overlap and commonality of tools and techniques," MSTIC  assessed  with "moderate confidence." The adversarial collective is believed to have breached more than 20 organizations based in Israel and one intergovernmental organization with operations in Lebanon since February 2022. Targets of interest included entities in the manufacturing, IT, transpo

The Hacker News

June 3, 2022 – Attack

Microsoft blocked Polonium attacks against Israeli organizations Full Text

Abstract Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM. Microsoft announced to have blocked a series of attacks targeting Israeli organizations that have...

Security Affairs

June 3, 2022 – Attack

Russia is ‘failing’ in its mission to destabilize Ukraine’s networks after a series of thwarted cyber-attacks Full Text

Abstract Since even before its invasion of Ukraine began on February 24, 2022, Russia has conducted a series of cyberattacks against both the country’s internet infrastructure and other critical services in an attempt to destabilize Ukraine.

The Daily Swig

June 3, 2022 – Criminals

Clipminer Botnet Operators Rake in $1.7 Million Through Cryptomining Full Text

Abstract Spreading via trojanized cracked or pirated software, the Clipminer trojan shows similarities with the cryptomining trojan KryptoCibule, suggesting that it could be either a copycat or an evolution of the latter.

Security Week

June 2, 2022 – General

Has the Time for an EU-U.S. Agreement on E-Evidence Come and Gone? Full Text

Abstract Over the past several years, Europe and the United States have put in place numerous incentives for an overarching consensual solution to the problem of foreign access to evidence in electronic form. However, a legislative deadlock in Brussels risks the future of U.S.-EU negotiations.

Lawfare

June 2, 2022 – General

Turns Out It Is Not 85 Percent Full Text

Abstract A recently published paper from three George Washington University students refutes a commonly cited statistic about ownership of critical infrastructure and offers a more accurate portrayal of public and private ownership.

Lawfare

June 02, 2022 – Attack

Critical Atlassian Confluence zero-day actively used in attacks Full Text

Abstract Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time.

BleepingComputer

June 2, 2022 – General

The Challenge Digital Executive Protection Poses to Enterprise Security Teams Full Text

Abstract CISOs do heroic work protecting their executives when inside the organization’s four walls. But risks originating in personal digital lives present a challenge that enterprise security teams cannot solve, even if they wanted to.

Threatpost

June 02, 2022 – Malware

Top 10 Android banking trojans target apps with 1 billion downloads Full Text

Abstract The ten most prolific Android mobile banking trojans target 639 financial applications that collectively have over one billion downloads on the Google Play Store.

BleepingComputer

June 2, 2022 – Phishing

Scammers Target NFT Discord Channel Full Text

Abstract Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.

Threatpost

June 02, 2022 – Criminals

Evil Corp switches to LockBit ransomware to evade sanctions Full Text

Abstract The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC).

BleepingComputer

June 02, 2022 – Hacker

Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability Full Text

Abstract Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being tracked as  CVE-2022-26134 . "Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server," it  said  in an advisory. "There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix." Specifics of the security flaw have been withheld until a software patch is available. All supported versions of Confluence Server and Data Center are affected, although it's expected that all versions of the enterprise solution are potentially vulnerable. The earliest impacted version is

The Hacker News

June 2, 2022 – Attack

LockBit ransomware attack impacted production in a Mexican Foxconn plant Full Text

Abstract LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico)...

Security Affairs

June 2, 2022 – General

Being Prepared for Adversarial Attacks – Podcast Full Text

Abstract There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s […]

Threatpost

June 02, 2022 – Criminals

Ransomware gang now hacks corporate websites to show ransom notes Full Text

Abstract A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes.

BleepingComputer

June 02, 2022 – Solution

Threat Detection Software: A Deep Dive Full Text

Abstract As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization.  Threat detection is about an organization's ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and assets. At scale, threat detection analyzes the entire security infrastructure to identify malicious activity that could compromise the ecosystem. Countless solutions support threat detection, but the key is to have as much data as possible available to bolster your security visibility. If you don't know what is happening on your systems, threat detection is impossible.  Deploying the right security software is critical for protecting you from threats. What do we mean by threat detection software? In the early days of threat detection, software was deployed to protect against different forms of malware. However,

The Hacker News

June 2, 2022 – Breach

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks Full Text

Abstract The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group's chats, which were leaked earlier this year, revealed that the ransomware gang has been...

Security Affairs

June 02, 2022 – Attack

Microsoft blocks Polonium hackers from using OneDrive in attacks Full Text

Abstract Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations.

BleepingComputer

June 02, 2022 – Criminals

Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks Full Text

Abstract An analysis of  leaked chats  from the notorious  Conti ransomware group  earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals," firmware and hardware security firm Eclypsium  said  in a report shared with The Hacker News. "Such level of access would allow an adversary to cause irreparable damage to a system or to establish ongoing persistence that is virtually invisible to the operating system." Specifically, this includes attacks aimed at embedded microcontrollers such as the Intel  Management Engine  ( ME ), a privileged component that's part of the company's processor chipsets and which can completely bypass the operating system. It's worth noting that the reason for this evolv

The Hacker News

June 2, 2022 – Criminals

An international police operation dismantled FluBot spyware Full Text

Abstract An international law enforcement operation involving 11 countries resulted in the takedown of the FluBot Android malware. An international law enforcement operation involving 11 countries led to the takedown of the infamous FluBot Android malware....

Security Affairs

June 02, 2022 – Attack

Chinese LuoYu hackers deploy cyber-espionage malware via app updates Full Text

Abstract A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks.

BleepingComputer

June 02, 2022 – Ransomware

Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks Full Text

Abstract As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. Called Ransomware for IoT or  R4IoT  by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT [information technology] network and impact the OT [operational technology] network." This potential pivot is based on the rapid growth in the number of IoT devices as well as the convergence of IT and OT networks in organizations. The ultimate goal of R4IoT is to leverage exposed and vulnerable IoT devices such as IP cameras to gain an initial foothold, followed by deploying ransomware in the IT network and taking advantage of poor operational security practices to hold mission-critical processes hostage. "By compromising IoT, IT, and OT assets, R4IoT goes beyond the usual encryption and data exfiltration to cause phys

The Hacker News

June 2, 2022 – Vulnerabilities

A critical RCE flaw in Horde Webmail has yet to be addressed Full Text

Abstract A remote code execution vulnerability in the open-source Horde Webmail client can allow to take over servers by sending a specially crafted email. Researchers from SonarSource discovered a remote code execution vulnerability (CVE-2022-30287) in the open-source...

Security Affairs

June 02, 2022 – Ransomware

Conti ransomware targeted Intel firmware for stealthy attacks Full Text

Abstract Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks.

BleepingComputer

June 02, 2022 – Criminals

Clipminer malware gang stole $1.7M by hijacking crypto payments Full Text

Abstract Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking.

BleepingComputer

June 02, 2022 – Outage

Foxconn confirms ransomware attack disrupted production in Mexico Full Text

Abstract Foxconn electronics manufacturer has confirmed that one of its Mexico-based production plants has been impacted by a ransomware attack in late May.

BleepingComputer

June 1, 2022 – Vulnerabilities

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack Full Text

Abstract Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

Threatpost

June 01, 2022 – Vulnerabilities

New Windows Search zero-day added to Microsoft protocol nightmare Full Text

Abstract A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.

BleepingComputer

June 1, 2022 – Criminals

New Activities by Clop and REvil - Copycats or Final Wrapups? Full Text

Abstract Two prominent ransomware groups, Clop and REvil, had claimed to have shut down but there are some activities that suggest cybercriminals may have not gone completely. Clop had an unexpected return with a jump from the least active threat in March to the fourth most active in April. The so-thought- ... Read More

Cyware Alerts - Hacker News

June 01, 2022 – Vulnerabilities

New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email Full Text

Abstract A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared with The Hacker News. "The vulnerability exists in the default configuration and can be exploited with no knowledge of a targeted Horde instance." The issue, which has been assigned the CVE identifier  CVE-2022-30287 , was reported to the vendor on February 2, 2022. The maintainers of the Horde Project did not immediately respond to a request for comment regarding the unresolved vulnerability. At its core, the issue makes it possible for an authenticated user of a Horde instance to run malicious code on the underlying server by taking advantage of a quirk in how the client

The Hacker News

June 1, 2022 – Botnet

New XLoader Botnet version uses new techniques to obscure its C2 servers Full Text

Abstract A new version of the XLoader botnet is implementing a new technique to obscure the Command and Control infrastructure. Researchers from Check Point have discovered a new version of the XLoader botnet, which implements significant enhancements, such...

Security Affairs

June 01, 2022 – Attack

Hundreds of Elasticsearch databases targeted in ransom attacks Full Text

Abstract A campaign targeting poorly secured Elasticsearch databases has deleted their contents and dropped ransom notes on 450 instances, demanding a payment of $620 to give them back their indexes, totaling a demand of $279,000.

BleepingComputer

June 1, 2022 – Denial Of Service

Gamaredon Prepares for Next Wave of DDoS Attacks Full Text

Abstract Researchers reported a wave of DDoS attacks by the Russian Gamaredon APT group. Also, criminals have open-sourced code of a DDoS trojan called LOIC. Besides, experts observed attackers launch multiple attacks, such as phishing campaigns and malware attacks. Organizations are suggested to stay ... Read More

Cyware Alerts - Hacker News

June 01, 2022 – Policy and Law

FluBot Android Spyware Taken Down in Global Law Enforcement Operation Full Text

Abstract An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called  FluBot . "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol  said  in a statement. The "complex investigation" included authorities from Australia, Belgium, Finland, Hungary, Ireland, Romania, Spain, Sweden, Switzerland, the Netherlands, and the U.S. FluBot , also called Cabassous, emerged in the wild in December 2020, masking its insidious intent behind the veneer of seemingly innocuous package tracking applications such as FedEx, DHL, and Correos.  It primarily spreads via smishing (aka SMS-based phishing) messages that trick unsuspecting recipients into clicking on a link to download the malware-laced apps. Once launched, the app would proceed to request access to Android

The Hacker News

June 1, 2022 – General

Experts uncovered over 3.6M accessible MySQL servers worldwide Full Text

Abstract Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners. Researchers from Shadow Server scanned the internet for publicly accessible MySQL server instances on port 3306/TCP...

Security Affairs

June 01, 2022 – Criminals

FBI seizes domains used to sell stolen data, DDoS services Full Text

Abstract The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and to provide DDoS attack services.

BleepingComputer

June 1, 2022 – Botnet

EnemyBot Botnet Expanding its Scope by Targeting Latest Vulnerabilities Full Text

Abstract EnemyBot botnet expanded its attack scope to exploit critical vulnerabilities found in VMware, Android, and F5 BIG-IP. It is suspected to have some strong correlation with the LolFMe botnet in terms of having similar strings, structure, and patterns in the code. The botnet is under active developme ... Read More

Cyware Alerts - Hacker News

June 01, 2022 – General

YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites Full Text

Abstract As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called  YODA  that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology. "Attackers impersonated benign plugin authors and spread malware by distributing pirated plugins," the researchers  said  in a new paper titled " Mistrust Plugins You Must ." "The number of malicious plugins on websites has steadily increased over the years, and malicious activity peaked in March 2020. Shockingly, 94% of the malicious plugins installed over those 8 years are still active today." The large-scale research entailed analyzing WordPress plugins installed in 410,122 unique web servers dating all the way back to 2012

The Hacker News

June 1, 2022 – APT

China-linked TA413 group actively exploits Microsoft Follina zero-day flaw Full Text

Abstract A China-linked APT group is actively exploiting the recently disclosed Follina zero-day flaw in Microsoft Office in attacks in the wild. China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked...

Security Affairs

June 01, 2022 – Government

US govt: Paying Karakurt extortion ransoms won’t stop data leaks Full Text

Abstract Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others. 

BleepingComputer

June 1, 2022 – Vulnerabilities

Browser Automation Framework is the New Threat Full Text

Abstract Researchers have warned against the increased use of free-to-use browser automation frameworks by attackers that can be abused in malicious activities.  Researchers observed C2 IP addresses linked with malware such as BlackGuard, Bumblebee, and RedLine Stealer communicating with the subdomai ... Read More

Cyware Alerts - Hacker News

June 01, 2022 – Botnet

New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers Full Text

Abstract An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. "Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen," Israeli cybersecurity company Check Point  said . First spotted in the wild in October 2020, XLoader is a successor to Formbook and a  cross-platform information stealer  that's capable of plundering credentials from web browsers, capturing keystrokes and screenshots, and executing arbitrary commands and payloads. More recently, the  ongoing geopolitical conflict  between Russia and Ukraine has proved to be a lucrative fodder for  distributing XLoader  by means of  phishing emails  aimed at high-ranking government officials in Ukraine. The latest findings from Check Point build on a previous repor

The Hacker News

June 1, 2022 – Attack

Hive ransomware gang hit Costa Rica public health service Full Text

Abstract Costa Rican Social Security Fund, Costa Rica 's public health service, was hit by a Hive ransomware attack. Costa Rican Social Security Fund, Costa Rica 's public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer...

Security Affairs

June 01, 2022 – Phishing

RuneScape phishing steals accounts and in-game item bank PINs Full Text

Abstract Cybersecurity researchers have discovered a new RuneScape-themed phishing campaign, and it stands out among the various operations for being exceptionally well-crafted.

BleepingComputer

June 1, 2022 – Attack

Researchers Devise Attack Using IoT and IT to Deliver Ransomware Against OT Full Text

Abstract Attacks against OT are more difficult to achieve, but the effect is equally more difficult to mitigate. The evolution of cyber extortion makes this more than just a possible development.

Security Week

June 01, 2022 – Vulnerabilities

Windows MSDT zero-day vulnerability gets free unofficial patch Full Text

Abstract A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.'

BleepingComputer

June 1, 2022 – General

Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms Full Text

Abstract The existence of the backdoor account, tracked as CVE-2020-12501, was discovered by SEC Consult in 2020, but it was only made public now, after a lengthy disclosure process that ended with the vendor saying that the account will not be removed.

Security Week

June 01, 2022 – Policy and Law

FluBot Android malware operation shutdown by law enforcement Full Text

Abstract Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence.

BleepingComputer

June 1, 2022 – Breach

Cybercriminal Scams the City of Portland for $1.4 Million by Compromising Email Account Full Text

Abstract “Preliminary evidence indicates that an unauthorized, outside entity gained access to a City of Portland email account to conduct this illegal activity,” according to a statement by the city authorities.

The Record

June 01, 2022 – Malware

SideWinder hackers plant fake Android VPN app in Google Play Store Full Text

Abstract Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting.

BleepingComputer

June 1, 2022 – Government

FBI Warns of Scammers Soliciting Donations Related to the Crisis in Ukraine Full Text

Abstract Although the Ukrainian Government and other private organizations do maintain official donation mechanisms, people must be cautious and verify information about entities purporting to solicit aid for causes linked to the crisis in Ukraine.

IC3

June 01, 2022 – Attack

Ransomware attacks need less than four days to encrypt systems Full Text

Abstract The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.

BleepingComputer

June 01, 2022 – Phishing

Telegram’s blogging platform abused in phishing attacks Full Text

Abstract Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials.

BleepingComputer

More

Table of contents