November, 2022
November 30, 2022 – Breach
GoTo says hackers breached its dev environment, cloud storage Full Text
Abstract
Remote access and collaboration company GoTo disclosed today that they suffered a security breach where threat actors gained access to their development environment and third-party cloud storage service.BleepingComputer
November 30, 2022 – Attack
IKEA Investigating Cyberattacks on Outlets in Kuwait, Morocco Full Text
Abstract
Swedish furniture giant IKEA confirmed that its franchises in Kuwait and Morocco are dealing with a cyberattack that caused a disturbance on some operating systems. They were added to the leak site of the Vice Society ransomware group on Monday.The Record
November 30, 2022 – Malware
Google links three exploitation frameworks to Spanish commercial spyware vendor Variston Full Text
Abstract
Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework...Security Affairs
November 30, 2022 – Attack
Keralty ransomware attack impacts Colombia’s health care system Full Text
Abstract
The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries.BleepingComputer
November 30, 2022 – Vulnerabilities
Intel disputes seriousness of Data Centre Manager authentication flaw Full Text
Abstract
Intel acknowledges the vulnerability – tracked as CVE-2022-33942 and assessed with a severity score of 8.8 – but disputes its seriousness. As per Intel, the issue represents only a privilege elevation flaw rather than an RCE risk.The Daily Swig
November 30, 2022 – Vulnerabilities
Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection Full Text
Abstract
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for developers by highlighting the flaws. But as JFrog established, the security advisories are not displayed when the packages follow certain version formats, creating a scenario where critical flaws could be introduced into their systems either directly or via the package's dependencies. Specifically, the problem arises only when the installed package version contains a hyphen (e.g., 1.2.3-a), which is included to denote a pre-release version of an npm module. While the project maintainers treat the discrepancy between regular npm package versions and pre-release versionThe Hacker News
November 30, 2022 – Attack
Attackers abused the popular TikTok Invisible Challenge to spread info-stealer Full Text
Abstract
Threat actors are exploiting interest in a popular TikTok challenge, dubbed Invisible Challenge, to trick users into downloading info-stealing malware. Threat actors are exploiting the popularity of a TikTok challenge, called Invisible Challenge,...Security Affairs
November 30, 2022 – Vulnerabilities
Critical RCE bugs in Android remote keyboard apps with 2M installs Full Text
Abstract
Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution.BleepingComputer
November 30, 2022 – Business
Investors Bet $31 Million on Sphere for Identity Hygiene Tech Full Text
Abstract
The woman-owned company led by Rita Gurevich said the $31 million Series B was led by growth equity firm Edison Partners. Forgepoint Capital, the venture capital firm that led Sphere’s Series A, also invested in the new round.Security Week
November 30, 2022 – Malware
This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms Full Text
Abstract
A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation service. This is achieved by using the phone numbers associated with the infected devices as a means to gather the one-time password that's typically sent to verify the user when setting up new accounts. "The malware asks the phone number of the user in the first screen," security researcher Maxime Ingrao, who discovered the malware, said , while also requesting for SMS permissions. "Then it pretends to load the application but remains all the time on this page, it is to hide the interface of the received SMS and that the user does not see the SMS of subscriptions to the vaThe Hacker News
November 30, 2022 – APT
China-linked UNC4191 APT relies on USB Devices in attacks against entities in the Philippines Full Text
Abstract
An alleged China-linked cyberespionage group, tracked as UNC4191, used USB devices in attacks aimed at Philippines entities. Mandiant researchers spotted an alleged China-linked cyberespionage group, tracked as UNC4191, leveraging USB devices as attack...Security Affairs
November 30, 2022 – Breach
Lastpass says hackers accessed customer data in new breach Full Text
Abstract
LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.BleepingComputer
November 30, 2022 – Vulnerabilities
Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework Full Text
Abstract
Tracked as CVE-2022-4116 (CVSS score of 9.8), the security defect was identified in the Dev UI Config Editor of Quarkus framework and can be exploited via drive-by localhost attacks.Security Week
November 30, 2022 – Vulnerabilities
French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm Full Text
Abstract
The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l'informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022. It's worth noting that MD5, a message digest algorithm, is considered cryptographically broken as of December 2008 owing to the risk of collision attacks . Furthermore, the authority noted that the passwords associated with 2,414,254 customer accounts had only been hashed and not salted , exposing the account holders to potential cyber threats. The probe also pointed fingers at EDF for failing to comply with GDPR data retention policies and for providing "inaccurate information on the origin of the data collected." "The amounThe Hacker News
November 30, 2022 – Breach
ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year Full Text
Abstract
CyberNews experts discovered that ENC Security, a Netherlands software company, had been leaking critical business data since May 2021. Original post at https://cybernews.com/security/encsecurity-leaked-sensitive-data/ When you buy a Sony, Lexar,...Security Affairs
November 30, 2022 – Malware
New Windows malware scans victims’ mobile phones for data to steal Full Text
Abstract
Security researchers found a previously unknown backdoor they call Dophin that's been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage.BleepingComputer
November 30, 2022 – Vulnerabilities
Tailscale VPN nodes vulnerable to DNS rebinding, RCE Full Text
Abstract
A series of flaws in Tailscale, an open-source mesh virtual private network (VPN) software, could allow attackers to stage remote code execution (RCE) attacks against VPN nodes.The Daily Swig
November 30, 2022 – Policy and Law
Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches Full Text
Abstract
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information, whichever is greater. The turnover period is the time duration from when the contravention occurred to the end of the month when the incident is officially addressed. "Significant privacy breaches in recent months have shown existing safeguards are outdated and inadequate," Attorney-General Mark Dreyfus said in a statement. "These reforms make clear to companies that the penalty for a major data breach can no longer be regarded as the cost of doing business." The legislation, called the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, also bestowThe Hacker News
November 30, 2022 – Botnet
Cybersecurity researchers take down DDoS botnet by accident Full Text
Abstract
While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks.BleepingComputer
November 30, 2022 – Vulnerabilities
Delta Electronics Patches Serious Flaws in Industrial Networking Devices Full Text
Abstract
The flaws were identified by researchers at CyberDanube, an industrial cybersecurity company based in Austria, in Delta’s DX-2100-L1-CN 3G cloud router and the DVW-W02W2-E2 industrial wireless access point.Security Week
November 30, 2022 – Policy and Law
Australia will now fine firms up to AU$50 million for data breaches Full Text
Abstract
The Australian parliament has approved a bill to amend the country's privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches.BleepingComputer
November 30, 2022 – General
Beware of These Threats Surrounding FIFA World Cup Full Text
Abstract
Cybercriminals are targeting World Cup fans through unauthorized Hayya Cards and FIFA-themed crypto tokens and coins. Cybercriminals are also selling stolen credit card details to conduct unauthorized transactions. Please take a look at the various kinds of threats and their impact on organizations ... Read MoreCyware Alerts - Hacker News
November 30, 2022 – Privacy
Google discovers Windows exploit framework used to deploy spyware Full Text
Abstract
Google's Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company.BleepingComputer
November 30, 2022 – Breach
Encryption Provider ENC Security Leaked Sensitive Data for Over a Year Due to Security Misconfiguration Full Text
Abstract
The company said a misconfiguration by a third-party supplier caused the issue and fixed it immediately upon notification. The data was accessible from May 27, 2021, up until November 9, 2022.Security Affairs
November 30, 2022 – Vulnerabilities
NVIDIA releases GPU driver update to fix 29 security flaws Full Text
Abstract
NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.BleepingComputer
November 30, 2022 – Malware
Android and iOS apps with 15 million installs extort loan seekers Full Text
Abstract
Over 280 Android and iOS apps on the Google Play and the Apple App stores trapped users in loan schemes with misleading terms and employed various methods to extort and harass borrowers.BleepingComputer
November 30, 2022 – Breach
Virginia County Confirms Personal Information Stolen in Ransomware Attack Full Text
Abstract
The county says that it took steps to contain the attack immediately after identifying it, and that it launched an investigation into the incident, to determine the type of data that might have been compromised.Security Week
November 30, 2022 – Hacker
Crafty threat actor uses ‘aged’ domains to evade security platforms Full Text
Abstract
A sophisticated threat actor named 'CashRewindo' has been using aged domains in global malvertising campaigns that lead to investment scam sites.BleepingComputer
November 30, 2022 – Outage
Canadian school district recovering from cyberattack that left schools without access to email Full Text
Abstract
The Durham District School Board (DDSB) says it’s currently recovering from what it calls a ‘cyber-incident’ that has left schools without access to phone or email services as well as emergency contact information.CP24
November 30, 2022 – Vulnerabilities
3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies Full Text
Abstract
Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL . "These issues exemplify either an insecure-by-design approach — which was usual at the time the products were launched – where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said . The most critical of the flaws is CVE-2022-3270 (CVSS score: 9.8), a critical vulnerability that affects Festo automation controllers using the Festo Generic Multicast (FGMC) protocol to reboot the devices without requiring any authentication and cause a denial of service (DoS) condition. Another DoS shortcoming iThe Hacker News
November 30, 2022 – Hacker
Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines Full Text
Abstract
A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191 . An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September 2021. "UNC4191 operations have affected a range of public and private sector entities primarily in Southeast Asia and extending to the U.S., Europe, and APJ," researchers Ryan Tomcik, John Wolfram, Tommy Dacanay, and Geoff Ackerman said . "However, even when targeted organizations were based in other locations, the specific systems targeted by UNC4191 were also found to be physically located in the Philippines." The reliance on infected USB drives to propagate the malware is unusual if not new . The Raspberry Robin worm, which has evolved into an initial access serThe Hacker News
November 29, 2022 – Ransomware
Trigona ransomware spotted in increasing attacks worldwide Full Text
Abstract
A previously unnamed ransomware has rebranded under the name 'Trigona,' launching a new Tor negotiation site where they accept Monero as ransom payments.BleepingComputer
November 29, 2022 – Vulnerabilities
Hackers Actively Abuse Vulnerability in Fortinet Products Full Text
Abstract
Attackers are abusing a critical authentication bypass vulnerability, tracked as CVE-2022-40684 in multiple versions of Fortinet Products, including FortiOS, FortiProxy, and FortiSwitchManager. Researchers found that there are over a hundred thousand FortiGate firewalls exposed over the internet th ... Read MoreCyware Alerts - Hacker News
November 29, 2022 – Vulnerabilities
New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection Full Text
Abstract
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020 , the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "may allow changes to Secure Boot settings by creating NVRAM variables." Credited with discovering the flaw is ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers. Disabling Secure Boot, an integrity mechanism that guarantees that only trusted software is loaded during system startup, enables a malicious actor to tamper with boot loaders , leading to severe consequences. This includes granting the attacker complete control over the operating system loading process as well as "disable or bypass protections to silently deploy theirThe Hacker News
November 29, 2022 – Government
Defense Department Releases Zero Trust Strategy Full Text
Abstract
On Nov. 22, the U.S. Department of Defense released their Zero Trust Strategy, a new approach to countering cyberattacks. The new framework employs a “‘never trust, always verify’” mindset, deviating from the Defense Department’s previously used perimeter defense model. The strategy is prompted by the “rapid growth” of offensive cyber threats and aims to fully implement the department-wide model by fiscal year 2027.Lawfare
November 29, 2022 – Hacker
Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access Full Text
Abstract
Cyble observed Initial Access Brokers (IABs) offering access to enterprise networks compromised via a critical flaw in Fortinet products. Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely...Security Affairs
November 29, 2022 – Encryption
Let’s Encrypt issued over 3 billion certificates, securing 309M sites for free Full Text
Abstract
Internet Security Research Group (ISRG), the nonprofit behind Let's Encrypt, says the open certificate authority (CA) has issued its three billionth certificate this year.BleepingComputer
November 29, 2022 – Government
CISA Adds Two Actively Exploited Flaws to its Catalog Full Text
Abstract
The CISA urged users' attention toward a high-severity bug in Oracle Fusion Middleware that is under heavy exploitation by hackers. A hacker could completely take over Access Manager instances by abusing the flaw. The CISA has also added s Google Chrome bug that can be abused to take control of sys ... Read MoreCyware Alerts - Hacker News
November 29, 2022 – Hacker
Hackers Using Trending TikTok ‘Invisible Challenge’ to Spread Malware Full Text
Abstract
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge , involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a nefarious scheme wherein the attackers post TikTok videos with links to rogue software dubbed "unfilter" that purport to remove the applied filters. "Instructions to get the 'unfilter' software deploy WASP stealer malware hiding inside malicious Python packages," Checkmarx researcher Guy Nachshon said in a Monday analysis. The WASP stealer (aka W4SP Stealer) is a malware that's designed to steal users' passwords, Discord accounts, cryptocurrency wallets, and other sensitive information. The TikTok videos posted by the attackers, @learncyber anThe Hacker News
November 29, 2022 – Government
CISA adds Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
CISA added a critical flaw impacting Oracle Fusion Middleware, tracked as CVE-2021-35587, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) a critical vulnerability impacting Oracle Fusion...Security Affairs
November 29, 2022 – Criminals
Spanish police dismantle operation that made €12M via investment scams Full Text
Abstract
Spanish National Police have dismantled a cybercrime organization that used fake investment sites to defraud over €12.3 million ($12.8 million) from 300 victims across Europe.BleepingComputer
November 29, 2022 – Vulnerabilities
Dell, HP, & Lenovo System Found Using Outdated OpenSSL Full Text
Abstract
The cybersecurity researchers at Binarly recently discovered that outdated versions of the OpenSSL cryptographic library are still being used by Dell, HP, and Lenovo on their devices.GB Hackers
November 29, 2022 – Education
7 Cyber Security Tips for SMBs Full Text
Abstract
When the headlines focus on breaches of large enterprises like the Optus breach, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort? Unfortunately, when it comes to cyber security, size doesn't matter. Assuming you're not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple security steps in place. Few small businesses prioritise cybersecurity, and hackers know it. According to Verizon, the number of smaller businesses being hit has climbed steadily in the last few years – 46% of cyber breaches in 2021 impacted businesses with fewer than 1,000 employees. Cyber security doesn't need to be difficult Securing any business doesn't need to be complex or come with a hefty price tag. Here are seven simple tips to help the smaller business secure their systems, people and data. 1 — Install anti-virus software everywhere Every organisation has anti-virus on theThe Hacker News
November 29, 2022 – Education
Tips for Gamifying Your Cybersecurity Awareness Training Program Full Text
Abstract
In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report, 82% of data breaches involved the human element, from social attacks to misuse of technologies. These errors are not always...Security Affairs
November 29, 2022 – Solution
Ransomware detection with Wazuh SIEM and XDR platform Full Text
Abstract
Wazuh is a free, open source SIEM/XDR solution with more than 10 million annual downloads. Learn more about how Wazuh can help protect your organization against the ever-evolving tactics of ransomware.BleepingComputer
November 29, 2022 – Ransomware
Cryptonite and Punisher - An Analysis of New Ransomware Full Text
Abstract
The threat landscape is constantly evolving with new ransomware. FortiGuard Labs and Cyble spotted new Cryptonite and Punisher ransomware variants. The latter targeted users in Chile. Cryptonite is a free and open-source ransomware kit that can be downloaded by anyone willing to deploy it. Pu ... Read MoreCyware Alerts - Hacker News
November 29, 2022 – Policy and Law
Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users’ Data Full Text
Abstract
Ireland's Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collated dataset of Facebook personal data that had been made available on the internet." This included the personal information associated with 533 million users of the social media platform, such as their phone numbers, dates of birth, locations, email addresses, gender, marital status, account creation date, and other profile details. Meta acknowledged that the information was "old data" that was obtained by malicious actors by taking advantage of a technique called "phone number enumeration" to scrape users' public profiles . This entailed misusing a tThe Hacker News
November 29, 2022 – Breach
Irish data protection commission fines Meta over 2021 data-scraping leak Full Text
Abstract
Irish data protection commission (DPC) fined Meta for not protecting Facebook's users' data from scraping. Meta has been fined €265 million ($275.5 million) by the Irish data protection commission (DPC) for the data leak suffered by Facebook...Security Affairs
November 29, 2022 – Solution
Microsoft Defender boosts default protection for all enterprise users Full Text
Abstract
Microsoft announced that built-in protection is generally available for all devices onboarded to Defender for Endpoint, the company's endpoint security platform.BleepingComputer
November 29, 2022 – Breach
Indiana Health Entity Reports Breach Involving Tracking Code Full Text
Abstract
Community Health Network on November 18 reported to the U.S. Department of Health and Human Services an unauthorized access/disclosure breach affecting 1.5 million individuals involving the use of website tracking code.Bank Info Security
November 29, 2022 – Government
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities ( KEV ) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587 , carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. Successful exploitation of the remote command execution bug could enable an unauthenticated attacker with network access to completely compromise and take over Access Manager instances. "It may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim's server," Vietnamese security researcher Nguyen Jang ( Janggggg ), who reported the bug alongside peterjson , noted earlier this March. The issue was addressed by Oracle as part of its Critical Patch Update in January 2022. Additional details regarding the natuThe Hacker News
November 29, 2022 https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html
Greater Toronto School Offline Following ‘Cyber Incident’ Full Text
Abstract
A cyber incident at a school district serving Toronto's outer suburbs disabled online learning for thousands of students and plunged school administration into a mainly pre-digital era.Bank Info Security
November 29, 2022 – Ransomware
How WannaCry Shapes Cybersecurity Today Full Text
Abstract
What set WannaCry apart, however, was its use of the SMB vulnerability to replicate itself across multiple network-connected devices. This exploit effort — known as EternalBlue — took WannaCry from mildly annoying to massively problematic.Security Intelligence
November 29, 2022 – Criminals
North Carolina College Confirms Ransomware Group Stole Sensitive Data Full Text
Abstract
A spokesperson for the college said the attack occurred in October and law enforcement was immediately notified. The school disconnected its systems and hired outside security experts to help restore systems and investigate the incident.The Record
November 29, 2022 – General
Blockchain didn’t end spam in India, regulator now trying AI Full Text
Abstract
The Telecom Regulatory Authority of India (TRAI) has announced a fresh crackdown on TXT spam – this time using artificial intelligence, after a previous blockchain-powered effort delivered mixed results.The Register
November 28, 2022 – Vulnerabilities
Acer fixes UEFI bugs that can be used to disable Secure Boot Full Text
Abstract
Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot security feature.BleepingComputer
November 28, 2022 – Vulnerabilities
Hackers Exploit RCE Vulnerability in Windows Internet Key Exchange Full Text
Abstract
Security company Cyfirma outlined a series of exploits in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions for CVE-2022-34721. The critical bug may have been exploited to target almost 1000 systems. Microsoft added that IKEv2 is not impacted, however, all Windows Servers a ... Read MoreCyware Alerts - Hacker News
November 28, 2022 – Vulnerabilities
Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services Full Text
Abstract
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem , a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported by Datadog to AWS on September 1, 2022, following which a patch was shipped on September 6. "This attack abuses the AppSync service to assume [identity and access management] roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week. In a coordinated disclosure, Amazon said that no customers were affected by the vulnerability and that no customer action is required. It described it as a "case-sensitivity parsing issue wThe Hacker News
November 28, 2022 – Vulnerabilities
A flaw in some Acer laptops can be used to bypass security features Full Text
Abstract
ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow...Security Affairs
November 28, 2022 – Malware
Malicious Android app found powering account creation service Full Text
Abstract
A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and FacebookBleepingComputer
November 28, 2022 – Attack
RansomBoggs Attacks in Ukraine Linked To Russian Hackers Full Text
Abstract
ESET researchers connected the Russian Sandworm APT group to a new ransomware, dubbed RansomBoggs, that has been targeting Ukrainian entities. Sandworm’s linkage with the new RansomBoggs indicates that the group is actively enhancing its toolset to make its attacks efficient.Cyware Alerts - Hacker News
November 28, 2022 – Education
The 5 Cornerstones for an Effective Cyber Security Awareness Training Full Text
Abstract
It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information. The hard news: they're often successful, have a long-lasting negative impact on your organization and employees, including: Loss of Money Reputation damage Loss of Intellectual property Disruptions to operational activities Negative effect on company culture The harder news: These often could have been easily avoided. Phishing, educating your employees, and creating a cyber awareness culture? These are topics we're sensitive to and well-versed in. So, how can you effectively protect your organization against phishing attempts? These best practices will help transform your employees' behavior and build organizational resilience to phishing attacks. Source: APWG Plan for total workforcThe Hacker News
November 28, 2022 – Vulnerabilities
Experts found a vulnerability in AWS AppSync Full Text
Abstract
Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have...Security Affairs
November 28, 2022 – Vulnerabilities
TikTok ‘Invisible Body’ challenge exploited to push malware Full Text
Abstract
Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets.BleepingComputer
November 28, 2022 – Phishing
FC Barcelona’s Website Used by Scammers for Fraud Full Text
Abstract
According to Adex, the threat actors used the club website to increase traffic to a likely fraudulent online gaming website. FC Barcelona’s website is visited monthly by 5.4 million people and ranks among the most visited football clubs.Heimdal Security
November 28, 2022 – Vulnerabilities
Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks Full Text
Abstract
Over a dozen security flaws have been discovered in baseboard management controller ( BMC ) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip (SoC), that's found in server motherboards and is used for remote monitoring and management of a host system, including performing low-level system operations such as firmware flashing and power control. Nozomi Networks, which analyzed an Intelligent Platform Management Interface ( IPMC ) from Taiwanese vendor Lanner Electronics, said it uncovered 13 weaknesses affecting IAC-AST2500 . All the issues affect version 1.10.0 of the standard firmware, with the exception of CVE-2021-4228, which impacts version 1.00.0. Four of the flaws (from CVE-2021-26727 to CVE-2021-26730) are rated 10 out of 10 on the CVSS scoring system. In particular, the industrial security company found that CVE-2021-44467, an acThe Hacker News
November 28, 2022 – Ransomware
RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia Full Text
Abstract
Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian...Security Affairs
November 28, 2022 – General
Cyber Monday deal: Get 50% off Malwarebytes Premium, Privacy VPN Full Text
Abstract
Malwarebytes' Cyber Monday deal is now live, offering a 50% discount on the Malwarebytes Premium antivirus + Malwarebytes Privacy VPN bundle until November 28th.BleepingComputer
November 28, 2022 – Hacker
Russian Hacker Groups Xenotime and Kamacite Target Dutch LNG Terminal Full Text
Abstract
Russian hackers have been doing “exploratory research” into the systems of the Dutch LNG terminals, trying to find ways into the systems, American cybersecurity company Dragos has reported.Yahoo Finance
November 28, 2022 – Encryption
Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages Full Text
Abstract
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption ( E2EE ) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. The company's plans for encrypted messages first came to light in mid-November 2022, when mobile researcher Jane Manchun Wong spotted source code changes in Twitter's Android app referencing conversation keys for E2EE chats. It's worth noting that various other messaging platforms, such as Signal, Threema, WhatsApp, iMessage, Wire, Tox, and Keybase, already support encryption for messages. Google, which previously turned on E2EE for one-to-one chats in its RCS-based Messages app for Android, is currently piloting the same option for group chats. Facebook, likewise, began enabling E2EE on MessengThe Hacker News
November 28, 2022 – Policy and Law
Meta fined €265M for not protecting Facebook users’ data from scrapers Full Text
Abstract
Meta has been fined €265 million ($275.5 million) by the Irish data protection commission (DPC) for a massive 2021 Facebook data leak exposing the information of hundreds of million users worldwide.BleepingComputer
November 28, 2022 – Vulnerabilities
Cisco ISE Vulnerabilities Can Be Chained in One-Click Exploit Full Text
Abstract
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow remote attackers to inject arbitrary commands, bypass existing security protections, or perform cross-site scripting (XSS) attacks.Security Week
November 28, 2022 – General
The Cyber Monday 2022 Security, IT, VPN, & Antivirus Deals Full Text
Abstract
Cyber Monday is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software.BleepingComputer
November 28, 2022 – Government
US effectively bans imports of Chinese telecoms products Full Text
Abstract
The US Federal Communications Commission (FCC) has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds.The Register
November 28, 2022 – Government
US bans sales of Huawei, Hikvision, ZTE, and Dahua equipment Full Text
Abstract
The United States government, through the Federal Communications Commission (FCC), has banned the sale of equipment from Chinese telecommunications and video surveillance vendor Huawei, ZTE, Hytera, Hikvision, and Dahua due "unacceptable risks to national security".BleepingComputer
November 28, 2022 – Government
Census Bureau disputes Inspector General claim that hacking team gained unauthorized access Full Text
Abstract
The U.S. Census Bureau disputed a report from the Office of Inspector General (OIG) that found the organization vulnerable to cyberattacks, claiming that they knowingly allowed a “red team” of hired hackers to access their systems.The Record
November 27, 2022 – Breach
5.4 million Twitter users’ stolen data leaked online — more shared privately Full Text
Abstract
Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum. Another massive, potentially more significant, data dump of millions of Twitter records has also been disclosed by a security researcher.BleepingComputer
November 27, 2022 – Botnet
Black Basta and Qakbot Join Hands to Attack U.S. Companies Full Text
Abstract
Cybereason researchers identified widespread Qakbot (QBot or Pinkslipbot) campaigns targeting U.S.-based companies. The Black Basta ransomware gang is behind these recent campaigns.Cyware Alerts - Hacker News
November 27, 2022 – General
Security Affairs newsletter Round 395 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Data...Security Affairs
November 27, 2022 – General
SocGholish Attacks Remain a Real Threat Full Text
Abstract
In a recent finding shared by Proofpoint, SocGholish was injected into nearly 300 websites to target users worldwide. The targeted countries included Poland, Italy, France, Iran, Spain, Germany, the U.S., and the U.K.Cyware Alerts - Hacker News
November 27, 2022 – Government
US FCC bans the import of electronic equipment from Chinese firms Full Text
Abstract
The U.S. Federal Communications Commission announced it will completely ban the import of electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua. The U.S. Federal Communications Commission (FCC) announced the total ban for telecom and surveillance...Security Affairs
November 27, 2022 – Hacker
Abandoned Boa Servers Abused by Chinese Attackers to Target Critical Industries Full Text
Abstract
Boa web server was discontinued in 2005, however, different vendors still implement it across a variety of IoT devices ranging from routers to cameras and popular SDKs.Cyware Alerts - Hacker News
November 26, 2022 – Botnet
All You Need to Know About Emotet in 2022 Full Text
Abstract
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. The victim can be anyone from corporate to private users exposed to spam email campaigns. The botnet distributes through phishing containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL downloads and then loads into memory. It searches for email addresses and steals them for spam campaigns. Moreover, the botnet drops additional payloads, such as Cobalt Strike or other attacks that lead to ransomware. The polymorphic nature of Emotet, along with the many modules it includes, makes the malware challenging to identify. The EmotetThe Hacker News
November 26, 2022 – Criminals
Ransomware gang targets Belgian municipality, hits police instead Full Text
Abstract
The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium.BleepingComputer
November 26, 2022 – Breach
Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches Full Text
Abstract
The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained...Security Affairs
November 26, 2022 – Government
U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk Full Text
Abstract
The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. "The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here," FCC Chairwoman Jessica Rosenworcel said in a Friday order. "These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications." Pursuant to the ban, Hytera, Hikvision, and Dahua are required to document the safeguards the firms are putting in place on the sale of their devices for government use and surveillance of critical iThe Hacker News
November 26, 2022 – Vulnerabilities
Devices from Dell, HP, and Lenovo used outdated OpenSSL versions Full Text
Abstract
Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic...Security Affairs
November 26, 2022 – Ransomware
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations Full Text
Abstract
Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs , said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm," the company said in a series of tweets Friday. The development comes as the Sandworm actor, tracked by Microsoft as Iridium, was implicated for a set of attacks aimed at transportation and logistics sectors in Ukraine and Poland with another ransomware strain called Prestige in October 2022. The RansomBoggs activity is said to employ a PowerShell script to distribute the ransomware, with the latter "almost identical" to the one used in the Industroyer2 malware attacks that came to light in April. According toThe Hacker News
November 25, 2022 – Attack
New ransomware attacks in Ukraine linked to Russian Sandworm hackers Full Text
Abstract
New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group known as Sandworm.BleepingComputer
November 25, 2022 – Breach
Mobile Numbers of 487 Million WhatsApp Users Available for Sale on Hacking Forum Full Text
Abstract
On November 16, a sales ad was found on a notorious hacking community forum where the threat actor claimed they had fresh data, not older than 2022, from millions of people around the globe.Heimdal Security
November 25, 2022 – Attack
Vice Society ransomware claims attack on Cincinnati State college Full Text
Abstract
The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack.BleepingComputer
November 25, 2022 – Breach
OSSTF Victim of Ransomware Attack, Notifies Members of Personal Data Compromised Full Text
Abstract
The Ontario Secondary School Teachers’ Federation says it discovered in late May that an “unauthorized third party” accessed and encrypted its systems between May 25 and 30.The Peterborough Examiner
November 25, 2022 – Vulnerabilities
Google fixed the eighth actively exploited #Chrome #zeroday this year Full Text
Abstract
Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop version of the Chrome web browser to address...Security Affairs
November 25, 2022 – Vulnerabilities
Google pushes emergency Chrome update to fix 8th zero-day in 2022 Full Text
Abstract
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.BleepingComputer
November 25, 2022 – Hacker
Bahamut Cyber Mercenary Group Targets Android Users with Fake VPN Apps Full Text
Abstract
A hacking-for-hire group is distributing malicious apps through a fake SecureVPN website that enables Android apps to be downloaded from Google Play, say researchers at Eset.ESET Security
November 25, 2022 – Vulnerabilities
Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw Full Text
Abstract
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135 , the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be weaponized by threat actors to crash a program or execute arbitrary code, leading to unintended behavior. According to the NIST's National Vulnerability Database, the flaw could permit a "remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." "Google is aware that an exploit for CVE-2022-4135 exists in the wild," the tech giant acknowledged in an advisory. But like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and tThe Hacker News
November 25, 2022 – Breach
Experts investigate WhatsApp data leak: 500M user records for sale Full Text
Abstract
Cybernews investigated a data sample available for sale containing up-to-date mobile phone numbers of nearly 500 million WhatsApp users. Original post published by Cybernews: https://cybernews.com/news/whatsapp-data-leak/ On November 16, an actor...Security Affairs
November 25, 2022 – General
The Ukraine conflict has exposed the limits of cyber warfare Full Text
Abstract
Security analysts have offered an array of explanations for Russia’s cyber limitations. They range from upgrades to Ukraine’s defenses to changes in the Kremlin’s tactics.The Next Web
November 25, 2022 – Vulnerabilities
Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions Full Text
Abstract
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka EDK , is an open source implementation of the Unified Extensible Firmware Interface ( UEFI ), which functions as an interface between the operating system and the firmware embedded in the device's hardware. The firmware development environment, which is in its second iteration (EDK II), comes with its own cryptographic package called CryptoPkg that, in turn, makes use of services from the OpenSSL project. Per firmware security company Binarly, the firmware image associated with Lenovo Thinkpad enterprise devices was found to use three different versions of OpenSSL: 0.9.8zb, 1.0.0a, and 1.0.2j, the last of which was released in 2018. What's more, one of the firmware modules named InfineonTpmUpdateDxe relied on OpenSSL version 0.9.8zb that was shipped on AuThe Hacker News
November 25, 2022 – Criminals
An international police operation dismantled the spoofing service iSpoof Full Text
Abstract
An international law enforcement operation has dismantled an online phone number spoofing service called iSpoof. An international law enforcement operation that was conducted by authorities in Europe, Australia, the United States, Ukraine, and Canada,...Security Affairs
November 25, 2022 – Criminals
U.K. Police Arrest 142 in Global Crackdown on ‘iSpoof’ Phone Spoofing Service Full Text
Abstract
A coordinated law enforcement effort has dismantled an online phone number spoofing service called iSpoof and arrested 142 individuals linked to the operation. The websites, ispoof[.]me and ispoof[.]cc, allowed the crooks to "impersonate trusted corporations or contacts to access sensitive information from victims," Europol said in a press statement. Worldwide losses exceeded €115 million ($ 119.8 million), with over 200,000 potential victims believed to have been directly targeted through iSpoof in the U.K. alone, the Metropolitan Police noted . Among the 142 people arrested is the administrator of the website, who was apprehended in the U.K. on November 6, 2022. The website and its server were subsequently seized and taken offline two days later by Ukrainian and U.S. agencies. Per the National Police Corps, the helpdesk fraud allowed registered subscribers on the online portal to mask their phone numbers and make calls impersonating banks, retail companies, anThe Hacker News
November 25, 2022 – Government
UK urges to disconnect Chinese security cameras in government buildings Full Text
Abstract
The British government banned the installation of Chinese-linked security cameras at sensitive facilities due to security risks. Reuters reports that the British government ordered its departments to stop installing Chinese security cameras at sensitive...Security Affairs
November 25, 2022 – Criminals
Interpol Seized $130 Million from Cybercriminals in Global “HAECHI-III” Crackdown Operation Full Text
Abstract
Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III , transpired between June 28 and November 23, 2022, resulting in the arrests of 975 individuals and the closure of more than 1,600 cases. This comprised two fugitives wanted by South Korea for their supposed involvement in a Ponzi scheme to embezzle €28 million from 2,000 victims. Another instance pertained to a call center scam based out of India, wherein a group of criminals impersonated Interpol and Europol officers to trick victims in Austria into transferring funds. The call centers operated from New Delhi and Noida. The illegal activity informed the victims that their "identities were stolen and crime pertaining to narcotics drugs were committed in their names," forcing them to make a money transfer. "In order to clear themselveThe Hacker News
November 24, 2022 – Malware
Docker Hub repositories hide over 1,650 malicious containers Full Text
Abstract
Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors.BleepingComputer
November 24, 2022 – Ransomware
Yanluowang Ransomware: The Hunter Becomes the Hunted Full Text
Abstract
Trellix researchers analyzed thousands of leaked internal messages related to the Yanluowang group and revealed the group's inner workings, victims, and possible collaboration with other Russian ransomware groups.Cyware Alerts - Hacker News
November 24, 2022 – Ransomware
New RansomExx Ransomware Variant Rewritten in the Rust Programming Language Full Text
Abstract
The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat , Hive , and Luna . The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will be released in the future. RansomExx, also known as Defray777 and Ransom X, is a ransomware family that's known to be active since 2018. It has since been linked to a number of attacks on government agencies, manufacturers, and other high-profile entities like Embraer and GIGABYTE. "Malware written in Rust often benefits from lower [antivirus] detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language," IBM Security X-Force researcher Charlotte Hammond said in a report published this week.The Hacker News
November 24, 2022 – Ransomware
RansomExx Ransomware upgrades to Rust programming language Full Text
Abstract
RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language. The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware,...Security Affairs
November 24, 2022 – Criminals
Interpol seized $130 million from cybercriminals worldwide Full Text
Abstract
INTERPOL has announced the seizure of $130,000,000 million worth of money and virtual assets linked to various cybercrimes and money laundering operations.BleepingComputer
November 24, 2022 – Cryptocurrency
ViperSoftX Drops VenomSoftX Chrome Extension to Steal Cryptocurrency Full Text
Abstract
To steal crypto assets, VenomSoftX tries to tamper with API requests that sites use for several actions such as money withdrawal or sending security codes.Cyware Alerts - Hacker News
November 24, 2022 – Vulnerabilities
Millions of Android Devices Still Don’t Have Patches for Mali GPU Flaws Full Text
Abstract
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022. "These fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo, and others)," Project Zero researcher Ian Beer said in a report. "Devices with a Mali GPU are currently vulnerable." The vulnerabilities, collectively tracked under the identifiers CVE-2022-33917 (CVSS score: 5.5) and CVE-2022-36449 (CVSS score: 6.5), concern a case of improper memory processing, thereby allowing a non-privileged user to gain access to freed memory. The second flaw, CVE-2022-36449, can be further weaponized to write outside of buffer bounds and disclose details of memory mappings, according to an advisory issued by Arm. The lisThe Hacker News
November 24, 2022 – Attack
An aggressive malware campaign targets US-based companies with Qakbot to deliver Black Basta Ransomware Full Text
Abstract
Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive...Security Affairs
November 24, 2022 – Malware
Hackers modify popular OpenVPN Android app to include spyware Full Text
Abstract
A threat actor associated with cyberespionage operations since at least 2017 has been luring victims with fake VPN software for Android that is a trojanized version of legitimate software SoftVPN and OpenVPN.BleepingComputer
November 24, 2022 – Hacker
Ducktail Group Brings New Arsenal and Evasion Tactics to Uplift Its Attack Game Full Text
Abstract
WithSecure researchers have published an advisory about new developments of the Ducktail infostealer. The recent campaigns feature new tricks to spear-phish targets via WhatsApp.Cyware Alerts - Hacker News
November 24, 2022 – General
Boost Your Security with Europe’s Leading Bug Bounty Platform Full Text
Abstract
As 2022 comes to an end, now's the time to level up your bug bounty program with Intigriti. Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global community of ethical hackers are enabling businesses to protect themselves against every emerging cybersecurity threat. Join the likes of Intel, Yahoo, and Sixt who levelled up their security with Intigriti to enjoy higher quality bug bounty reports, faster lead times, and an intuitive platform. Our expert triage team, renowned community management, and impact-focused customer support are enabling businesses to protect themselves against emerging cybersecurity threats. Build a better bug bounty program Intigriti is more than a bug bounty platform. Our managed security service takes the pain out of vulnerability disclosure and uses our active hacking community to suit your exact security needs. Moving bug bounties can feel liThe Hacker News
November 24, 2022 – Hacker
Threat actors exploit discontinues Boa web servers to target critical infrastructure Full Text
Abstract
Microsoft reported that hackers have exploited flaws in a now-discontinued web server called Boa in attacks against critical industries. Microsoft experts believe that threat actors behind a malicious campaign aimed at Indian critical infrastructure...Security Affairs
November 24, 2022 – Criminals
U.S. govt seizes domains used in ‘pig butchering’ scams Full Text
Abstract
For the first time, the U.S. Department of Justice seized seven domains that hosted websites linked to "pig butchering" scams, where fraudsters trick victims of romance scams into investing in cryptocurrency via fake investment platforms.BleepingComputer
November 24, 2022 – Ransomware
WannaRen Returns as Life Ransomware, Targets India Full Text
Abstract
Unlike its previous version, this new variant dubbed Life ransomware uses a batch file to download and execute WINWORD.exe to perform DLL side-loading and load the ransomware in memory.Trend Micro
November 24, 2022 – Hacker
Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps Full Text
Abstract
The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new report shared with The Hacker News. At least eight different variants of the spyware apps have been discovered to date, with them being trojanized versions of legitimate VPN apps like SoftVPN and OpenVPN . The tampered apps and their updates are pushed to users through the fraudulent website. It's also suspected that the targets are carefully selected, since launching the app requires the victim to enter an activation key to enable the features. This implies the use of an undetermined distribution vector, although past evidence shows that it could take the form of spear-phishing emThe Hacker News
November 24, 2022 – Criminals
‘iSpoof’ service dismantled, main operator and 145 users arrested Full Text
Abstract
The 'iSpoof' online spoofing service has been dismantled following an international law enforcement investigation that also led to the arrest of 146 people, including the suspected mastermind of the operation.BleepingComputer
November 24, 2022 – Outage
India: Ransomware attack cripples AIIMS Delhi services Full Text
Abstract
The National Informatics Centre (NIC) at AIIMS Delhi on Wednesday said that a ransomware attack affected the hospital server due to which day-to-day activities including OPD registrations and blood sample reports remained halted.The Indian Express
November 24, 2022 – Malware
This Android File Manager App Infected Thousands of Devices with SharkBot Malware Full Text
Abstract
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week. SharkBot, first discovered towards the end of 2021 by Cleafy, is a recurring mobile threat distributed both on the Google Play Store and other third-party app stores. One of the trojan's primary goals is to initiate money transfers from compromised devices via a technique called "Automatic Transfer System" ( ATS ), in which a transaction triggered via a banking app is intercepted to swap the payee account with an actor-controlled account in the background. It's also capable of serving a fake login overlay when users attempt to open legitimate banking apps, stealing the credentials in the proceThe Hacker News
November 24, 2022 – Breach
Medical Software Firm Exposes Vulnerable Children’s Sensitive Data Full Text
Abstract
Researchers reviewed a sample of 1,000 records to determine who owned the data and informed them about the exposed database. As per their findings, each record they reviewed had some form of PII related to children.Hackread
November 24, 2022 – Criminals
Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware Full Text
Abstract
Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and Danielle Frankel said in a report shared with The Hacker News. Black Basta, which emerged in April 2022, follows the tried-and-tested approach of double extortion to steal sensitive data from targeted companies and use it as leverage to extort cryptocurrency payments by threatening to release the stolen information. This is not the first time the ransomware crew has been observed using Qakbot (aka QBot, QuackBot, or Pinkslipbot). Last month, Trend Micro disclosed similar attacks that entailed the use of Qakbot to deliver the Brute Ratel C4 framework, which, in turn, wThe Hacker News
November 24, 2022 – Vulnerabilities
A flaw in ConnectWise Control spurred the company to make life harder for scammers Full Text
Abstract
A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, Guardio researchers have discovered.Help Net Security
November 23, 2022 – General
NordVPN Black Friday deal: Up to 68% off a 27-month VPN subscription Full Text
Abstract
NordVPN's Black Friday deal is live with up to 68% off and 3 extra months for free on 1-year or 2-year subscriptions to the NordVPN VPN service.BleepingComputer
November 23, 2022 – General
Get 50% off Emsisoft Anti-Malware Home through Cyber Monday Full Text
Abstract
Emsisoft's Black Friday through Cyber Monday deal is now live with 50% off Emsisoft Anti-Malware Home 1-year licenses for 1, 3, or 5 devices.BleepingComputer
November 23, 2022 – Ransomware
RansomExx Ransomware Upgraded in Rust Full Text
Abstract
RansomExx is a ransomware that emerged first in 2018 under the name Defray. Since then, the malware has undergone multiple changes, with the latest updates being added in Rust language.Cyware Alerts - Hacker News
November 23, 2022 – Criminals
34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware Full Text
Abstract
As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised card details is estimated around $5.8 million," Singapore-headquartered Group-IB said in a report shared with The Hacker News. Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards. A majority of the victims are located in the U.S., followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, 890,000 devices in 111 countries were infected during the time frame. Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, aThe Hacker News
November 23, 2022 – Denial Of Service
Pro-Russian group Killnet claims responsibility for DDoS attack that has taken down the European Parliament site Full Text
Abstract
Pro-Russian hacker collective Killnet took down the European Parliament website with a DDoS cyberattack. The Pro-Russia group of hacktivists Killnet claimed responsibility for the DDoS attack that today took down the website of the European Parliament...Security Affairs
November 23, 2022 – Government
Meta links U.S. military with covert Facebook influence operation Full Text
Abstract
Meta has removed several accounts on Facebook and Instagram associated with the U.S. military, saying they were used as part of covert influence operations targeting the Middle East and Russia.BleepingComputer
November 23, 2022 – Breach
Personal data of nearly 4,000 people leaked in hack of Radio Free Asia Full Text
Abstract
Radio Free Asia, a U.S. government-sponsored news outlet, announced a breach this week that affected almost 4,000 people – leaking troves of personal information including Social Security and passport numbers, as well as financial data.The Record
November 23, 2022 – Malware
Ducktail Malware Operation Evolves with New Malicious Capabilities Full Text
Abstract
The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account," WithSecure researcher Mohammad Kazem Hassan Nejad said in a new analysis. "The operation ultimately hijacks Facebook Business accounts to which the victim has sufficient access. The threat actor uses their gained access to run ads for monetary gain." Attributed to a Vietnamese threat actor, the Ducktail campaign is designed to target businesses in the digital marketing and advertising sectors which are active on the Facebook Ads and Business platform. Also targeted are individuals within prospective companies that are likely to have high-level access to Facebook Business accounts. This includesThe Hacker News
November 23, 2022 – Malware
Ducktail information stealer continues to evolve Full Text
Abstract
The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn. In late July 2022, researchers from WithSecure (formerly F-Secure Business) discovered an ongoing operation, named DUCKTAIL, that...Security Affairs
November 23, 2022 – Phishing
Fake MSI Afterburner targets Windows gamers with miners, info-stealers Full Text
Abstract
Windows gamers and power users are being targeted by fake MSI Afterburner download portals to infect users with cryptocurrency miners and the RedLine information-stealing malware.BleepingComputer
November 23, 2022 – Ransomware
Donut Leaks Now Targets Victims With Its Own Custom Ransomware Tool Full Text
Abstract
BleepingComputer researchers have found new samples of an encryptor for Donut ransomware and confirmed that it is using its own customized ransomware in recent attacks.Cyware Alerts - Hacker News
November 23, 2022 – General
Top Cyber Threats Facing E-Commerce Sites This Holiday Season Full Text
Abstract
Delivering a superior customer experience is essential for any e-commerce business. For those companies, there's a lot at stake this holiday season. According to Digital Commerce 360, nearly $1.00 of every $4.00 spent on retail purchases during the 2022 holiday season will be spent online, resulting in $224 billion in e-commerce sales. To ensure your e-commerce site is ready for the holiday rush, it's vital to ensure it is secure. While safety and security are top priorities for businesses of all sizes, it is essential for those who operate in the e-commerce space. To deliver the experience customers crave, many websites embed third-party solutions at every stage of the customer journey. In fact, for certain e-commerce businesses, their suite of third-party plugins is how they create and sustain a competitive advantage. Yet many e-commerce sites are inherently insecure and vulnerable to attack due to their reliance on untrustworthy third-party solutions. Consequently, cliThe Hacker News
November 23, 2022 – Privacy
Experts claim that iPhone’s analytics data is not anonymous Full Text
Abstract
Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory...Security Affairs
November 23, 2022 – Denial Of Service
Pro-Russian hacktivists take down EU Parliament site in DDoS attack Full Text
Abstract
The website of the European Parliament has been taken down following a DDoS (Distributed Denial of Service) attack claimed by Anonymous Russia, part of the pro-Russian hacktivist group Killnet.BleepingComputer
November 23, 2022 – Attack
Russian hackers Killnet launch multiple attacks on UK websites Full Text
Abstract
A Russian hacking outfit has claimed to have taken down the website of the Prince of Wales over the UK's continued support for Ukraine. Killnet said it had launched the attack "due to the supply of high-precision missiles to Ukraine".Express
November 23, 2022 – Hacker
Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries Full Text
Abstract
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa . The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The findings build on a prior report published by Recorded Future in April 2022, which delved into a sustained campaign orchestrated by suspected China-linked adversaries to strike critical infrastructure organizations in India. The cybersecurity firm attributed the attacks to a previously undocumented threat cluster called Threat Activity Group 38. While the Indian government described the attacks as unsuccessful "probing attempts," China denied it was behind the campaign. The connections to China stem from the use of a modular backdoor dubbed ShadowPad , which is known to be shared among severalThe Hacker News
November 23, 2022 – Vulnerabilities
Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966 Full Text
Abstract
Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that...Security Affairs
November 23, 2022 – General
The Black Friday 2022 Security, IT, VPN, & Antivirus Deals Full Text
Abstract
Black Friday is almost here, and great deals are already live today for computer security, software, online courses, system admin services, antivirus, and VPN software.BleepingComputer
November 23, 2022 – Business
Google Strikes Back On Misuse of Cobalt Strike - YARA Rules Released Full Text
Abstract
Google Cloud team identified 34 different hacked releases of Cobalt Strike in the wild. Researchers have found the versions of Cobalt Strike JAR files starting with 1.44 (circa 2012) up to the latest version, 4.7.2.Cyware Alerts - Hacker News
November 23, 2022 – Business
Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-U.S. Influence Operation Full Text
Abstract
Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which originated from the U.S., primarily singled out Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan, Russia, Somalia, Syria, Tajikistan, Uzbekistan, and Yemen. The social media giant stated the individuals behind the activity impersonated the communities they targeted, propagating content in Arabic, Farsi, and Russian that floated themes of increased military cooperation with the U.S., and criticized Iran, China, and Russia. These narratives spanned "Russia's invasion of Ukraine, China's treatment of the Uyghur people, Iran's influence in the Middle East, and the support of the Taliban regime in Afghanistan by Russia and China," Meta said in its Quarterly AdversariaThe Hacker News
November 23, 2022 – Criminals
Exclusive – Quantum Locker lands in the Cloud Full Text
Abstract
The gang behind Quantum Locker used a particular modus operandi to target large enterprises relying on cloud services in the NACE region. Executive Summary Quantum Locker gang demonstrated capabilities to operate ransomware extortion even on cloud...Security Affairs
November 23, 2022 – Vulnerabilities
Mali GPU ‘patch gap’ leaves Android users vulnerable to attacks Full Text
Abstract
A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks.BleepingComputer
November 23, 2022 – Ransomware
RansomExx Upgrades to Rust Full Text
Abstract
RansomExx2 has been completely rewritten using Rust, but otherwise, its functionality is similar to its C++ predecessor. It requires a list of target directories to encrypt to be passed as command line parameters and then encrypts files with AES-256.Security Intelligence
November 23, 2022 – Malware
Nighthawk Likely to Become Hackers’ New Post-Exploitation Tool After Cobalt Strike Full Text
Abstract
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 with a number of test emails sent using generic subject lines such as "Just checking in" and "Hope this works2." However, there are no indications that a leaked or cracked version of Nighthawk is being weaponized by threat actors in the wild, Proofpoint researcher Alexander Rausch said in a write-up. Nighthawk, launched in December 2021 by a company called MDSec, is analogous to its counterparts Cobalt Strike , Sliver , and Brute Ratel , offering a red team toolset for adversary threat simulation. It's licensed for £7,500 (or $10,000) per user for a year. "Nighthawk is the most advanced and evasive command-and-control framework available on the market," MDSec notes . "Nighthawk iThe Hacker News
November 23, 2022 – General
NordVPN Black Friday deal: Up to 63% off a 27-month VPN subscription Full Text
Abstract
NordVPN's Black Friday deal is live with up to 63% off and 3 extra months for free on 1-year or 2-year subscriptions to the NordVPN VPN service.BleepingComputer
November 23, 2022 – Outage
Ransomware Attack Locks Up City of Westmount Services and Takes Down Email System Full Text
Abstract
The nefarious LockBit 3.0 cybercriminal group is claiming responsibility for the ransomware attack that halted municipal services and shut down employee email accounts in Westmount, Quebec, giving the city a deadline of December 4 to pay the ransom.Bank Info Security
November 23, 2022 – Malware
Backdoored Chrome extension installed by 200,000 Roblox players Full Text
Abstract
Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform.BleepingComputer
November 23, 2022 – Vulnerabilities
Callback Technologies CBFS Filter denial-of-service vulnerabilities patched Full Text
Abstract
Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger these vulnerabilities.Cisco Talos
November 23, 2022 – Criminals
Russian cybergangs stole over 50 million passwords this year Full Text
Abstract
At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022.BleepingComputer
November 23, 2022 – Breach
Belarusian Hacktivist Group Claims to Breach Russia’s Internet and Media Regulator Full Text
Abstract
A unit of the Russian internet and media regulator Roskomnadzor confirmed Saturday that hackers had breached its systems after the Belarusian hacktivist group known as the Cyber Partisans claimed to attack the organization.The Record
November 23, 2022 – Phishing
Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts Full Text
Abstract
A cybercriminal operation tracked as Ducktail has been hijacking Facebook Business accounts causing losses of up to $600,000 in advertising credits.BleepingComputer
November 22, 2022 – Criminals
Donut extortion group also targets victims with ransomware Full Text
Abstract
The Donut (D0nut) extortion group has been confirmed to deploy ransomware in double-extortion attacks on the enterprise.BleepingComputer
November 22, 2022 – Botnet
Botnet Turned InfoStealer Aurora Gaining Traction Among Threat Actors Full Text
Abstract
Aurora is a Golang-based info-stealer, which runs several commands upon execution through WMIC to collect basic host information, snaps a desktop image, and exfiltrates data to the C2 server.Cyware Alerts - Hacker News
November 22, 2022 – Malware
This Malware Installs Malicious Browser Extensions to Steal Users’ Passwords and Cryptos Full Text
Abstract
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX . Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an adversary-in-the-middle (AiTM) attack. ViperSoftX, which first came to light in February 2020, was characterized by Fortinet as a JavaScript-based remote access trojan and cryptocurrency stealer. The malware's use of a browser extension to advance its information-gathering goals was documented by Sophos threat analyst Colin Cowie earlier this year. "This multi-stage stealer exhibits interesting hiding capabilities, concealed as small PowerShell scripts on a single line in the middle of otherwise innocent-looking large log files, among others," Avast researcher Jan Rubín saidThe Hacker News
November 22, 2022 – Vulnerabilities
5 API Vulnerabilities That Get Exploited by Criminals Full Text
Abstract
Let's give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). It’s no secret that cyber security has become a leading priority for most organizations — especially those...Security Affairs
November 22, 2022 – Breach
Hackers breach energy orgs via bugs in discontinued web server Full Text
Abstract
Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector.BleepingComputer
November 22, 2022 – Phishing
Attackers Impersonate Reputed Brands Ahead of Holiday Season Full Text
Abstract
Check Point researchers observed a malicious phishing email campaign designed to target users looking for the Black Friday sale. A massive surge in TrojanOrders attacks was also reported.Cyware Alerts - Hacker News
November 22, 2022 – Criminals
Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware Full Text
Abstract
A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts. "These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake cracked software download websites," cybersecurity firm SEKOIA said . First advertised on Russian cybercrime forums in April 2022, Aurora was offered as a commodity malware for other threat actors, describing it as a "multi-purpose botnet with stealing, downloading and remote access capabilities." In the intervening months, the malware has been scaled down to a stealer that can harvest files of interest, data from 40 cryptocurrency wallets, and applications like Telegram. Aurora also comes with a loader that can deploy a next-stage payloading using a PowerShell command.The Hacker News
November 22, 2022 – Vulnerabilities
Researcher warns that Cisco Secure Email Gateways can easily be circumvented Full Text
Abstract
A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco...Security Affairs
November 22, 2022 – Malware
Android file manager apps infect thousands with Sharkbot malware Full Text
Abstract
A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan.BleepingComputer
November 22, 2022 – Criminals
Vietnam-Based Ducktail Cybercrime Operation Evolving, Expanding Full Text
Abstract
The Ducktail information stealer has been updated with new capabilities and the threat actors that use it have been expanding their operation, according to WithSecure, formerly known as F-Secure Business.Security Week
November 22, 2022 – Education
Here’s How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers Full Text
Abstract
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to employer computer systems. With so many people shopping online, tracking shipments, and entering sensitive data across multiple websites, holiday hackers are primed and ready to attack your networks by taking advantage of your employees' online actions and cell phone usage. According to the FBI, the two most frequent types of holiday scams include non-delivery and non-payment crimes – when a consumer either pays for a product or service that is never delivered or products being shipped without the seller receiving payment. Cybercriminals are also keen on gift card fraud and auction fraud, aThe Hacker News
November 22, 2022 – Malware
Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem Full Text
Abstract
Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered...Security Affairs
November 22, 2022 – Vulnerabilities
BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks Full Text
Abstract
The firmware running on the affected card is based on BMC remote management firmware from AMI, which is used by tech giants such as Asus, Dell, HP, Lenovo, Gigabyte, and Nvidia.Security Week
November 22, 2022 – Criminals
Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns Full Text
Abstract
The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery ( TOAD ), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures. Palo Alto Networks Unit 42 said the attacks are the "product of a single highly organized campaign," adding, "this threat actor has significantly invested in call centers and infrastructure that's unique to each victim." The cybersecurity firm described the activity as a "pervasive multi-month campaign that is actively evolving." What's notable about callback phishing is that the email messages are completely devoid of any malicious attachment or booby-trapped link, allowing them to evade detection and slip past email protection solutions. These messages tyThe Hacker News
November 22, 2022 – Criminals
Two Estonian citizens arrested in $575M cryptocurrency fraud scheme Full Text
Abstract
Two Estonian citizens were arrested in Tallinn for allegedly running a $575 million cryptocurrency fraud scheme. Two Estonian nationals were arrested in Tallinn, Estonia, after being indicted in the US for running a fraudulent cryptocurrency Ponzi...Security Affairs
November 22, 2022 – Hacker
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice Full Text
Abstract
Proofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.Proof Point
November 22, 2022 – Cryptocurrency
U.S. Authorities Seize Domains Used in ‘Pig butchering’ Cryptocurrency Scams Full Text
Abstract
The U.S. Justice Department (DoJ) on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said. Pig butchering, also called Sha Zhu Pan, is a type of scam in which swindlers lure unsuspecting investors into sending their crypto assets. The criminals encounter potential victims on dating apps, social media sites, and SMS messages. These individuals initiate fake relationships in an attempt to build trust, only to trick them into making a cryptocurrency investment on a bogus platform. "Once the money is sent to the fake investment app, the scammer vanishes, taking all the money with them, often resulting in significant losses for the victim," the DoJ said. The seven seized portals all mimicked the Singapore International Monetary Exchange (SIMEX), the agency pointed out. But once tThe Hacker News
November 22, 2022 – Malware
Emotet is back and delivers payloads like IcedID and Bumblebee Full Text
Abstract
The Emotet malware is back and experts warn of a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. Proofpoint researchers warn of the return of the Emotet malware, in early November the experts observed a high-volume malspam...Security Affairs
November 22, 2022 – Phishing
Tesco Gift Card scam explained Full Text
Abstract
In this scam campaign, the scammers are trying to victimize visitors by claiming that they can receive a 100, 200, 400, or 500 dollar Tesco gift card by simply following some instructions which are given on the scam website.Cyberwarzone
November 22, 2022 – Policy and Law
33 Attorneys General Send Letter to FTC on Commercial Surveillance Rules Full Text
Abstract
Attorneys general in 33 US states are urging the Federal Trade Commission (FTC) to take into consideration consumer risks as it looks into creating rules to crack down on commercial surveillance.Security Week
November 22, 2022 – Government
How Xi Jinping leveled-up China’s hacking teams Full Text
Abstract
A year after coming to power in 2013, Xi began to prioritize cybersecurity as a matter of government policy, focusing the bureaucracy, universities, and security services on purposefully cultivating talent and funding cybersecurity research.CyberScoop
November 21, 2022 – General
Black Friday deal: Get 50% off Malwarebytes Premium, Privacy VPN Full Text
Abstract
Malwarebytes' Black Friday deal is now live, offering a 50% discount on the Malwarebytes Premium antivirus + Malwarebytes Privacy VPN bundle until November 28th.BleepingComputer
November 21, 2022 – Criminals
Two Estonians arrested for running $575M crypto Ponzi scheme Full Text
Abstract
Two Estonian nationals were arrested in Tallinn, Estonia, on Sunday after being indicted in the U.S. for running a massive cryptocurrency Ponzi scheme that led to losses of more than $575 million.BleepingComputer
November 21, 2022 – Phishing
Analysis of Luna Moth Callback Phishing Campaign Full Text
Abstract
In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer, to manually exfiltrate data to be used for extortion.Palo Alto Networks
November 21, 2022 – Criminals
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers’ and Employees’ Data Full Text
Abstract
The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net . The threat actors allegedly claim to have obtained the personal data associated with five million unique passengers and all of its employees. The samples uploaded to the leak site reveal passenger information and the booking IDs as well as personal data related to the company's staff. A spokesperson for the threat actor told DataBreaches.net that further attacks were not pursued owing to AirAsia's poor security measures and "the chaotic organization of the network." Daixin Team was recently the subject of an advisory from the U.S. cybersecurity and intelligence agencies, which warned of attacks mainly aimed at the healthcare sector. Other victims of the criminal group include FiThe Hacker News
November 21, 2022 – Vulnerabilities
Expert published PoC exploit code for macOS sandbox escape flaw Full Text
Abstract
A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Reguła (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC)...Security Affairs
November 21, 2022 – Malware
Aurora infostealer malware increasingly adopted by cybergangs Full Text
Abstract
Cybercriminals are increasingly turning to a new Go-based information stealer named 'Aurora' to steal sensitive information from browsers and cryptocurrency apps, exfiltrate data directly from disks, and load additional payloads.BleepingComputer
November 21, 2022 – Hacker
DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads Full Text
Abstract
DEV-0569 uses a malware downloader, BatLoader, that drops the next stage payloads (via PowerShell commands), including Royal ransomware and Cobalt Strike Beacon implant.Cyware Alerts - Hacker News
November 21, 2022 – Malware
Notorious Emotet Malware Returns With High-Volume Malspam Campaign Full Text
Abstract
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee . "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families." Among the primary countries targeted are the U.S., the U.K., Japan, Germany, Italy, France, Spain, Mexico, and Brazil. The Emotet-related activity was last observed in July 2022, although sporadic infections have been reported since then. In mid-October, ESET revealed that Emotet may be readying for a new wave of attacks, pointing out updates to its "systeminfo" module. The malware, which is attributed to a threat actor known as Mummy Spider (aka Gold Crestwood or TA542), staged a revival of sorts late last yeaThe Hacker News
November 21, 2022 – Policy and Law
Google won a lawsuit against the Glupteba botnet operators Full Text
Abstract
Google won a lawsuit filed against two Russian nationals involved in the operations of the Glupteba botnet. This week, Google announced it has won a nearly year-long legal battle against the Glupteba botnet. Glupteba is a highly sophisticated botnet...Security Affairs
November 21, 2022 – Hacker
Attackers bypass Coinbase and MetaMask 2FA via TeamViewer, fake support chat Full Text
Abstract
A crypto-stealing phishing campaign is underway to bypass multi-factor authentication and gain access to accounts on Coinbase, MetaMask, Crypto.com, and KuCoin and steal cryptocurrency.BleepingComputer
November 21, 2022 – Botnet
QBot Uses DLL Hijacking, Abuses Control Panel Executable In a Fresh Attack Wave Full Text
Abstract
The malware quietly runs in the background, steals emails for use in phishing attacks, and downloads additional post-exploitation toolkits such as Brute Ratel or Cobalt Strike.Cyware Alerts - Hacker News
November 21, 2022 – General
Been Doing It The Same Way For Years? Think Again. Full Text
Abstract
As IT professionals, we all reach a certain point in our IT career where we realize that some of our everyday tasks are done the same way year after year without anyone questioning why it's done that way. Despite the constant change and improvement in technology, some things just get done the same ineffective way without any real thought behind it because "that's the way it's always been done." A typical example: patching Month in, month out, a day comes along that is dedicated to patching. Patching may be more automated than before because you no longer need to log into each system to patch and reboot tediously. It's a step forward, but the patching process remains the same. Patching is disruptive, slow, error-prone, and rarely fast enough to keep up with new vulnerabilities. Why disruptive? We all know that every time a maintenance window comes along, Bob from accounting will remind everyone how "the company's IT is going to mess up our weekThe Hacker News
November 21, 2022 – Malware
Google provides rules to detect tens of cracked versions of Cobalt Strike Full Text
Abstract
Researchers at Google Cloud identified 34 different hacked release versions of the Cobalt Strike tool in the wild. Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine....Security Affairs
November 21, 2022 – Criminals
Hackers steal $300,000 in DraftKings credential stuffing attack Full Text
Abstract
Sports betting company DraftKings said today that it would make whole customers affected by a credential stuffing attack that led to losses of up to $300,000.BleepingComputer
November 21, 2022 – Phishing
Earth Preta Targets Multiple Sectors With Large-Scale Spear-Phishing Full Text
Abstract
According to Trend Micro researchers, Earth Preta is targeting government, academic, foundations, and research sectors in Myanmar, Australia, the Philippines, Japan, Taiwan, and other Asia Pacific countries.Cyware Alerts - Hacker News
November 21, 2022 – Botnet
Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet Full Text
Abstract
Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba , the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel. The defendants have also been asked to pay Google's attorney fees. The defendants' move to press sanctions against Google was denied. The development comes nearly a year after the tech giant took down the malware's command-and-control infrastructure and initiated legal proceedings against Dmitry Starovikov and Alexander Filippov , who are said to have been in charge of running the illegal botnet. The defendants, along with 15 others, have also been accused of using the malware to create a hacked network of devices to mine cryptocurrencies, harvest victims' personal and financial data, and place disruptive ads. Gluteba is distinguished from its botnet counterparts bThe Hacker News
November 21, 2022 – Ransomware
Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild Full Text
Abstract
Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt,...Security Affairs
November 21, 2022 – General
Black Friday deal: 50% off Malwarebytes Premium + Privacy VPN bundle Full Text
Abstract
Malwarebytes' Black Friday deal is now live, offering a 50% discount on the Malwarebytes Premium antivirus + Malwarebytes Privacy VPN bundle until November 28th.BleepingComputer
November 21, 2022 – Education
Microsoft outlines tactics to prevent attackers from dodging multi-factor authentication Full Text
Abstract
Microsoft has outlined several mitigations to protect against attacks on multi-factor authentication that will unfortunately make life more difficult for your remote workers.ZDNet
November 21, 2022 – Malware
Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild Full Text
Abstract
Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI) team. The latest version of Cobalt Strike is version 4.7.2. Cobalt Strike, developed by Fortra (née HelpSystems), is a popular adversarial framework used by red teams to simulate attack scenarios and test the resilience of their cyber defenses. It comprises a Team Server that acts as the command-and-control (C2) hub to remotely commandeer infected devices and a stager that's designed to deliver a next-stage payload called the Beacon, a fully-featured implant that reports back to the C2 server. Given its wide-ranging suite of features, unauthorized versions of the software have been increasingly weaponized by many a threat actor to advanceThe Hacker News
November 21, 2022 – Malware
Google Chrome extension used to steal cryptocurrency, passwords Full Text
Abstract
An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web.BleepingComputer
November 21, 2022 – Vulnerabilities
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability Full Text
Abstract
Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May.Security Week
November 21, 2022 – Solution
Google releases 165 YARA rules to detect Cobalt Strike attacks Full Text
Abstract
The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks.BleepingComputer
November 21, 2022 – Education
The pros and cons of using open-source Kubernetes security software Full Text
Abstract
In a survey by ARMO, 55% of respondents said they used at least some open-source tools to keep their Kubernetes clusters safe; this includes those who use purely open-source and those who mix open-source and proprietary solutions.Help Net Security
November 21, 2022 – Breach
Apps with over 3 million installs leak ‘Admin’ search API keys Full Text
Abstract
Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information.BleepingComputer
November 20, 2022 – Ransomware
New ransomware encrypts files, then steals your Discord account Full Text
Abstract
The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users.BleepingComputer
November 20, 2022 – General
Security Affairs newsletter Round 394 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. DEV-0569...Security Affairs
November 20, 2022 – Vulnerabilities
PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online Full Text
Abstract
Proof-of-concept exploit code for two actively exploited Microsoft Exchange ProxyNotShell flaws released online. Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell. The...Security Affairs
November 19, 2022 – Government
Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022 Full Text
Abstract
The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022 , as it's called, aims to secure personal data, while also seeking users' consent in what the draft claims is "clear and plain language" describing the exact kinds of information that will be collected and for what purpose. The draft is open for public consultation until December 17, 2022. India has over 760 million active internet users, necessitating that data generated and used by online platforms are subject to privacy rules to prevent abuse and increase accountability and trust. "The Bill will establish the comprehensive legal framework governing digital personal data protection in India," the government said . "The Bill provides for the processing of digital personal data in a manner that recognizes the right of inThe Hacker News
November 19, 2022 – Vulnerabilities
New attacks use Windows security bypass zero-day to drop malware Full Text
Abstract
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings.BleepingComputer
November 19, 2022 – Hacker
DEV-0569 group uses Google Ads to distribute Royal Ransomware Full Text
Abstract
Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569,...Security Affairs
November 19, 2022 – General
Black Friday and Cyber Monday, crooks are already at work Full Text
Abstract
Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema. Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday...Security Affairs
November 19, 2022 – Malware
New improved versions of LodaRAT spotted in the wild Full Text
Abstract
Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta. Researchers from Cisco Talos have monitored the LodaRAT malware over the course of 2022 and recently discovered...Security Affairs
November 19, 2022 – Criminals
Hive ransomware crooks extort $100m from 1,300 global orgs Full Text
Abstract
In a joint advisory with CISA and HHS, the FBI this week detailed Hive indicators of compromise and commonly used techniques and procedures that the Feds have observed as recently as this month.The Register
November 19, 2022 – Hacker
Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware Full Text
Abstract
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware . Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569 . "Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation," the Microsoft Security Threat Intelligence team said in an analysis. The threat actor is known to rely on malvertising to point unsuspecting victims to malware downloader links that pose as software installers for legitimate apps like Adobe Flash Player, AnyDesk, LogMeIn, Microsoft Teams, and Zoom. The malware downloader, a strain referred to as BATLOADER , is a dropper that functions as a conduit to distribute next-stage paThe Hacker News
November 19, 2022 – Breach
India’s securities depository CDSL says malware compromised its network Full Text
Abstract
CSDL said it continues to investigate, and that it has so far “no reason to believe that any confidential information or the investor data has been compromised” due to the incident.Tech Crunch
November 19, 2022 – Hacker
Chinese ‘Mustang Panda’ Hackers Actively Targeting Governments Worldwide Full Text
Abstract
A notorious advanced persistent threat actor known as Mustang Panda has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world. The primary targets of the intrusions from May to October 2022 included counties in the Asia Pacific region such as Myanmar, Australia, the Philippines, Japan, and Taiwan, cybersecurity firm Trend Micro said in a Friday report. Mustang Panda, also called Bronze President, Earth Preta, HoneyMyte, and Red Lich, is a China-based espionage actor believed to be active since at least July 2018. The group is known for its use of malware such as China Chopper and PlugX to collect data from compromised environments. Activities of the group chronicled by ESET , Google, Proofpoint , Cisco Talos , and Secureworks this year have revealed the threat actor's pattern of using PlugX (and its variant called Hodur) to infect a wide range of entities in Asia, Europe, the Middle East, and the AmeriThe Hacker News
November 19, 2022 – Vulnerabilities
Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products Full Text
Abstract
Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782 , are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, affects versions 7.0 to 7.21 and 8.0 to 8.4 (only if mesh.enabled is set to false in bitbucket.properties). The weakness has been described as a case of command injection using environment variables in the software, which could allow an adversary with permission to control their username to gain code execution on the affected system. As a temporary workaround, the company is recommending users turn off the "Public Signup" option (Administration > Authentication). "Disabling public signup would change the attack vector from an unauthenticated attack to an authenticatedThe Hacker News
November 18, 2022 – Ransomware
The Week in Ransomware - November 18th 2022 - Rising Operations Full Text
Abstract
There have been some interesting developments in ransomware this week, with the arrest of a cybercrime ring leader and reports shedding light on two new, but up-and-coming, ransomware operations.BleepingComputer
November 18, 2022 – Ransomware
Keeping Up With Ransomware Full Text
Abstract
The recent meeting of the International Counter Ransomware Initiative brought together representatives from over 30 countries and the private sector. It’s a good step in responding to different aspects of the ransomware threat, but the initiative seems to struggle to prevent future attacks.Lawfare
November 18, 2022 – Vulnerabilities
Atlassian fixed 2 critical flaws in Crowd and Bitbucket products Full Text
Abstract
Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates to address critical-severity vulnerabilities in its identity management platform, Crowd...Security Affairs
November 18, 2022 – Vulnerabilities
Exploit released for actively abused ProxyNotShell Exchange bug Full Text
Abstract
Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.BleepingComputer
November 18, 2022 – Ransomware
Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies Full Text
Abstract
Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022. The threat actors behind the Hive ransomware-as-a-service (RaaS) have extorted $100 million in ransom payments from...Security Affairs
November 18, 2022 – Ransomware
Researchers secretly helped decrypt Zeppelin ransomware for 2 years Full Text
Abstract
Security researchers found vulnerabilities in the encryption mechanism of the Zeppelin ransomware and exploited them to create a working decryptor they used since 2020 to help victim companies recover files without paying the attackers.BleepingComputer
November 18, 2022 – Vulnerabilities
Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution Full Text
Abstract
Tracked as CVE-2022-42898 and impacting multiple Samba releases, the security defect exists in the Service for User to Proxy (S4U2proxy) handler, which provides “a service that obtains a service ticket to another service on behalf of a user.”Security Week
November 18, 2022 – Attack
Ongoing supply chain attack targets Python developers with WASP Stealer Full Text
Abstract
A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting...Security Affairs
November 18, 2022 – Policy and Law
US charges BEC suspects with targeting federal health care programs Full Text
Abstract
The U.S. Department of Justice (DOJ) has charged ten defendants for their alleged involvement in business email compromise (BEC) schemes targeting numerous victims across the country, including U.S. federal funding programs like Medicare and Medicaid.BleepingComputer
November 18, 2022 – General
Top passwords used in RDP brute-force attacks Full Text
Abstract
While attacks on RDP ports grew during the COVID-19 pandemic as a result of the rise of remote work, the port has continued to be a popular attack method for criminals despite many workers returning to the office.Help Net Security
November 18, 2022 – Insider Threat
Meta Reportedly Fires Dozens of Employees for Hijacking Users’ Facebook and Instagram Accounts Full Text
Abstract
Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and documents. Included among those fired were contractors who worked as security guards at the social media firm's facilities and were given access to an internal tool that allowed employees to help "users they know" gain access to accounts after forgetting their passwords, or had their accounts locked out. The system, called "Oops" and short for Online Operations, is off limits to a vast majority of the platform's users, leading to the rise of a "cottage industry of intermediaries" who charge users thousands of dollars and reach out to insiders who are willing to reset the accounts. "You really have to have someone on the inside who will actually do itThe Hacker News
November 18, 2022 – Phishing
China-based Fangxiao group behind a long-running phishing campaign Full Text
Abstract
A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale...Security Affairs
November 18, 2022 – Hacker
Chinese hackers use Google Drive to drop malware on govt networks Full Text
Abstract
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide.BleepingComputer
November 18, 2022 – APT
China-linked Mustang Panda APT Targets Governments Worldwide via Spear-Phishing Attacks Full Text
Abstract
Earth Preta abused fake Google accounts to distribute malware via spear-phishing emails, initially stored in an archive file (such as rar/zip/jar) and distributed through Google Drive links.Trend Micro
November 18, 2022 – Malware
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities Full Text
Abstract
The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday. Aside from being dropped alongside other malware families, LodaRAT has also been observed being delivered through a previously unknown variant of another commodity trojan called Venom RAT , which has been codenamed S500. An AutoIT-based malware, LodaRAT (aka Nymeria ) is attributed to a group called Kasablanca and is capable of harvesting sensitive information from compromised machines. In February 2021, an Android version of the malware sprang forth as a way for the threat actors to expand their attack surface. Then in September 2022, Zscaler ThreatLabz uncovered a new delivery mechanism that involvedThe Hacker News
November 18, 2022 – General
Google Search results poisoned with torrent sites via Data Studio Full Text
Abstract
Threat actors are abusing Google's Looker Studio (formerly Google Data Studio) to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content.BleepingComputer
November 18, 2022 – General
Transportation sector targeted by both ransomware and APTs Full Text
Abstract
In the US alone, ransomware activity increased 100% quarter over quarter in transportation and shipping. Globally, transportation was the second most active sector after telecom. APTs were also detected in transportation more than in other sectors.Help Net Security
November 18, 2022 – General
Threat hunting with MITRE ATT&CK and Wazuh Full Text
Abstract
Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right opportunity to exploit discovered weaknesses. Therefore it is important to perform threat hunting to identify malicious actors in an environment and stop them before they achieve their ultimate goal. To effectively perform threat hunting, the threat hunter must have a systematic approach to emulating possible adversary behavior. This adversarial behavior determines what artifacts can be searched for that indicate ongoing or past malicious activity. MITRE ATT&CK Over the years, the security community has observed that threat actors have commonly used many tactics, techniques, and proceduThe Hacker News
November 18, 2022 – Vulnerabilities
Atlassian fixes critical command injection bug in Bitbucket Server Full Text
Abstract
Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company's solution for Git repository management.BleepingComputer
November 18, 2022 – Vulnerabilities
Omron PLC Vulnerability Exploited by Sophisticated ICS Malware Full Text
Abstract
A critical vulnerability affecting Omron products has been exploited by a sophisticated piece of malware designed to target industrial control systems (ICS), but it has not received the attention it deserves.Security Week
November 18, 2022 – Criminals
Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide Full Text
Abstract
The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH)," U.S. cybersecurity and intelligence authorities said in an alert. Active since June 2021, Hive's RaaS operation involves a mix of developers, who create and manage the malware, and affiliates, who are responsible for conducting the attacks on target networks by often purchasing initial access from initial access brokers (IABs). In most cases, gaining a foothold involves the exploitation of ProxyShell flaws in Microsoft Exchange Server, followed by taking steps to terminate processes associated with antivirus engiThe Hacker News
November 18, 2022 – Government
Australia Unveils Plan to Counter Global Cybercrime Problem Full Text
Abstract
Australia Cyber Security Minister Clare O'Neil announced the formation of the Joint Standing Operation task force, which brings together experts from the Australian Federal Police and the Australian Signals Directorate.Bank Info Security
November 18, 2022 – Malware
W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack Full Text
Abstract
An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP . "The attack seems related to cybercrime as the attacker claims that these tools are undetectable to increase sales." The findings from Checkmarx build on recent reports from Phylum and Check Point , which flagged 30 different modules published on the Python Package Index (PyPI) that were designed to propagate malicious code under the guise of benign-looking packages. The attack is just the latest threat to target the software supply chain. What makes it notable is the use of steganography to extract a polymorphic malware payload hidden within an image file hosted on Imgur. The installation of the package ultimately makThe Hacker News
November 17, 2022 – General
Embrace A Paradigm Shift In SaaS Protection: SaaS Security Posture Management Full Text
Abstract
Forrester interviews customers across different organizations who have implemented a SaaS security solution.The Hacker News
November 17, 2022 – Phishing
Phishing kit impersonates well-known brands to target US shoppers Full Text
Abstract
A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween.BleepingComputer
November 17, 2022 – Government
Russia’s cyber personnel has ‘underperformed’ in Ukraine: U.S. Defense official Full Text
Abstract
A senior Pentagon official on Wednesday said that Russia’s cyber personnel “underperformed” during the initial invasion of Ukraine, prompting it to ultimately rely less on digital attacks during the now months-long conflict than was expected.The Record
November 17, 2022 – Phishing
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign Full Text
Abstract
A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over 42,000 imposter domains , with initial activity observed in 2017. "It targets businesses in multiple verticals including retail, banking, travel, and energy," researchers Emily Dennison and Alana Witten said . "Promised financial or physical incentives are used to trick victims into further spreading the campaign via WhatsApp." Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards. These sites prompt the visitors to complete a survey to claim cash prizes, in exchange for which theThe Hacker News
November 17, 2022 – Attack
Two public schools in Michigan hit by a ransomware attack Full Text
Abstract
Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware...Security Affairs
November 17, 2022 – Ransomware
Previously unidentified ARCrypter ransomware expands worldwide Full Text
Abstract
A previously unknown 'ARCrypter' ransomware that compromised key organizations in Latin America is now expanding its attacks worldwide.BleepingComputer
November 17, 2022 – Breach
Misconfigured Server Exposed PHI of 600,000 Inmates at Kentucky-based CorrectCare Integrated Health Full Text
Abstract
A server misconfiguration at a firm that provides medical claims processing for correctional facilities exposed sensitive information of nearly 600,000 inmates who received medical care during the last decade while incarcerated.Bank Info Security
November 17, 2022 – Criminals
FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva Full Text
Abstract
A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims' bank accounts using malware called Zeus . Vyacheslav Igorevich Penchukov, who went by online pseudonyms "tank" and "father," is said to have been involved in the day-to-day operations of the group. He was apprehended on October 23, 2022, and is pending extradition to the U.S. Details of the arrest were first reported by independent security journalist Brian Krebs. Penchukov, along with Ivan Viktorovich Klepikov (aka "petrovich" and "nowhere") and Alexey Dmitrievich Bron (aka "thehead"), was first charged in the District of Nebraska in August 2012. According to court documents released by the U.S. Depart of Justice (DoJ) in 2014, Penchukov and eight other members of the cybercriminal group infected "thousands of businThe Hacker News
November 17, 2022 – Attack
Magento and Adobe Commerce websites under attack Full Text
Abstract
Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento...Security Affairs
November 17, 2022 – Government
FBI: Hive ransomware extorted $100M from over 1,300 victims Full Text
Abstract
The Federal Bureau of Investigation (FBI) said today that the notorious Hive ransomware gang has successfully extorted roughly $100 million from over a thousand companies since June 2021.BleepingComputer
November 17, 2022 – Malware
WASP Malware Uses Steganography and Polymorphism to Evade Detection Full Text
Abstract
PyPI, an open-source repository used by developers to share Python packages used in projects, is an increasingly popular target in software supply chain attacks for uploading malicious code via fake packages.The Register
November 17, 2022 – General
100 Apps, Endless Security Checks Full Text
Abstract
On average, organizations report using 102 business-critical SaaS applications, enabling operations of most departments across an organization, such as IT and Security, Sales, Marketing, R&D, Product Management, HR, Legal, Finance, and Enablement. An attack can come from any app, no matter how robust the app is. Without visibility and control over a critical mass of an organization's entire SaaS app stack, security teams are flying blind. This is why it's important that all SaaS apps across the organization be managed at scale. While this breadth of coverage is critical, each app has its own characteristics, UI, and terminology. Mitigating these threats requires a deep understanding of all security controls its configurations. Learn how to automate SaaS security management . Security teams need to map out the entire SaaS ecosystem within the organization, including the core SaaS apps and the numerous additional apps that employees connect to without checking or informing thThe Hacker News
November 17, 2022 – Criminals
Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police Full Text
Abstract
A suspected leader of the Zeus cybercrime gang, Vyacheslav Igorevich Penchukov (aka Tank), was arrested by Swiss police. Swiss police last month arrested in Geneva Vyacheslav Igorevich Penchukov (40), also known as Tank, which is one of the leaders...Security Affairs
November 17, 2022 – Phishing
QBot phishing abuses Windows Control Panel EXE to infect devices Full Text
Abstract
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software.BleepingComputer
November 17, 2022 – Hacker
A Comprehensive Look at Emotet’s Fall 2022 Return Full Text
Abstract
TA542, an actor that distributes Emotet malware, has once again returned from an extensive break from delivering malicious emails. The actor was absent from the landscape for nearly four months but became active again in early November.Proof Point
November 17, 2022 – Breach
Iran-linked threat actors compromise US Federal Network Full Text
Abstract
Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised...Security Affairs
November 17, 2022 – Vulnerabilities
F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ Full Text
Abstract
F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints.BleepingComputer
November 17, 2022 – General
Majority of DOD cyber incident reports are incomplete, GAO finds Full Text
Abstract
Failures in reporting cyber incidents at the U.S. Department of Defense risks leaving commanders in the dark about the effects hackers could have on their missions, according to a new report by the Government Accountability Office.The Record
November 17, 2022 – Vulnerabilities
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices Full Text
Abstract
Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The issues impact BIG-IP versions 13.x, 14.x, 15.x, 16.x, and 17.x, and BIG-IQ Centralized Management versions 7.x and 8.x. The two high-severity issues, which were reported to F5 on August 18, 2022, are as follows - CVE-2022-41622 (CVSS score: 8.8) - A cross-site request forgery ( CSRF ) vulnerability through iControl SOAP, leading to unauthenticated remote code execution. CVE-2022-41800 (CVSS score: 8.7) - An iControl REST vulnerability that could allow an authenticated user with an Administrator role to bypass Appliance mode restrictions. "By successfully exploiting the worst of the vulnerabilities (CVE-2022-41622), an attacker could gain persistent root access to the device's manThe Hacker News
November 17, 2022 – Solution
ESET rolls out new consumer offerings to improve home security Full Text
Abstract
ESET's newest consumer product release has taken a comprehensive approach to security to guard against a full range of threats. While cyberthreats and hackers continue to evolve, ESET is always a step ahead. Here is a look at the new product updates:BleepingComputer
November 17, 2022 – Breach
Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit Full Text
Abstract
Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022. "Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence," CISA noted . LogShell, aka CVE-2021-44228 , is a critical remote code execution flaw in the widely-used Apache Log4j Java-based logging library. It was addressed by the open source project maintainers in December 2021. The latest development marks the continued abuse of the Log4j vThe Hacker News
November 17, 2022 – General
Microsoft urges devs to migrate away from .NET Core 3.1 ASAP Full Text
Abstract
Microsoft has urged developers still using the long-term support (LTS) release of .NET Core 3.1 to migrate to the latest .NET Core versions until it reaches the end of support (EOS) next month.BleepingComputer
November 17, 2022 – Hacker
North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor Full Text
Abstract
Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the U.S. "Dtrack allows criminals to upload, download, start or delete files on the victim host," Kaspersky researchers Konstantin Zykov and Jornt van der Wiel said in a report. The victimology patterns indicate an expansion to Europe and Latin America. Sectors targeted by the malware are education, chemical manufacturing, governmental research centers and policy institutes, IT service providers, utility providers, and telecommunication firms. Dtrack, also called Valefor and Preft, is the handiwork of Andariel, a subgroup of the Lazarus nation-state threat actor that's publicly tracked by the broader cybersecurity community using the monikers Operation Troy, Silent Chollima, and Stonefly. Discovered in September 2019, the malwareThe Hacker News
November 17, 2022 – Policy and Law
U.S. charges Russian suspects with operating Z-Library e-Book site Full Text
Abstract
Anton Napolsky (33) and Valeriia Ermakova (27), two Russian nationals, were charged with intellectual property crimes linked to Z-Library, a pirate online eBook repository.BleepingComputer
November 16, 2022 – Botnet
Updated RapperBot malware targets game servers in DDoS attacks Full Text
Abstract
The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS (Distributed Denial of Service) attacks against game servers.BleepingComputer
November 16, 2022 – Vulnerabilities
Firefox 107 Patches High-Impact Vulnerabilities Full Text
Abstract
The high-impact flaws include issues that could lead to information disclosure, fullscreen notification bypass that could be used for spoofing attacks, and crashes or arbitrary code execution resulting from use-after-free bugs.Security Week
November 16, 2022 – Breach
Researchers Discover Hundreds of Amazon RDS Instances Leaking Users’ Personal Data Full Text
Abstract
Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns," researchers Ariel Szarf, Doron Karmi, and Lionel Saposnik said in a report shared with The Hacker News. This includes names, email addresses, phone numbers, dates of birth, marital status, car rental information, and even company logins. Amazon RDS is a web service that makes it possible to set up relational databases in the Amazon Web Services (AWS) cloud. It offers support for different database engines such as MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server. The root cause of the leaks stems from a feature called public RDS snapshots , which allows for creating a backup of the entire daThe Hacker News
November 16, 2022 – General
Cyber Norms in the Context of Armed Conflict Full Text
Abstract
United Nations norms related to nation-state cyberspace operations clearly apply during peacetime, but recent events in Ukraine and Russia raise challenges regarding those norms’ applicability in armed conflict.Lawfare
November 16, 2022 – Vulnerabilities
F5 fixed 2 high-severity Remote Code Execution bugs in its products Full Text
Abstract
Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized...Security Affairs
November 16, 2022 – Criminals
Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police Full Text
Abstract
Vyacheslav Igorevich Penchukov, also known as Tank and one of the leaders of the notorious JabberZeus cybercrime gang, was arrested in Geneva last month.BleepingComputer
November 16, 2022 – Denial Of Service
Pro-Russian Hacker Group KillNet Claims DDoS Attack on FBI Website Full Text
Abstract
A pro-Russian hacking group claimed responsibility Monday for a denial-of-service attack against FBI websites, marking the latest in a series of nuisance attacks launched against a seemingly capricious and global set of targets.Bank Info Security
November 16, 2022 – General
7 Reasons to Choose an MDR Provider Full Text
Abstract
According to a recent survey , 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That's a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look the same in a post-2020 world. The increase in the number of sophisticated attacks, the heavy reliance on the cloud, limited resources and budgets (exacerbated by economic uncertainty), and a growing skills gap are all major contributors to why having an MDR service to support security operations is becoming a necessity. Beyond that, there are a number of reasons for why incorporating an MDR service into your security strategy can provide exceptional value that even the people who are tightening your budget at your organization can't deny. Here are just seven reasons why you (yes, youThe Hacker News
November 16, 2022 – APT
Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs Full Text
Abstract
North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe and Latin America. North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe...Security Affairs
November 16, 2022 – General
Twitter source code indicates end-to-end encrypted DMs are coming Full Text
Abstract
Twitter is reportedly working on finally adding end-to-end encryption (E2EE) for direct messages (DMs) exchanged between users on the social media platform.BleepingComputer
November 16, 2022 – Government
FBI Warns of PC and Tech Support Scams Stealing Huge Sums of Money from Unsuspecting Users Full Text
Abstract
The PSA by the FBI warns that there have been instances across the US recently of scammers posing as service representatives of software company tech support or computer repair services in attempts to trick victims into following instructions.ZDNet
November 16, 2022 – Denial Of Service
Warning: New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers Full Text
Abstract
Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service (DDoS) attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that appeared in February and then mysteriously disappeared in the middle of April," Fortinet FortiGuard Labs researchers Joie Salvio and Roy Tay said in a Tuesday report. RapperBot, which was first documented by the network security firm in August 2022, is known to exclusively brute-force SSH servers configured to accept password authentication . The nascent malware is heavily inspired by the Mirai botnet , whose source code leaked in October 2016, leading to the rise of several variants. What's notable about the updated version of RapperBot is its ability to perform Telnet brute-force, in addition to supporting DoS attacks using the Generic Routing Encapsulation ( GREThe Hacker News
November 16, 2022 – Attack
New RapperBot Campaign targets game servers with DDoS attacks Full Text
Abstract
Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers. Fortinet FortiGuard Labs researchers have discovered new samples of the RapperBot malware that are being used...Security Affairs
November 16, 2022 – Breach
US govt: Iranian hackers breached federal agency using Log4Shell exploit Full Text
Abstract
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.BleepingComputer
November 16, 2022 – Business
ThreatLocker acquires Third Wall to provide endpoint protection for MSPs Full Text
Abstract
Managed Service Providers (MSPs) using ThreatLocker's solutions will now be able to harden Windows operating systems, ensure end-users comply with government regulations, and strengthen their overall security posture.Help Net Security
November 16, 2022 – Solution
Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023 Full Text
Abstract
Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said . To that end, developers will need to complete an enrollment process in order to utilize the ads-related APIs, including Topics , FLEDGE , and Attribution Reporting . Topics, which replaced Federated Learning of Cohorts (FLoC) earlier this year, aims to categorize user interests under different "topics" based on their device web browsing history. These inferred interests are then shared with marketers to serve targeted ads. FLEDGE and Attribution reporting, on the other hand, enable custom audience targeting and help measure ad conversions without relying on cross-party user identifiers, respectively. Organizations can also request acceThe Hacker News
November 16, 2022 – Privacy
Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta Full Text
Abstract
Google announced it will roll out the Privacy Sandbox system for Android in beta to a limited number of Android 13 devices in early 2023. Google announced it will roll out the Privacy Sandbox for Android in beta to mobile devices running Android...Security Affairs
November 16, 2022 – Attack
Magento stores targeted in massive surge of TrojanOrders attacks Full Text
Abstract
At least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting a vulnerability that allows the threat actors to compromise vulnerable servers.BleepingComputer
November 16, 2022 – Breach
NewYork-Presbyterian Hospital Issues Notification of Cybersecurity Incident Full Text
Abstract
Approximately twelve thousand (12,000) patients were affected. Information pertaining to those patients includes first and last names, addresses, insurance authorizations, medical records numbers, and exam results.nyp
November 16, 2022 – Solution
DuckDuckGo now lets all Android users block trackers in their apps Full Text
Abstract
DuckDuckGo for Android's 'App Tracking Protection' feature has reached open beta, allowing all Android users to block third-party trackers across all their installed apps.BleepingComputer
November 16, 2022 – APT
Chinese APT Targets Government and Defense Agencies in Asia Full Text
Abstract
According to Symantec researchers, Billbug targeted a digital certificate authority, as well as government agencies and defense organizations in several countries in Asia in the latest campaign.Cyware Alerts - Hacker News
November 15, 2022 – Hacker
North Korean hackers target European orgs with updated malware Full Text
Abstract
North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America.BleepingComputer
November 15, 2022 – Vulnerabilities
Organizations Warned of Critical Vulnerability in Backstage Developer Portal Platform Full Text
Abstract
Backstage, an open platform for building developer portals, is affected by a critical vulnerability whose exploitation could have a serious impact on a targeted enterprise, according to security firm Oxeye.Security Week
November 15, 2022 – Vulnerabilities
Critical RCE Flaw Reported in Spotify’s Backstage Software Catalog and Developer Platform Full Text
Abstract
Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library ( CVE-2022-36067 aka Sandbreak), that came to light last month. "An unauthenticated threat actor can execute arbitrary system commands on a Backstage application by exploiting a vm2 sandbox escape in the Scaffolder core plugin," application security firm Oxeye said in a report shared with The Hacker News. Backstage is an open source developer portal from Spotify that allows users to create, manage, and explore software components from a unified " front door ." It's used by many companies like Netflix, DoorDash, Roku, and Expedia, among others. According to Oxeye, the flaw is rooted in a tool called software templThe Hacker News
November 15, 2022 – General
Happy birthday Security Affairs … 11 years together! Full Text
Abstract
Happy BirthDay Security Affairs! Eleven years together! I launched Security Affairs for passion in November 2011 and since then the blog was visited by tens of millions of readers. Thank you! Eleven years ago I decided to launch Security Affairs,...Security Affairs
November 15, 2022 – Solution
Google to roll out Privacy Sandbox on Android 13 starting early 2023 Full Text
Abstract
Google announced today that they will begin rolling out the Privacy Sandbox system on a limited number of Android 13 devices starting in early 2023.BleepingComputer
November 15, 2022 – Policy and Law
Anesthesiology Services Firm Faces 5 Class Action Lawsuits Full Text
Abstract
At least five complaints filed in the U.S. District for Southern New York allege that Somnia Inc. was negligent in failing to safeguard personally identifiable information and protected health information.Bank Info Security
November 15, 2022 – Vulnerabilities
PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft Full Text
Abstract
Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet ( TTE ) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed PCspooF by a group of academics and researchers from the University of Michigan , the University of Pennsylvania, and the NASA Johnson Space Center, the technique is designed to break TTE's security guarantees and induce TTE devices to lose synchronization for up to a second, a behavior that can even lead to uncontrolled maneuvers in spaceflight missions and threaten crew safety. TTE is one among the networking technologies that's part of what's called a mixed-criticality network wherein traffic with different timing and faults tolerance requirements coexist in the same physical network. This means that both critical devices, which, say, enable vehicle control, and non-critical devices, which areThe Hacker News
November 15, 2022 – Vulnerabilities
Experts found critical RCE in Spotify’s Backstage Full Text
Abstract
Researchers discovered a critical vulnerability impacting Spotify's Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify’s Backstage (CVSS Score of 9.8)....Security Affairs
November 15, 2022 – Vulnerabilities
Researchers release exploit details for Backstage pre-auth RCE bug Full Text
Abstract
Older versions of the Spotify Backstage development portal builder are vulnerable to a critical (CVSS score: 9.8) unauthenticated remote code execution flaw allowing attackers to run commands on publicly exposed systems.BleepingComputer
November 15, 2022 – Vulnerabilities
Mastodon users vulnerable to password-stealing attacks Full Text
Abstract
Attackers could steal password credentials from Mastodon users due to a security vulnerability in Glitch, a fork of Mastodon, Gareth Heyes of PortSwigger Research has warned.The Daily Swig
November 15, 2022 – Vulnerabilities
Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service Full Text
Abstract
Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk accounts with Explore enabled," Varonis said in a report shared with The Hacker News. The cybersecurity firm said there was no evidence to suggest that the issues were actively exploited in real-world attacks. No action is required on the part of the customers. Zendesk Explore is a reporting and analytics solution that allows organizations to "view and analyze key information about your customers, and your support resources." According to the security software company, exploitation of the shortcoming first requires an attacker to register for the ticketing serviceThe Hacker News
November 15, 2022 – Vulnerabilities
Experts revealed details of critical SQLi and access issues in Zendesk Explore Full Text
Abstract
Researchers disclosed technical details of critical SQLi and access vulnerabilities in the Zendesk Explore Service. Cybersecurity researchers at Varonis disclosed technical details of critical SQLi and access vulnerabilities impacting the Zendesk...Security Affairs
November 15, 2022 – General
MFA Fatigue attacks are putting your organization at risk Full Text
Abstract
A common threat targeting businesses is MFA fatigue attacks—a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts. This article includes some measures you can implement to prevent these types of attacks.BleepingComputer
November 15, 2022 – Business
Bishop Fox Adds $46 Million to Series B Funding Round Full Text
Abstract
The continuous attack surface management solution provider raised another $46 million in growth funding led by WestCap. In addition to WestCap, NextEquity Partners and Rockpool Capital joined the latest funding.Security Week
November 15, 2022 – Education
Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions Full Text
Abstract
Today, most Network Detection and Response (NDR) solutions rely on traffic mirroring and Deep Packet Inspection (DPI). Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when it comes to encrypted network traffic. Metadata Analysis has been specifically developed to overcome these limitations. By utilizing metadata for analysis, network communications can be observed at any collection point and be enriched by the information providing insights about encrypted communication. Network Detection and Response (NDR) solutions have become crucial to reliably monitor and protect network operations. However, as network traffic becomes encrypted and data volumes continue to increase, most traditional NDR solutions are reaching their limits. This begs the question: What detectThe Hacker News
November 15, 2022 – APT
China-linked APT Billbug breached a certificate authority in Asia Full Text
Abstract
A suspected China-linked APT group breached a digital certificate authority in Asia as part of a campaign aimed at government agencies since March 2022. State-sponsored actors compromised a digital certificate authority in a country in Asia as part...Security Affairs
November 15, 2022 – Hacker
Chinese hackers target government agencies and defense orgs Full Text
Abstract
The Chinese espionage APT (advanced persistent threat), tracked as 'Billbug' (aka Thrip, or Lotus Blossom), is currently running a 2022 campaign targeting government agencies and defense organizations in multiple Asian countries.BleepingComputer
November 15, 2022 – Malware
Typhon Reborn: Stealer Comes Back with New Capabilities Full Text
Abstract
Crypto miner/stealer for hire, Typhon Stealer, received a new update in the form of Typhon Reborn, disclosed Palo Alto Networks. The new variant boasts enhanced anti-analysis techniques and other stealing and file-grabber features. Researchers found that it leverages Telegram’s API and infrastructu ... Read MoreCyware Alerts - Hacker News
November 15, 2022 – Breach
Researchers Say China State-backed Hackers Breached a Digital Certificate Authority Full Text
Abstract
A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug , citing the use of tools previously attributed to this actor. The activity appears to be driven by espionage and data-theft, although no data is said to have been stolen to date. Billbug , also called Bronze Elgin, Lotus Blossom, Lotus Panda, Spring Dragon , and Thrip , is an advanced persistent threat (APT) group that is believed to operate on behalf of Chinese interests. Primary targets include government and military organizations in South East Asia. Attacks mounted by the adversary in 2019 involved the use of backdoors like Hannotog and Sagerunex , with the intrusions observed in Hong Kong, Macau, Indonesia, Malaysia, the Philippines, and Vietnam.The Hacker News
November 15, 2022 – Policy and Law
Google to Pay a record $391M fine for misleading users about the collection of location data Full Text
Abstract
Google is going to pay $391.5 million to settle with 40 states in the U.S. for secretly collecting personal location data. Google has agreed to pay $391.5 million to settle with 40 US states for misleading users about the collection of personal location...Security Affairs
November 15, 2022 – Hacker
Chinese State-Sponsored Actor Targets Certificate Authority, Government Agencies Across Asia Full Text
Abstract
Billbug (aka Lotus Blossom, Thrip) is a long-established advanced persistent threat (APT) group that is believed to have been active since at least 2009. The attackers use multiple dual-use tools in this attack campaign, as well as custom malware.Symantec
November 15, 2022 – Policy and Law
Google to Pay $391 Million Privacy Fine for Secretly Tracking Users’ Location Full Text
Abstract
Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information," Oregon Attorney General Ellen Rosenblum said Monday. "For years Google has prioritized profit over their users' privacy. They have been crafty and deceptive," Rosenblum stated. The investigation was sparked by a 2018 report from the Associated Press that revealed Google was continuing to track users' locations on Android and iOS even when they turned off "location history" in their account settings, effectively undermining the privacy controls. Rosenblum said the location data gathered by Google is combined with other personal and behavioral information it collects to flesh out detaThe Hacker News
November 15, 2022 – APT
Previously undetected Earth Longzhi APT group is a subgroup of APT41 Full Text
Abstract
Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this year, Trend Micro investigated a security breach suffered by a company in Taiwan. Threat actors employed...Security Affairs
November 15, 2022 – Malware
Dtrack Malware Operations Expanded to Europe and Latin America Full Text
Abstract
DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets.Securelist
November 15, 2022 – Criminals
Avast details Worok espionage group’s compromise chain Full Text
Abstract
Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers from cybersecurity firm Avast observed the recently discovered espionage group Worok abusing Dropbox API to exfiltrate...Security Affairs
November 15, 2022 – Cryptocurrency
Typhon Cryptominer-for-Hire Malware Resurfaces With New Capabilities Full Text
Abstract
The original version of Typhon Stealer was updated and released with the new name of “Typhon Reborn.” This new version has increased anti-analysis techniques and it was modified to improve the stealer and file grabber features.Palo Alto Networks
November 15, 2022 – General
The real cost of ransomware is even bigger than we realised Full Text
Abstract
The Ransomware Harms and the Victim Experience project, by the Royal United Service Institute and University of Kent, explores and draws attention to the psychological harms and other effects that ransomware can have on its victims and wider society.ZDNet
November 14, 2022 – Breach
Whoosh confirms data breach after hackers sell 7.2M user records Full Text
Abstract
The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum.BleepingComputer
November 14, 2022 – Ransomware
Russia Targets Ukraine With New Somnia Ransomware Full Text
Abstract
During an investigation into the recent series of attacks against organizations in Ukraine, the CERT-UA discovered a new ransomware variant called Somnia. The government has attributed the attacks to the group ‘From Russia with Love’ (FRwL), allegedly a Pro-Russian hacker group. The attackers appar ... Read MoreCyware Alerts - Hacker News
November 14, 2022 – APT
New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders Full Text
Abstract
Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41 , a prolific Chinese advanced persistent threat (APT). Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi , said the actor's long-running campaign can be split into two based on the toolset deployed to attack its victims. The first wave from May 2020 to February 2021 is said to have targeted government, infrastructure, and healthcare industries in Taiwan and the banking sector in China, whereas the succeeding set of intrusions from August 2021 to June 2022 infiltrated high-profile victims in Ukraine and several countries in Asia. This included defense, aviation, insurance, and urban development industries in Taiwan, China, Thailand, Malaysia, Indonesia, Pakistan, and Ukraine. The victimology patterns and the targeted sectors overlap with attacks mounted by a distinct sister group of APT41 (akaThe Hacker News
November 14, 2022 – Phishing
Massive Black hat SEO campaign used +15K WordPress sites Full Text
Abstract
Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals. Since September 2022, researchers from security firm Sucuri have tracked a surge in WordPress malware redirecting...Security Affairs
November 14, 2022 – Phishing
42,000 sites used to trap users in brand impersonation scheme Full Text
Abstract
A malicious for-profit group named 'Fangxiao' has created a massive network of over 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways.BleepingComputer
November 14, 2022 – Malware
Malicious Google Play Store App Distributes Xenomorph Banking Trojan Full Text
Abstract
The Zscaler ThreatLabz team stumbled across the Xenomorph banking trojan loaded over a lifestyle app called ‘Todo: Day manager,’ in the Google Play store. The malware is dropped via GitHub as a fake Google Service application right during the installation of the app. It opens as an overlay onto leg ... Read MoreCyware Alerts - Hacker News
November 14, 2022 – Breach
Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign Full Text
Abstract
A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick." The search engine poisoning technique is designed to promote a "handful of fake low quality Q&A sites" that share similar website-building templates and are operated by the same threat actor. A notable aspect of the campaign is the ability of the hackers to modify over 100 files per website on average, an approach that contrasts dramatically from other attacks of this kind wherein only a limited number of files are tampered with to reduce footprint and escape detection. Some of the most commonly infected pages consist of wp-signup.php, wp-cron.php, wp-links-opml.php, wp-settings.phpThe Hacker News
November 14, 2022 – Botnet
KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks Full Text
Abstract
Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials. Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems...Security Affairs
November 14, 2022 – Outage
Instagram, Facebook, Twitter, YouTube suspended in Turkey after blast Full Text
Abstract
Following yesterday's deadly blast on İstiklal Avenue in Istanbul, Turkish authorities began restricting access to social media including Instagram, Facebook, Twitter, YouTube and Telegram.BleepingComputer
November 14, 2022 – Phishing
Scammers Impersonate Financial Regulators to Steal Personal and Banking Data Full Text
Abstract
Kaspersky uncovered two scam campaigns purporting to be from online marketplaces, video streaming services, and government agencies to steal personal and banking data from victims. The attackers did not create any website and just hoped that the victim will agree to discuss their investments first ... Read MoreCyware Alerts - Hacker News
November 14, 2022 – Education
What is an External Penetration Test? Full Text
Abstract
A penetration test (also known as a pentest) is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications. The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the impact would be if an attacker was successful. Usually performed first, an external pentest (also known as external network penetration testing) is an assessment of your perimeter systems. Your perimeter is all the systems that are directly reachable from the internet. By definition, they are exposed and are, therefore the most easily and regularly attacked. Testing for weaknesses External pentests look for ways to compromise these external, accessible systems and services to access sensitive information and see how an attacker could target your clients, customers or users. In a high-quality external pentest, the security professional(s) will copy the activities of real hackers, like exThe Hacker News
November 14, 2022 – Government
CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine Full Text
Abstract
Russian threat actors employed a new ransomware family called Somnia in attacks against multiple organizations in Ukraine. The Government Computer Emergency Response Team of Ukraine CERT-UA is investigating multiple attacks against organizations in Ukraine...Security Affairs
November 14, 2022 – Government
Venus Ransomware Targets Healthcare - Warns HHS Full Text
Abstract
The HHS raised an alarm regarding the increased threats on the country's healthcare organizations from the Venus ransomware operators. Officials claimed they are aware of at least one incident of the ransomware infection. Unfortunately, there’s no known data leak site (or maybe there isn’t any) per ... Read MoreCyware Alerts - Hacker News
November 14, 2022 – Cryptocurrency
New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks Full Text
Abstract
A newly discovered evasive malware leverages the Secure Shell ( SSH ) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to luxury car brands to security firms. "The botnet infects systems via an SSH connection that uses weak login credentials," Akamai researcher Larry W. Cashdollar said . "The malware does not stay persistent on the infected system as a way of evading detection." The malware gets its name from an executable named "kmsd.exe" that's downloaded from a remote server following a successful compromise. It's also designed to support multiple architectures, such as Winx86, Arm64, mips64, and x86_64. KmsdBot comes with capabilities to perform scanning operatioThe Hacker News
November 14, 2022 – General
Have board directors any liability for a cyberattack against their company? Full Text
Abstract
Are the directors of a company hit by a cyberattack liable for negligence in failing to take steps to limit the risk. As the risk of a cyberattack grows, it is pivotal to consider whether the directors of a company hit by a ransomware attack, for example,...Security Affairs
November 14, 2022 – General
Info-Stealing Malware Tops Global Threat Index Ranking Full Text
Abstract
Check Point's Global Threat Index for October 2022 revealed that keylogger AgentTesla has topped the list for the most widespread malware, impacting 7% of organizations worldwide. Modular .NET keylogger and credential stealer SnakeKeylogger bagged second place, which impacted 5% of organizations. E ... Read MoreCyware Alerts - Hacker News
November 14, 2022 – Hacker
Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images Full Text
Abstract
A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft. "What is noteworthy is data collection from victims' machines using Dropbox repository, as well as attackers using Dropbox API for communication with the final stage," the company said . The development comes a little over two months after ESET disclosed details of attacks carried out by Worok against high-profile companies and local governments located in Asia and Africa. Worok is believed to share tactical overlaps with a Chinese threat actor tracked as TA428 . The Slovak cybersecurity company also documented Worok's compromise sequence, which makes use of a C++-based loader called CLRLoad to pave the way for an unknown PowerSThe Hacker News
November 14, 2022 – Government
NSA Publishes Guidance on Mitigating Software Memory Safety Issues Full Text
Abstract
Caused by how programs manage or allocate memory, logic errors, incorrect order of operations, or the use of uninitialized variables, software memory safety issues are often exploited for remote code execution (RCE).Security Week
November 14, 2022 – Vulnerabilities
Aiphone Intercom System Vulnerability Allows Hackers to Open Doors Full Text
Abstract
Last week, researchers with Norwegian application security firm Promon published information on a vulnerability identified in several Aiphone products that could allow an attacker to easily breach the entry system using an NFC tag.Security Week
November 14, 2022 – Government
CISA warns unpatched Zimbra users to assume breach Full Text
Abstract
Multiple threat actors are launching attacks against unpatched users of Zimbra Collaboration Suite, a business productivity software and email platform, the Cybersecurity and Infrastructure Security Agency said in a warning last Thursday.Cybersecurity Dive
November 14, 2022 – Attack
Bahrain Government Websites Attacked Right Before Parliamentary Election Full Text
Abstract
The Interior Ministry did not identify the websites targeted, but the country's state-run Bahrain News Agency could not be reached online nor could the website for Bahrain's parliament.ABC News
November 14, 2022 – Criminals
Ransomware gangs shift tactics, making crimes harder to track Full Text
Abstract
Ransomware gangs increasingly use their own or stolen computer code, moving away from a ransomware-as-a-service model that made their activities easier to monitor, new research shows.LA Times
November 13, 2022 – Hacker
Ukraine says Russian hacktivists use new Somnia ransomware Full Text
Abstract
Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems.BleepingComputer
November 13, 2022 – General
Changing Malware and Ransomware Ecosystem in H1 2022 Full Text
Abstract
Deep Instinct published its 2022 Bi-Annual Cyber Threat Report delineating the top ransomware and malware trends observed between January and September. Bugs such as DirtyPipe and Follina have been emphasized by hackers to abuse both Linux and Windows devices. Throughout, 2022 has been a good year ... Read MoreCyware Alerts - Hacker News
November 13, 2022 – Criminals
Ukraine Police dismantled a transnational fraud group that made €200 million per year Full Text
Abstract
Ukraine's Cyber Police and Europol arrested 5 Ukrainian citizens who are members of a large-scale transnational fraud group. Ukraine's cyber police and Europol arrested five members of a transnational fraud group that caused more than 200 million...Security Affairs
November 13, 2022 – Business
FTX Investigating Possible Hack Hours After Bankruptcy Filing Full Text
Abstract
A day after it filed for bankruptcy, the collapsed cryptocurrency exchange FTX said that it was investigating “unauthorized transactions” flowing from its accounts, as crypto researchers documented suspicious transfers of $515 million.New York Times
November 13, 2022 – Criminals
Lockbit gang leaked data stolen from global high-tech giant Thales Full Text
Abstract
The Lockbit 3.0 ransomware gang started leaking the information allegedly stolen from the global high-tech company Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations...Security Affairs
November 12, 2022 – Phishing
New extortion scam threatens to damage sites’ reputation, leak data Full Text
Abstract
An active extortion scam is targeting website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data.BleepingComputer
November 12, 2022 – Vulnerabilities
Android phone owner accidentally finds a way to bypass lock screen Full Text
Abstract
Cybersecurity researcher David Schütz accidentally found a way to bypass the lock screen on his fully patched Google Pixel 6 and Pixel 5 smartphones, enabling anyone with physical access to the device to unlock it.BleepingComputer
November 12, 2022 – Attack
StrelaStealer and IceXLoader Drive Info-Stealing Campaigns | Cyware Hacker News Full Text
Abstract
Researchers have discovered new waves of malware campaigns, with two information-stealing malware, StrelaStealer and IceXLoader, infecting victims with malicious email attachments. StrelaStealer searches for credentials stored in the Thunderbird and Outlook email clients to steal them. IceXLoader i ... Read MoreCyware Alerts - Hacker News
November 12, 2022 – Cryptocurrency
$1 billion of FTX customer funds have vanished, Reuters reported Full Text
Abstract
Crypto exchange FTX appears to have been hacked, rumors state that attackers stole $600 million drained from the company's wallets. Crypto exchange FTX is recommending users to delete FTX apps and avoid using its website, a circumstance that refutes...Security Affairs
November 12, 2022 – Hacker
Australia tells Medibank hackers: ‘We know who you are’ Full Text
Abstract
The Australian Federal Police claims to have identified the cybercriminals behind the Medibank ransomware attack, which compromised the personal data of 9.7 million customers.Tech Crunch
November 12, 2022 – Malware
Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan Full Text
Abstract
Experts discovered two new malicious dropper apps on the Google Play Store distributing the Xenomorph banking malware. Zscaler ThreatLabz researchers discovered a couple of malicious dropper apps on the Play Store distributing the Xenomorph banking...Security Affairs
November 12, 2022 – Solution
GitHub Introduces Private Vulnerability Reporting for Public Repositories Full Text
Abstract
Microsoft-owned code hosting platform GitHub has announced the introduction of a direct channel for security researchers to report vulnerabilities in public repositories that allow it.Security Week
November 12, 2022 – Attack
Canadian supermarket chain giant Sobeys suffered a ransomware attack Full Text
Abstract
Sobeys, the second-largest supermarket chain in Canada, was he victim of a ransomware attack conducted by the Black Basta gang. Sobeys Inc. is the second largest supermarket chain in Canada, the company operates over 1,500 stores operating across...Security Affairs
November 12, 2022 – Government
CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) announced the release of a Stakeholder-Specific Vulnerability Categorization (SSVC) guide that can help organizations prioritize vulnerability patching using a decision tree model.Security Week
November 12, 2022 – Criminals
Russian Hackers Are Publishing Stolen Abortion Records on the Dark Web Full Text
Abstract
Hackers who stole a trove of data from one of Australia’s biggest private health insurers are drip-feeding sensitive details of customers' medical diagnoses and procedures, including abortions, onto the dark web.Vice
November 11, 2022 – Ransomware
The Week in Ransomware - November 11th 2022 - LockBit feeling the heat Full Text
Abstract
This 'Week in Ransomware' covers the last two weeks of ransomware news, with new information on attacks, arrests, data wipers, and reports shared by cybersecurity firms and researchers.BleepingComputer
November 11, 2022 – Vulnerabilities
New Vulnerability in Popular Widget Shows Risks of Third-Party Code Full Text
Abstract
Successful exploitation of this vulnerability could allow malicious actors to impersonate a user and take over a user’s account, perform any action on behalf of the user and or steal sensitive information such as cookies and session tokens.Imperva
November 11, 2022 – Attack
Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs Full Text
Abstract
Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's Citizen Lab in September 2019. "Mobile surveillance tools like BadBazaar and MOONSHINE can be used to track many of the 'pre-criminal' activities, actions considered indicative of religious extremism or separatism by the authorities in Xinjiang," Lookout said in a detailed write-up of the operations. The BadBazaar campaign, according to the security firm, is said to date as far back as late 2018 and comprise 111 unique apps that masquerade as benign video players, messengers, religious apps, and even TikTok. While these samples were distributed through Uyghur-languageThe Hacker News
November 11, 2022 – Attack
An initial access broker claims to have hacked Deutsche Bank Full Text
Abstract
An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network...Security Affairs
November 11, 2022 – Solution
Microsoft Defender network protection generally available on iOS, Android Full Text
Abstract
Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint (MDE) enterprise endpoint security platform.BleepingComputer
November 11, 2022 – Phishing
New phishing campaign posing as Spain’s Tax Agency Full Text
Abstract
The phishing attempt starts out via a fraudulent SMS that notifies victims of a supposed reimbursement that they qualify for. According to the SMS, all they need to do to receive the reimbursement is to fill out a form on the agency's website.Avast
November 11, 2022 – Malware
Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan Full Text
Abstract
Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices," Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday. "It is also capable of intercepting users' SMS messages and notifications, enabling it to steal one-time passwords and multi-factor authentication requests." The cybersecurity firm said it also found an expense tracker app that exhibited similar behavior, but noted that it couldn't extract the URL used to fetch the malware artifact. The two malicious apps are as follows - Todo: Day manager (com.todo.daymanager) 経費キーパー (com.setprice.expenses) Both the apps function as a dropper, meaning the apps themselves are harmless and are a conduit to retrieve tThe Hacker News
November 11, 2022 – Privacy
Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware Full Text
Abstract
Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat...Security Affairs
November 11, 2022 – Attack
Canadian food retail giant Sobeys hit by Black Basta ransomware Full Text
Abstract
Grocery stores and pharmacies belonging to Canadian food retail giant Sobeys have been experiencing IT systems issues since last weekend.BleepingComputer
November 11, 2022 – Vulnerabilities
Researchers Find Three Vulnerabilities in OpenLiteSpeed Web Server Full Text
Abstract
The Unit 42 research team discovered three different vulnerabilities in the open-source OpenLiteSpeed Web Server. These vulnerabilities also affect the enterprise version, LiteSpeed Web Server.Palo Alto Networks
November 11, 2022 – General
VPN vs. DNS Security Full Text
Abstract
When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let's discuss both. VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides an encrypted server by redirecting your traffic via a server run by a VPN host. It establishes a protected connection in public networks. It does protect your actions from being seen by your ISP and potential hackers, however, it does not provide full protection and can still let intrusions happen. Worth noting, VPN does gain access to restricted resources in your region, but bear in mind, it might be collecting your personal data. This problem relates mostly to free and cheap VPN services. In addition to that, VPNs, depending on their type, can proxy requests or not. Most of the free ones do not even encrypt your data. According to Cybernews, last year 20 million emails and otheThe Hacker News
November 11, 2022 – Policy and Law
Man charged for role in LockBit ransomware operation Full Text
Abstract
The U.S. DoJ charged a Russian-Canadian national for his alleged role in LockBit ransomware attacks against organizations worldwide. The U.S. Department of Justice (DoJ) charged Mikhail Vasiliev, a dual Russian and Canadian national, for his alleged...Security Affairs
November 11, 2022 – Criminals
U.S. seized 18 web domains used for recruiting money mules Full Text
Abstract
The FBI and U.S. Postal Inspection Service have seized eighteen web domains used to recruit money mules for work-from-home and reshipping scams.BleepingComputer
November 11, 2022 – Phishing
Scammers pretend to be financial regulators Full Text
Abstract
Kaspersky uncovered two separate scams in which cybercriminals impersonate financial regulators investigating fraud. Under this pretext, they extract an array of personal information from their hapless victims.Kaspersky Lab
November 11, 2022 – Vulnerabilities
Multiple High-Severity Flaw Affect Widely Used OpenLiteSpeed Web Server Software Full Text
Abstract
Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report. OpenLiteSpeed , the open source edition of LiteSpeed Web Server, is the sixth most popular web server, accounting for 1.9 million unique servers across the world. The first of the three flaws is a directory traversal flaw ( CVE-2022-0072 , CVSS score: 5.8), which could be exploited to access forbidden files in the web root directory. The remaining two vulnerabilities ( CVE-2022-0073 and CVE-2022-0074 , CVSS scores: 8.8) relate to a case of privilege escalation and command injection, respectively, that could be chained to achieve privileged code execution. "A threat actor who managedThe Hacker News
November 11, 2022 – Vulnerabilities
Researcher received a $70k award for a Google Pixel lock screen bypass Full Text
Abstract
Google fixed a high-severity security bug affecting all Pixel smartphones that can allow attackers to unlock the devices. Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited...Security Affairs
November 11, 2022 – Malware
New BadBazaar Android malware linked to Chinese cyberspies Full Text
Abstract
A previously undocumented Android spyware tool named 'BadBazaar' has been discovered targeting ethnic and religious minorities in China, most notably the Uyghurs in Xinjiang.BleepingComputer
November 11, 2022 – Vulnerabilities
Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products Full Text
Abstract
Cisco this week announced the release of patches for multiple vulnerabilities impacting enterprise firewall products running Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software.Security Week
November 11, 2022 – General
New Updates for ESET’s Advanced Home Solutions Full Text
Abstract
It's no secret that antivirus software is as essential to your computer as a power cord. However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email. ESET's latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are built with ESET's signature light footprint for gaming, browsing, shopping and socializing with no interruptions or slowdowns. Introducing enhanced security for Windows, Mac and Android For more than 30 years, ESET® has created industry-leading IT security software and services, protecting businesses worldwide from ever-evolving digital threats. ESET's solutions for consumers use the same advanced technologies. By protecting your digital life, ESET delivers real-world protection against criminals trying to steal your identity, hack your bank account or lock down your comThe Hacker News
November 11, 2022 – APT
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine Full Text
Abstract
Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. In Mid-October, Microsoft Threat Intelligence Center (MSTIC) researchers uncovered previously undetected ransomware, tracked as Prestige...Security Affairs
November 11, 2022 – Vulnerabilities
Microsoft confirms gaming performance issues on Windows 11 22H2 Full Text
Abstract
Microsoft is working on a fix for a new known issue behind lower-than-expected performance or stuttering in some games on systems running Windows 11 22H2.BleepingComputer
November 11, 2022 – Vulnerabilities
CSRF in Plesk API enabled privilege escalation Full Text
Abstract
The REST API of Plesk was vulnerable to client-side request forgery (CSRF), which could lead to multiple potential attacks, including malicious file upload and privilege escalation.The Daily Swig
November 11, 2022 – Policy and Law
Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks Full Text
Abstract
The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world. The 33-year-old Ontario resident, Mikhail Vasiliev , has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of five years in prison. Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands, according to a criminal complaint filed in the District of New Jersey. A search of the defendant's home in August and October 2022 by Canadian law enforcement unearthed a file stored on a device containing what's suspected to be a list of "prospective or historical" victims as well as screenshots of communications exchanged with "LockBitSupp" on the Tox messaging platform. Also found were a text file with instructions to deploy LockBit ransomware, the malware'The Hacker News
November 11, 2022 – Outage
Royal Mail down: Tracking unavailable as outage exceeds 24 hours Full Text
Abstract
Royal Mail, UK's leading mail and parcel delivery service, has been experiencing ongoing outages with its online tracking services down for more than 24 hours at the time of writing.BleepingComputer
November 11, 2022 – Criminals
‘We know who you are’: Australian police say Russian cybercriminals behind Medibank hack Full Text
Abstract
The Australian federal police say hackers in Russia are responsible for the Medibank data breach, with the commissioner stating “we know who you are”. Reece Kershaw said on Friday that the AFP had identified the hackers while working with Interpol.The Guardian
November 11, 2022 – Attack
Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland Full Text
Abstract
Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group . The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place within an hour of each other across all victims. The Microsoft Threat Intelligence Center (MSTIC) is now tracking the threat actor under its element-themed moniker Iridium (née DEV-0960), citing overlaps with Sandworm (aka Iron Viking, TeleBots, and Voodoo Bear). "This attribution assessment is based on forensic artifacts, as well as overlaps in victimology, tradecraft, capabilities, and infrastructure, with known Iridium activity," MSTIC said in an update. The company also further assessed the group to have orchestrated compromise activity targeting many of the Prestige vicThe Hacker News
November 11, 2022 – Outage
County offices across Arkansas working without computers during possible breach Full Text
Abstract
Across Arkansas, many county government employees were working without computers on Wednesday after a Rogers-based information technology company told them to shut down computer servers because of a possible security breach.Arkansas Democrat Gazette
November 10, 2022 – Vulnerabilities
Microsoft fixes Windows zero-day bug exploited to push malware Full Text
Abstract
Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers.BleepingComputer
November 10, 2022 – Phishing
Phishing drops IceXLoader malware on thousands of home, corporate devices Full Text
Abstract
A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware.BleepingComputer
November 10, 2022 – Hacker
Conti Affiliates BlackByte and Black Basta Rotating Targets Full Text
Abstract
The threat ecosystem of Conti is growing stronger day by day. And, it can be evidenced by the recent findings about how it is drifting away from U.S. targets to target NATO-affiliated countries in Europe. Conti is forming new allies, developing new tools and techniques, and actively hacking critica ... Read MoreCyware Alerts - Hacker News
November 10, 2022 – Attack
Warning: New Massive Malicious Campaigns Targeting Top Indian Banks’ Customers Full Text
Abstract
Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers," Trend Micro said in a report published this week. Some of the targeted banks include Axis Bank, ICICI Bank, and the State Bank of India (SBI), among others. The infection chains all have a common entry point in that they rely on SMS messages containing a phishing link that urge potential victims to enter their personal details and credit card information to supposedly get a tax refund or gain credit card reward points. The smishing attacks, which deliver Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy, are just the latest in a series of similar rewards-themed malware campaigns that have been documented by Microsoft, Cyble , and KThe Hacker News
November 10, 2022 – General
The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability? Full Text
Abstract
The recent introduction of the Securing Open Source Software Act, and its subsequent momentum, has stoked a debate about the true reason for the open source security problem and the merits of different solutions.Lawfare
November 10, 2022 – Vulnerabilities
Apple out-of-band patches fix remote code execution bugs in iOS and macOS Full Text
Abstract
Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library. Apple released out-of-band patches for iOS and macOS to address two code execution flaws, tracked as CVE-2022-40303 and CVE-2022-40304,...Security Affairs
November 10, 2022 – Vulnerabilities
Microsoft fixes MoTW zero-day used to drop malware via ISO files Full Text
Abstract
Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers.BleepingComputer
November 10, 2022 – Malware
Spymax RAT Targets Indian Defense Personnel Full Text
Abstract
Threat actors are using a malicious Android installation package and the Spymax RAT variant to target Indian defense personnel. The RAT imitates the Adobe Reader app. The campaign has been going on for more than a year and researchers have still not been able to attribute it to any threat actor. Th ... Read MoreCyware Alerts - Hacker News
November 10, 2022 – Vulnerabilities
Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones’ Lock Screens Full Text
Abstract
Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022. "The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user's device," Schütz, who was awarded $70,000 for the lock screen bypass, said in a write-up of the flaw. The problem, per the researcher, is rooted in the fact that lock screen protections are completely defeated when following a specific sequence of steps - Supply incorrect fingerprint three times to disable biometric authentication on the locked device Hot swap the SIM card in the device with an attacker-controlled SIM that has a PIN code set up Enter incorrect SIM pin thricThe Hacker News
November 10, 2022 – Malware
Researchers warn of malicious packages on PyPI using steganography Full Text
Abstract
Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named 'apicolor,' on the Python Package Index (PyPI) that...Security Affairs
November 10, 2022 – Ransomware
US Health Dept warns of Venus ransomware targeting healthcare orgs Full Text
Abstract
The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country's healthcare organizations.BleepingComputer
November 10, 2022 – Criminals
Update: Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million Full Text
Abstract
Continental reported in August that it had been targeted in a cyberattack that resulted in hackers accessing some of its systems. The company said at the time that the attack had been “averted” and that business activities were not affected.Security Week
November 10, 2022 – Malware
Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File Full Text
Abstract
A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files. The package in question, named " apicolor ," was uploaded to the Python third-party repository on October 31, 2022, and described as a "Core lib for REST API," according to Israeli cybersecurity firm Check Point . It has since been taken down . Apicolor, like other rogue packages detected recently, harbors its malicious behavior in the setup script used to specify metadata associated with the package, such as its dependencies. This takes the form of a second package called "judyb" as well as a seemingly harmless PNG file ("8F4D2uF.png") hosted on Imgur, an image-sharing service. "The judyb code turned out to be a steganography module, responsible [for] hiding and revealing hidden messages inside pictures," Check Point explained. The attack chain entails using the judyThe Hacker News
November 10, 2022 – Vulnerabilities
A bug in ABB Totalflow flow computers exposed oil and gas companies to attack Full Text
Abstract
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow...Security Affairs
November 10, 2022 – Hacker
Russian military hackers linked to ransomware attacks in Ukraine Full Text
Abstract
A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group.BleepingComputer
November 10, 2022 – APT
APT41’s New Subgroup Earth Longzhi Targets East and Southeast Asia Full Text
Abstract
Both campaigns by the group used spear-phishing emails as the primary entry vector to deliver its malware. It embeds the malware in a password-protected archive or shares a link to download it, luring the victim with information about a person.Trend Micro
November 10, 2022 – General
Is Cybersecurity Awareness Month Anything More Than PR? Full Text
Abstract
Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: The public, by taking action to stay safe online. Professionals, by joining the cyber workforce. Cyber industry partners, as part of the cybersecurity solution. CISA outlined four "things you can do" to stay safe online for individuals and families, including updating their software, thinking before they click, using strong passwords, and enabling multifactor authentication on sensitive accounts. The industry has been teaching security tips to employees and the public for a long time. With so much repetitive media and education on cyber awareness in the rearview mirror, the returning October focus weighs on many. Here's a roundup of reactions to cyber month and traction from this year's themes and messaging which should tell us if there'sThe Hacker News
November 10, 2022 – APT
APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity Full Text
Abstract
Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in early 2022 responded to an incident where the Russia-linked APT29 group (aka SVR group, Cozy...Security Affairs
November 10, 2022 – Hacker
Worok hackers hide new malware in PNGs using steganography Full Text
Abstract
A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms.BleepingComputer
November 10, 2022 – Business
BOXX Insurance acquires Templarbit to strengthen cyber risk protection for businesses Full Text
Abstract
BOXX Insurance has acquired Templarbit, a cyber threat intelligence platform that makes it simpler for businesses to stay ahead of digital threats. With teams in Palo Alto and Los Angeles, Templarbit was founded by Bjoern Zinssmeister in 2017.Help Net Security
November 10, 2022 – Vulnerabilities
Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products Full Text
Abstract
Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations. CVE-2022-27510 - Unauthorized access to Gateway user capabilities CVE-2022-27513 - Remote desktop takeover via phishing CVE-2022-27516 - User login brute-force protection functionality bypass The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws - Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47 Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12 Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 Citrix ADC 12.1-FIPS before 12.1-55.289 Citrix ADC 12.1-NDcPP before 12.1-55.289 Exploitation, howeThe Hacker News
November 10, 2022 – Vulnerabilities
Lenovo warns of flaws that can be used to bypass security features Full Text
Abstract
Lenovo fixed two high-severity flaws impacting various laptop models that could allow an attacker to deactivate UEFI Secure Boot. Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook,...Security Affairs
November 10, 2022 – Business
Kaspersky to kill its VPN service in Russia next week Full Text
Abstract
Kaspersky is stopping the operation and sales of its VPN product, Kaspersky Secure Connection, in the Russian Federation, with the free version to be suspended as early as November 15, 2022.BleepingComputer
November 10, 2022 – Government
No Cyberattacks Affected US Vote Counting, Officials Say Full Text
Abstract
No instances of digital interference are known to have affected the counting of the midterm vote after a tense Election Day in which officials were closely monitoring domestic and foreign threats.Security Week
November 10, 2022 – Vulnerabilities
High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies Full Text
Abstract
Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers . "Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code," industrial security company Claroty said in a report shared with The Hacker News. ABB, a Swedish-Swiss industrial automation firm, has since released firmware updates as of July 14, 2022, following responsible disclosure. Flow computers are special-purpose electronic instruments used by petrochemical manufacturers to interpret data from flow meters and calculate and record the volume of substances such as natural gas, crude oils, and other hydrocarbon fluids at a specific point in time. ThThe Hacker News
November 10, 2022 – Government
FBI warns scammers now impersonate refund payment portals Full Text
Abstract
The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy.BleepingComputer
November 10, 2022 – Breach
Attackers Compromise 15,000 Sites for Massive Google SEO Poisoning Campaign Full Text
Abstract
These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. PublicWWW results show nearly 15,000 websites have been affected by this malware so far.Sucuri
November 10, 2022 – General
Re-Focusing Cyber Insurance with Security Validation Full Text
Abstract
The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump Strauss Hauer & Feld LLP's law firm clients, for example, reported a three-fold increase in insurance rates, and carriers are making "a huge pullback" on coverage limits in the past two years. Their cybersecurity practice co-head, Michelle Reed, adds, "The reduced coverage amount can no longer shield policyholders from cyber losses. A $10 million policy can end up with a $150,000 limit on cyber frauds." The cyber-insurance situation is so concerning that the U.S. Treasury Department recently issued a request for public input on a potential federal cyber-insurance response program. This request is in addition to the assessment led conjointly by the Federal InsuraThe Hacker News
November 10, 2022 – Criminals
Ukraine arrests fraud ring members who made €200 million per year Full Text
Abstract
Ukraine's cyber police and Europol have identified and arrested five key members of an international investment fraud ring estimated to have caused losses of over €200 million per year.BleepingComputer
November 10, 2022 – Denial Of Service
Mississippi election websites knocked out by DDoS attack Full Text
Abstract
Several Mississippi state websites were knocked offline during Tuesday’s midterm election in what was the most significant digital disruption of the day, though a federal official warned that more could be on the way as ballots are counted.The Record
November 10, 2022 – Criminals
Russian LockBit ransomware operator arrested in Canada Full Text
Abstract
Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide.BleepingComputer
November 10, 2022 – Phishing
An $8 mess — Twitter Blue ‘verified’ accounts push crypto scams Full Text
Abstract
Twitter has officially rolled out its Twitter Blue program for an $8 monthly fee that confers upon the Tweeter multiple benefits, including the much-sought blue badge. But, all this has led to its own set of problems, such as threat actors now impersonating famous people and still being granted a "verified" status.BleepingComputer
November 09, 2022 – Malware
New StrelaStealer malware steals your Outlook, Thunderbird accounts Full Text
Abstract
A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients.BleepingComputer
November 9, 2022 – Vulnerabilities
SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5 Full Text
Abstract
German software maker SAP announced the release of nine new security notes on its November 2022 Security Patch Day, including two notes addressing critical bugs in BusinessObjects and SAPUI5.Security Week
November 09, 2022 – APT
APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network Full Text
Abstract
The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up. APT29, a Russian espionage group also called Cozy Bear, Iron Hemlock, and The Dukes, is known for its intrusions aimed at collecting intelligence that align with the country's strategic objectives. It's believed to be sponsored by the Foreign Intelligence Service (SVR). Some of the adversarial collective's cyber activities are tracked publicly under the moniker Nobelium , a threat cluster responsible for the widespread supply chain compromise through SolarWinds software in December 2020. The Google-owned threat intelligence and incident response firm sThe Hacker News
November 9, 2022 – Hacker
Surveillance vendor exploited Samsung phone zero-days Full Text
Abstract
Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that...Security Affairs
November 09, 2022 – Policy and Law
Couple sentenced to prison for trying to sell nuclear warship secrets Full Text
Abstract
A Navy nuclear engineer and his wife were sentenced to over 19 years and more than 21 years in prison for attempting to sell nuclear warship design secrets to what they believed was a foreign power agent.BleepingComputer
November 9, 2022 – Vulnerabilities
Intel, AMD Address Many Vulnerabilities With Patch Tuesday Advisories Full Text
Abstract
Intel has published 24 new advisories covering more than 50 vulnerabilities affecting the chip giant’s products. AMD has published four new advisories describing a total of 10 vulnerabilities.Security Week
November 09, 2022 – Attack
Several Cyber Attacks Observed Leveraging IPFS Decentralized Network Full Text
Abstract
A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. The research mirrors similar findings from Trustwave SpiderLabs in July 2022, which found more than 3,000 emails containing IPFS phishing URLs as an attack vector, calling IPFS the new "hotbed" for hosting phishing sites. IPFS as a technology is both resilient to censorship and takedowns, making it a double-edged sword. Underlying it is a peer-to-peer (P2P) network which replicates content across all participating nodes so that even if content is removed from one machine, requests for the resources can still be served via other systems. This also makes it ripe for abuThe Hacker News
November 9, 2022 – Malware
Experts observed Amadey malware deploying LockBit 3.0 Ransomware Full Text
Abstract
Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on...Security Affairs
November 09, 2022 – Hacker
New hacking group uses custom ‘Symatic’ Cobalt Strike loaders Full Text
Abstract
A previously unknown Chinese APT (advanced persistent threat) hacking group dubbed 'Earth Longzhi' targets organizations in East Asia, Southeast Asia, and Ukraine.BleepingComputer
November 9, 2022 – Government
US Department of Health and Human Services Warns of Iranian Threats to Healthcare Sector Full Text
Abstract
The Department of Health and Human Services' Health Sector Cybersecurity Coordinating Center in a Thursday threat briefing says Tehran-backed hackers often rely on social engineering to penetrate targets that include hospitals.Bank Info Security
November 09, 2022 – Botnet
Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network Full Text
Abstract
The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject arbitrary JavaScript code, mine crypto, and even enlist the host to carry out DDoS attacks. The extension "not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device," Zimperium researcher Nipun Gupta said in a new report. The JavaScript botnet isn't distributed via Chrome Web Store or Microsoft Edge Add-ons, but rather through fake executables and rogue websites disguised as Adobe Flash Player updates. Once installed, the extension is designed to inject a JavaScrThe Hacker News
November 9, 2022 – Vulnerabilities
Microsoft Patch Tuesday updates fix 6 actively exploited zero-days Full Text
Abstract
Microsoft Patch Tuesday updates for November 2022 addressed 64 vulnerabilities, including six actively exploited zero-days. Microsoft Patch Tuesday updates for November 2022 addressed 64 new vulnerabilities in Microsoft Windows and Windows Components;...Security Affairs
November 09, 2022 – Attack
15,000 sites hacked for massive Google SEO poisoning campaign Full Text
Abstract
Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.BleepingComputer
November 9, 2022 – Government
Pentagon to unveil zero-trust cyber strategy Full Text
Abstract
The U.S. Department of Defense’s zero-trust strategy will be published in the coming days, giving the public a fresh look at its plan to achieve a new level of cybersecurity.C4ISRNET
November 09, 2022 – General
Top 5 API Security Myths That Are Crushing Your Business Full Text
Abstract
There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bear financial losses. But there are other consequences too: Reputational damage Customer attrition Loss of customer trust Difficulty in acquiring new customers Legal costs Massive fines and penalties for non-compliance In this article, we will debunk the top 5 myths about securing APIs Secure APIs Better: Top 5 API Security Myths Demystified Myth 1: API Gateways, Existing IAM Tools, and WAFs are Enough to Secure API Reality: These aren't enough to secure your APIs. They are layers in API security. They need to be part of a larger security solution. API gateways monitor endpoints. They provide visibility into API usage. They offer some level of access control and rate-lThe Hacker News
November 9, 2022 – Vulnerabilities
VMware fixes three critical flaws in Workspace ONE Assist Full Text
Abstract
VMware address three critical bugs in the Workspace ONE Assist solution that allow remote attackers to bypass authentication and elevate privileges. VMware has released security updates to address three critical vulnerabilities impacting the Workspace...Security Affairs
November 09, 2022 – Breach
Medibank warns customers their data was leaked by ransomware gang Full Text
Abstract
Australian health insurance giant Medibank has warned customers that the ransomware group behind last month's breach has started to leak data stolen from its systems.BleepingComputer
November 9, 2022 – Breach
US States Announce $16M Settlement With Experian, T-Mobile Over Data Breaches Full Text
Abstract
Authorities in 40 US states have reached a settlement totaling more than $16 million with Experian and T-Mobile over data breaches suffered by the companies in 2012 and 2015.Security Week
November 09, 2022 – Malware
New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide Full Text
Abstract
An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said it uncovered a version of the trojan written in the Nim programming language with the goal of evading analysis and detection. "While the version discovered in June (v3.0) looked like a work-in-progress, we recently observed a newer v3.3.3 loader which looks to be fully functionable and includes a multi-stage delivery chain," Natalie Zargarov, cybersecurity researcher at Minerva Labs, said in a report published Tuesday. IceXLoader is traditionally distributed through phishing campaigns, with emails containing ZIP archives functioning as a trigger to deploy the malwarThe Hacker News
November 09, 2022 – Vulnerabilities
Lenovo fixes flaws that can be used to disable UEFI Secure Boot Full Text
Abstract
Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot.BleepingComputer
November 9, 2022 – Hacker
Justice Blade Group Targets Saudi Arabian Giants Full Text
Abstract
Justice Blade threat actor released data from outsourcing IT vendor Smart Link BPO Solutions. The vendor works with relatively bigger organizations and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC. It is said that cybercriminals may have stolen CRM records, pers ... Read MoreCyware Alerts - Hacker News
November 09, 2022 – Vulnerabilities
VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software Full Text
Abstract
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application. CVE-2022-31686 has been described by the virtualization services provider as a "broken authentication method" vulnerability, and CVE-2022-31687 as a "Broken Access Control" flaw. "A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application," VMware said in an advisory for CVE-2022-31686 and CVE-202The Hacker News
November 9, 2022 – General
Cloud computing is booming, but these are the challenges that lie ahead Full Text
Abstract
IT and business leaders appear to finally be waking up to the fact that cybersecurity needs to be built into every business decision, particularly now that much of their day-to-day work is being conducted off-premises by distributed teams.ZDNet
November 09, 2022 – Vulnerabilities
Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days Full Text
Abstract
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately addressed at the start of the month is an actively exploited flaw in Chromium-based browsers ( CVE-2022-3723 ) that was plugged by Google as part of an out-of-band update late last month. "The big news is that two older zero-day CVEs affecting Exchange Server, made public at the end of September, have finally been fixed," Greg Wiseman, product manager at Rapid7, said in a statement shared with The Hacker News. "Customers are advised to update their Exchange Server systems immediately, regardless of whether any previously recommended mitigation steps have been appliedThe Hacker News
November 9, 2022 – Malware
Malicious Chrome Extension Steals Information and Drops Cloud9 Botnet Full Text
Abstract
Zimperium discovered a malicious browser extension, which not only steals the information available during the browser session but can also install malware on a user’s device and subsequently assume control of the entire device.Zimperium
November 08, 2022 – Ransomware
LockBit affiliate uses Amadey Bot malware to deploy ransomware Full Text
Abstract
A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices.BleepingComputer
November 8, 2022 – APT
APT36 Targets Indian Government Employees with Limepad Full Text
Abstract
A new malware campaign by Pakistan-linked Transparent Tribe was found targeting Indian government entities with trojanized strains of a 2FA solution, named Kavach. APT-36 has registered several domains spoofing Indian government organization sites to launch credential harvesting and phishing attack ... Read MoreCyware Alerts - Hacker News
November 08, 2022 – Botnet
Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines Full Text
Abstract
The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a new report published today. Amadey, first discovered in 2018, is a "criminal-to-criminal (C2C) botnet infostealer project," as described by the BlackBerry Research and Intelligence Team, and is offered for purchase on the criminal underground for as much as $600. While its primary function is to harvest sensitive information from the infected hosts, it further doubles up as a channel to deliver next-stage artifacts. Earlier this July, it was spread using SmokeLoader , a malware with not-so-different features like itself. Just last month, ASEC also found the malThe Hacker News
November 8, 2022 – Vulnerabilities
Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw Full Text
Abstract
Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510,...Security Affairs
November 08, 2022 – Malware
Malicious extension lets attackers control Google Chrome remotely Full Text
Abstract
A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks.BleepingComputer
November 8, 2022 – Vulnerabilities
Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug Full Text
Abstract
A critical security vulnerability arising from improper input validation has been addressed in XMLDOM, the JavaScript implementation of W3C DOM for Node.js, Rhino, and browsers.The Daily Swig
November 08, 2022 – Malware
New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader Full Text
Abstract
Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0 , according to an analysis from Cyble. Observed in the wild since circa 2013, SmokeLoader functions as a generic loader capable of distributing additional payloads onto compromised systems, such as information-stealing malware and other implants. In July 2022, it was found to deploy a backdoor called Amadey . Cyble said it discovered over 180 samples of the Laplas since October 24, 2022, suggesting a wide deployment. Clippers, also called ClipBankers, fall under a category of malware that Microsoft calls cryware , which are designed to steal crypto by keeping close tabs on a victim's clipboard activity and swapping the original wallet adThe Hacker News
November 8, 2022 – Malware
SmokeLoader campaign distributes new Laplas Clipper malware Full Text
Abstract
Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon...Security Affairs
November 08, 2022 – Vulnerabilities
VMware fixes three critical auth bypass bugs in remote access tool Full Text
Abstract
VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin.BleepingComputer
November 8, 2022 – Phishing
Robin Banks Receives Update with New Tools And Evasion Techniques Full Text
Abstract
Robin Banks, of late, has gone through a major transformation. The Phishing-as-a-Service (PhaaS) platform has introduced several new features, including a cookie-stealing capability. Additionally, hackers can now fully access their phishing kit at $1,500 per month. The latest developments sugg ... Read MoreCyware Alerts - Hacker News
November 08, 2022 – Cryptocurrency
U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web Full Text
Abstract
The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion. Additionally recovered were $661,900 in cash, 25 Casascius coins with an approximate value of 174 Bitcoin, and gold- and silver-colored bars. It's also one of the largest cryptocurrency seizures to date, followed by the confiscation of $3.6 billion worth of bitcoin earlier this February tied to the 2016 breach of the Bitfinex crypto exchange. The Justice Department said it conducted the seizure on November 9, 2021, pursuant to a search warrant issued to James Zhong's house located in the U.S. state of Georgia. It also said the keys to the tokens were found in an underground floor safe and on a "single-board computer that was submerged under blankets in a popcorn tThe Hacker News
November 8, 2022 – Attack
Medibank confirms ransomware attack impacting 9.7M customers, but doesn’t pay the ransom Full Text
Abstract
Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as a result of a ransomware attack. Medibank announced that personal data belonging to around 9.7M of current...Security Affairs
November 08, 2022 – Vulnerabilities
Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks Full Text
Abstract
Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild.BleepingComputer
November 8, 2022 – Vulnerabilities
Siemens Addresses Critical Vulnerabilities; Schneider Electric Also Issues One Advisory Full Text
Abstract
Siemens and Schneider Electric have released their Patch Tuesday advisories for November 2022. Siemens has released nine new security advisories covering a total of 30 vulnerabilities, but Schneider has only published one new advisory.Security Week
November 08, 2022 – General
5 Reasons to Consolidate Your Tech Stack Full Text
Abstract
The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing. A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending heading into 2023, while Gartner recently projected that 2022 IT spending will only grow by 3%, down from a 10% growth rate the year before. We're already seeing businesses making cuts and freezing budgets. And smaller organizations that already have limited budgets are more vulnerable than ever. While we are still dealing with the unknown, one thing is clear: even as the economy slows down, security threats don't. But there's hope. A new eBook illuminates how one solution can not only help increase security operations efficiency but also provide economic safeguards for security teams that are already strapped for cash. What is the solution? Consolidation. IfThe Hacker News
November 8, 2022 – Criminals
US DoJ seizes $3.36B Bitcoin from Silk Road hacker Full Text
Abstract
The U.S. Department of Justice condemned James Zhong, a hacker who stole 50,000 bitcoins from the Silk Road dark net marketplace. The US Department of Justice announced that a man from Georgia, James Zhong, has pleaded guilty to wire fraud after stealing...Security Affairs
November 08, 2022 – Vulnerabilities
Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws Full Text
Abstract
Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.BleepingComputer
November 8, 2022 – Vulnerabilities
Google Patches High-Severity Privilege Escalation Vulnerabilities in Android Full Text
Abstract
The first part of the update, the ‘2022-11-01 patch level’, includes fixes for 17 security defects, 12 of which could lead to escalation of privilege (EoP), three to denial of service (DoS), and two leading to information disclosure.Security Week
November 08, 2022 – Vulnerabilities
Citrix urges admins to patch critical ADC, Gateway auth bypass Full Text
Abstract
Citrix is urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway.BleepingComputer
November 8, 2022 – Vulnerabilities
Prototype pollution bug exposed Ember.js applications to XSS Full Text
Abstract
A prototype pollution bug in the JavaScript framework for building Node.js web applications could potentially allow attackers to stage cross-site scripting (XSS) attacks and steal user information.The Daily Swig
November 08, 2022 – Policy and Law
Influencer ‘Hushpuppi’ gets 11 years in prison for cyber fraud Full Text
Abstract
An Instagram influencer known as 'Hushpuppi' has been sentenced to 11 years in prison for conspiring to launder tens of millions of USD from business email compromise (BEC) scams and various cyber schemes.BleepingComputer
November 8, 2022 – Outage
Cyberattack Causes Disruptions at Canadian Meat Giant Maple Leaf Foods Full Text
Abstract
Maple Leaf Foods said it has executed business continuity plans and that work is underway to restore the impacted systems. However, the company expects further operational and service disruptions, saying that restoration efforts take time.Security Week
November 08, 2022 – Privacy
Enhance your privacy with this second phone number app deal Full Text
Abstract
Protecting your privacy while staying in touch can be a difficult problem to solve. This second-phone app helps you solve it with a lifetime subscription for $24.99, 83% off the $150 MSRP.BleepingComputer
November 8, 2022 – Business
Worldr raises $11m to let businesses control their messaging data Full Text
Abstract
Worldr has secured $11 million in a seed funding round led by Molten Ventures for its messaging data sovereignty software that integrates with Microsoft Teams, Slack, and WhatsApp.UKTN
November 8, 2022 – Business
Beosin, a leading blockchain security firm, announces $20M Series A strategic financing Full Text
Abstract
Beosin, a leading blockchain security service provider, has recently closed a $20-million strategic financing round participated by prominent industry investors and existing shareholders.Coin Telegraph
November 07, 2022 – Ransomware
Azov Ransomware is a wiper, destroying data 666 bytes at a time Full Text
Abstract
The Azov Ransomware continues to be heavily distributed worldwide, now proven to be a data wiper that intentionally destroys victims' data and infects other programs.BleepingComputer
November 7, 2022 – Malware
SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders Full Text
Abstract
Attackers conduct a variety of activities after gaining access through SocGholish, such as system and network reconnaissance, establishing persistence, and deployment of additional tools and malware.Sentinel One
November 07, 2022 – Breach
Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack Full Text
Abstract
Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack , according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not before the attackers exfiltrated the data. "This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers," Medibank noted . Compromised details include names, dates of birth, addresses, phone numbers, and email addresses, as well as Medicare numbers (but not expiry dates) for ahm customers, and passport numbers (but not expiry dates) and visa details for international student customers. It further said the incident resulted in the theft of health claims data for about 160,000 Medibank cThe Hacker News
November 7, 2022 – General
Quantifying Cyber Conflict: Introducing the European Repository on Cyber Incidents Full Text
Abstract
Statistical data on cyber conflict is lacking. A new dataset by a European research initiative called EuRepoC tries to solve this problem by launching a dashboard to visualize more than 1,400 cyber incidents.Lawfare
November 7, 2022 – Hacker
‘Justice Blade’ Hackers are Targeting Saudi Arabia Full Text
Abstract
Threats actors calling themselves "Justice Blade" published leaked data from an outsourcing IT vendor. The group of threat actors calling themselves 'Justice Blade' published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working...Security Affairs
November 07, 2022 – Criminals
U.S. unmasks hacker who stole 50,000 bitcoins from Silk Road Full Text
Abstract
The U.S. Department of Justice has announced today the conviction of James Zhong, a mysterious hacker who stole 50,000 bitcoins from the 'Silk Road' dark net marketplace.BleepingComputer
November 7, 2022 – Malware
Laplas Clipper - A Feature-Rich Clipper With Sophisticated Tactics Full Text
Abstract
Cryptocurrency users worldwide are under attack with the novel Laplas Clipper clipboard stealer, which is being delivered through Smoke Loader and Raccoon Stealer 2.0. Laplas actively monitors the victim’s clipboard activity and replaces the wallet address with a lookalike wallet address during the ... Read MoreCyware Alerts - Hacker News
November 07, 2022 – General
This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others Full Text
Abstract
Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool , which is buried inside a Help Center page about " Friending ," was first reported by Business Insider last week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws." An Internet Archive search via the Wayback Machine shows that the option has been available since at least May 29, 2022. When users sync the contact lists on their devices with Facebook (or any other service), it's worth pointing out the privacy violation , which stems from the fact that those contacts didn't explicitly consent to the upload. "Someone may have uploaded their address book to Facebook, Messenger or Instagram with your contact information in it," Facebook notes in the page. "You can ask us to confirm whetherThe Hacker News
November 7, 2022 – Phishing
Robin Banks phishing-as-a-service platform continues to evolve Full Text
Abstract
The phishing-as-a-service (PhaaS) platform Robin Banks migrated its infrastructure to DDoS-Guard, a Russian bulletproof hosting service. The phishing-as-a-service (PhaaS) platform Robin Banks was originally hosted by Cloudflare provider, but the company...Security Affairs
November 07, 2022 – Outage
Maple Leaf Foods suffers outage following weekend cyberattack Full Text
Abstract
Maple Leaf Foods confirmed on Sunday that it experienced a cybersecurity incident causing a system outage and disruption of operations.BleepingComputer
November 7, 2022 – Vulnerabilities
China likely is stockpiling vulnerabilities, says Microsoft Full Text
Abstract
Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities.The Register
November 07, 2022 – Breach
Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data Full Text
Abstract
Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022. The Berlin-based cybersecurity firm said it started an investigation in the aftermath of a notification sent by GitHub in February 2022 to an unknown number of users about sharing their usernames and private repository names (i.e., GitHub Pages URLs ) to urlscan.io for metadata analysis as part of an automated process. Urlscan.io, which has been described as a sandbox for the web , is integrated into several security solutions via its API . "With the type of integration of this API (for example via a security tool that scans every incoming email and performs a urlscan oThe Hacker News
November 7, 2022 – Vulnerabilities
Water sector in the US and Israel still unprepared to defeat cyber attacks Full Text
Abstract
Expert warns that the US and Israel are still unprepared to defeat a cyber attack against organizations in the water sector. Ariel Stern, a former Israeli Air Force captain, warns that the US and Israel are still unprepared to defeat a cyber attack...Security Affairs
November 07, 2022 – Criminals
Ransomware gang threatens to release stolen Medibank data Full Text
Abstract
A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month's ransomware attack against Australian health insurance provider Medibank Private Limited.BleepingComputer
November 7, 2022 – General
Inside the global hack-for-hire industry Full Text
Abstract
In recent years there has been a trend for computer security firms to pretend to be training “white hat” hackers so their knowledge can be used to protect clients from online attacks. In reality, however, they are being readied for the dark side.thebureauinvestigates
November 07, 2022 – Phishing
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server Full Text
Abstract
A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet. Robin Banks was first documented in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services. It was also found to prompt users to enter Google and Microsoft credentials on rogue landing pages, suggesting an attempt on part of the malware authors to monetize initial access to corporate networks for post-exploitation activities such as espionage and ransomware. In recent months, Cloudflare's decision to blocklist its infrastructThe Hacker News
November 7, 2022 – Government
UK NCSC govt agency is scanning the Internet for flawed devices in the UK Full Text
Abstract
The UK National Cyber Security Centre (NCSC) announced that is scanning all Internet-exposed devices hosted in the UK for vulnerabilities. The United Kingdom's National Cyber Security Centre (NCSC) is scanning all Internet-exposed devices hosted in the United...Security Affairs
November 7, 2022 – Breach
Australian real estate agency Harcourts suffers a data breach Full Text
Abstract
Australian real estate agency Harcourts has revealed it was affected by a cyberattack last month, with the personal information of tenants, landlords, and tradespeople potentially exposed.SBS News
November 7, 2022 – Breach
Data Breach at IT Support Firm May Impact Health Records of Thousands of School Students in Victoria Full Text
Abstract
Thousands of Victorian students and their families may have had personal data including medical information stolen after a technology company that has contracts with the Victorian government was hacked.The Age
November 7, 2022 – Criminals
LockBit 3.0 Claims to Have Stolen Data From Kearney & Company, Demands $2 Million in Ransom Full Text
Abstract
Kearney & Company was added to the list of victims of the LockBit 3.0 group on November 05, the gang is threatening to publish stolen data by November 26, 2022, if the company will not pay the ransom.Security Affairs
November 7, 2022 – Phishing
Outmaneuvering cybercriminals by recognizing mobile phishing threats’ telltale markers Full Text
Abstract
In 2022, we are dealing with a different breed of hacker. They aren’t just targeting sub-optimal phone security or taking advantage of exploitable systems – they understand the end user (you and me). They know how we think and what we’ll do.Help Net Security
November 7, 2022 – Hacker
Microsoft Accuses Chinese State-linked Actors of Abusing Vulnerability Disclosure Requirements Full Text
Abstract
Microsoft on Friday accused state-backed hackers in China of abusing the country’s vulnerability disclosure requirements in an effort to discover and develop zero-day exploits.The Record
November 7, 2022 – Attack
Australia: LockBit ransomware gang hits Melbourne school Kilvington Grammar Full Text
Abstract
Data exfiltrated from independent co-educational Baptist institution Kilvington Grammar School by the LockBit ransomware gang has been posted on the dark web on October 14. LockBit only attacks Windows systems.IT Wire
November 7, 2022 – Phishing
Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks Full Text
Abstract
Researchers uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims. Microsoft's Dynamics 365 Customer Voice product allows organizations to gain customer feedback, it is used to conduct customer satisfaction...Security Affairs
November 6, 2022 – Criminals
LockBit 3.0 gang claims to have stolen data from Kearney & Company Full Text
Abstract
The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides...Security Affairs
November 6, 2022 – Outage
A cyberattack blocked the trains in Denmark Full Text
Abstract
At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party...Security Affairs
November 6, 2022 – General
Security Affairs newsletter Round 392 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. 29...Security Affairs
November 05, 2022 – Policy and Law
Microsoft sued for open-source piracy through GitHub Copilot Full Text
Abstract
Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of code authors.BleepingComputer
November 05, 2022 – Malware
Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer Full Text
Abstract
Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer . "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," software supply chain security company Phylum said in a report published this week. The list of offending packages is as follows: typesutil, typestring, sutiltype, duonet, fatnoob, strinfer, pydprotect, incrivelsim, twyne, pyptext, installpy, faq, colorwin, requests-httpx, colorsama, shaasigma, stringe, felpesviadinho, cypress, pystyte, pyslyte, pystyle, pyurllib, algorithmic, oiu, iao, curlapi, type-color, and pyhints. Collectively, the packages have been downloaded more than 5,700 times, with some of the libraries (e.g., twyne and colorsama) relying on typosquatting to trick unsuspecting usersThe Hacker News
November 05, 2022 – Vulnerabilities
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities Full Text
Abstract
Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report , said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that organizations patch such exploits in a timely manner. This also corroborates with an April 2022 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which found that bad actors are "aggressively" targeting newly disclosed software bugs against broad targets globally. Microsoft noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminatThe Hacker News
November 5, 2022 – Malware
29 malicious PyPI packages spotted delivering the W4SP Stealer Full Text
Abstract
Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers' systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers'...Security Affairs
November 5, 2022 – Vulnerabilities
Zero-day are exploited on a massive scale in increasingly shorter timeframes Full Text
Abstract
Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed...Security Affairs
November 04, 2022 – Government
FBI: Hacktivist DDoS attacks had minor impact on critical orgs Full Text
Abstract
The Federal Bureau of Investigation (FBI) said on Friday that distributed denial-of-service (DDoS) attacks coordinated by hacktivist groups have little to no impact.BleepingComputer
November 4, 2022 – Phishing
Abusing Microsoft Customer Voice to Send Phishing Links Full Text
Abstract
In this attack, hackers are leveraging legitimate links from Microsoft notifications to send credential-harvesting pages. Avanan has seen hundreds of these attacks in the last few weeks.Avanan
November 04, 2022 – Malware
Researchers Detail New Malware Campaign Targeting Indian Government Employees Full Text
Abstract
The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach . "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh said in a Thursday analysis. The cybersecurity company said the advanced persistent threat group has also conducted low-volume credential harvesting attacks in which rogue websites masquerading as official Indian government websites were set up to lure unwitting users into entering their passwords. Transparent Tribe, also known by the monikers APT36, Operation C-Major, and Mythic Leopard, is a suspected Pakistan adversarial collective that has a history of striking Indian and Afghanistan entities. The latest attack chain is not the first time the threat actor has set its sightsThe Hacker News
November 4, 2022 – Malware
RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM Full Text
Abstract
A new campaign spreading RomCom RAT impersonates popular software brands like KeePass, and SolarWinds. The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution. Researchers...Security Affairs
November 04, 2022 – Government
British govt is scanning all Internet devices hosted in UK Full Text
Abstract
The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.BleepingComputer
November 4, 2022 – Outage
Cyber Incident at Boeing Subsidiary Causes Flight Planning Disruptions Full Text
Abstract
Jeppesen, a wholly-owned Boeing subsidiary that provides navigation and flight planning tools, confirmed on Thursday that it is dealing with a cybersecurity incident that has caused some flight disruptions.The Record
November 04, 2022 – General
Your OT Is No Longer Isolated: Act Fast to Protect It Full Text
Abstract
Not too long ago, there was a clear separation between the operational technology (OT) that drives the physical functions of a company – on the factory floor, for example – and the information technology (IT) that manages a company's data to enable management and planning. As IT assets became increasingly connected to the outside world via the internet, OT remained isolated from IT – and the rest of the world. However, the spread of Industrial IoT (IIoT) as well as the need for constant monitoring and tracking information from manufacturing and assembly lines mean the connection between IT and OT systems has greatly expanded. OT is no longer isolated. OT is now just as exposed to the outside world as IT is. What does this mean for OT security, where hard-to-access devices needed for 24/7 production are difficult to patch? Let's take a look. The Air Gap Is Gone Not so long ago, any data exchange between IT and OT operated via a "sneaker net." An operator would pThe Hacker News
November 4, 2022 – General
The 10th edition of the ENISA Threat Landscape (ETL) report is out! Full Text
Abstract
I’m proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report, which...Security Affairs
November 04, 2022 – Phishing
Robin Banks phishing service returns to steal banking accounts Full Text
Abstract
The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks.BleepingComputer
November 4, 2022 – Outage
North Idaho College recovering from cyberattack that led to network shutdown Full Text
Abstract
A community college in Idaho is recovering from a cyberattack that forced the school to shut down its networks temporarily. North Idaho College – established in 1933 – is based in Coeur d’Alene, Idaho and has about 6,000 students.The Record
November 04, 2022 – Government
CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines," CISA said. This includes CVE-2022-3703 (CVSS score: 9.0), a critical flaw that stems from the RAS web portal's inability to verify the authenticity of firmware, thereby making it possible to slip in a rogue package that grants backdoor access to the adversary. Two other flaws relate to a directory traversal bug in the RAS API (CVE-2022-41607, CVSS score: 8.6) and a file upload issue (CVE-2022-40981, CVSS score: 8.3) that can be exploited to read arbitrary files and upload malicious files that can compromise thThe Hacker News
November 4, 2022 – Vulnerabilities
Cisco addressed several high-severity flaws in its products Full Text
Abstract
Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity,...Security Affairs
November 04, 2022 – Phishing
As Twitter brings on $8 fee, phishing emails target verified accounts Full Text
Abstract
As Twitter announces plans to charge users $8 a month for Twitter Blue and verification under Elon Musk's management, BleepingComputer has come across several phishing emails targeting verified users.BleepingComputer
November 4, 2022 – Breach
AstraZeneca password lapse exposed patient data Full Text
Abstract
Pharmaceutical company AstraZeneca has blamed “user error” for leaving a list of credentials unsecured online for more than a year that exposed access to sensitive patient data.Tech Crunch
November 4, 2022 – Outage
Cyberattack on Third-Party IT Service Provider Causes Danish State Railways Trains to Stop Full Text
Abstract
According to Danish broadcaster DR, all trains operated by DSB, the largest train operating company in the country, came to a standstill on Saturday morning and could not resume their journey for several hours.Security Week
November 4, 2022 – Breach
Victims lose $237,000 amid resurgence in SingPost and Singtel phishing scams: Singapore Police Full Text
Abstract
At least 85 people here have lost about $237,000 since January 2022 after falling victim to phishing scams involving purported e-mails from Singapore Post (SingPost) and telco Singtel.Straits Times
November 4, 2022 – Vulnerabilities
Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product Full Text
Abstract
The most severe of these security defects have a CVSS score of 8.8 and are described as remote code execution (RCE), XML external entity (XXE) injection, and reflected cross-site scripting (XSS) bugs.Security Week
November 4, 2022 – Cryptocurrency
36-nation ransomware summit agrees to act on cryptocurrency Full Text
Abstract
The White House's second International Counter Ransomware Initiative summit has concluded, and this year the 36-nation group has made clear it intends to crack down on how cryptocurrencies are used to finance ransomware operations.The Register
November 03, 2022 – Malware
RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam Full Text
Abstract
The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution.BleepingComputer
November 3, 2022 – APT
APT10 Targets Japan with New LODEINFO Backdoor Variant Full Text
Abstract
Chinese hacking group Cicada, aka APT10, was found abusing antivirus software to deploy a new variant of the LODEINFO malware against Japanese organizations. LODEINFO operators have been updating the malware very frequently and continuously, to make it leaner and more efficient. Through LODEINFO, A ... Read MoreCyware Alerts - Hacker News
November 03, 2022 – Hacker
Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers Full Text
Abstract
A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News. Black Basta, which emerged earlier this year, has been attributed to a ransomware spree that has claimed over 90 organizations as of September 2022, suggesting that the adversary is both well-organized and well-resourced. One notable aspect that makes the group stand out, per SentinelOne, is the fact that there have been no signs of its operators attempting to recruit affiliates or advertising the malware as a RaaS on darknet forums or crimeware marketplaces. This has raised the possibility that the Black Basta developers either cut out affiliates from the chain and deploy the ransoThe Hacker News
November 3, 2022 – Criminals
LockBit ransomware gang claims the hack of Continental automotive group Full Text
Abstract
The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit ransomware gang announced to have hacked the German multinational automotive parts manufacturing...Security Affairs
November 03, 2022 – Criminals
New Crimson Kingsnake gang impersonates law firms in BEC attacks Full Text
Abstract
A business email compromise (BEC) group named 'Crimson Kingsnake' has emerged, impersonating well-known international law firms to trick recipients into approving overdue invoice payments.BleepingComputer
November 3, 2022 – Malware
Drinik Malware Now Targets 18 Indian Banks Full Text
Abstract
Cyble researchers found a new version of the Drinik Android trojan targeting 18 Indian banks while posing as the country’s official tax management app. It attempts to steal victims’ banking credentials and personal information. Since 2016, Drinik has been circulating in India and operating as an SM ... Read MoreCyware Alerts - Hacker News
November 03, 2022 – General
Why Identity & Access Management Governance is a Core Part of Your SaaS Security Full Text
Abstract
Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization's data and systems. Since enterprises have thousands to tens of thousands of users, and hundreds to thousands of different apps, ensuring each entrance point and user role is secure is no easy feat. Security teams need to monitor all identities to ensure that user activity meets their organization's security guidelines. Identity and Access Management (IAM) solutions administer user identities and control access to enterprise resources and applications. As identities became the new perimeter, making sure this area is governed by the security team is vital. Gartner has recently named a new security discipline called Identity Threat Detection and Response (ITDR) that incorporates detection mechanisms that investigate suspicious posture chThe Hacker News
November 3, 2022 – Attack
250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack Full Text
Abstract
Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media...Security Affairs
November 03, 2022 – Attack
LockBit ransomware claims attack on Continental automotive giant Full Text
Abstract
The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental.BleepingComputer
November 3, 2022 – Cryptocurrency
Deribit Crypto Derivatives Exchange Halts Withdrawals Amid $28 Million Hot Wallet Hack Full Text
Abstract
According to the information on Deribit’s Telegram chat, trading on Deribit is operating as usual. “Due to our hotwallet policy we were able to limit loss of user funds,” a Deribit support person noted.Coin Telegraph
November 03, 2022 – APT
OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa Full Text
Abstract
A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as high as $30 million. Some of the more recent attacks in 2021 and 2021 have singled out five different banks in Burkina Faso, Benin, Ivory Coast, and Senegal. Many of the victims identified are said to have been compromised twice, and their infrastructure subsequently weaponized to strike other organizations. OPERA1ER, also known by the names DESKTOP-GROUP, Common Raven, and NXSMS, is known to be active since 2016, operating with the goal of conducting financially motivated heists and exfiltration of documents for further use in spear-phishing attacks. "OPERA1ER often operates duringThe Hacker News
November 3, 2022 – Criminals
Experts link the Black Basta ransomware operation to FIN7 cybercrime gang Full Text
Abstract
Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta's TTPs and assess it is highly likely the ransomware operation...Security Affairs
November 03, 2022 – Criminals
OPERA1ER hackers steal over $11 million from banks and telcos Full Text
Abstract
A threat group that researchers call OPERA1ER has stolen at least $11 million from banks and telecommunication service providers in Africa using off-the-shelf hacking tools.BleepingComputer
November 3, 2022 – Vulnerabilities
Gatsby patches SSRF, XSS bugs in Cloud Image CDN Full Text
Abstract
A high-risk bug in the Gatsby Cloud Image CDN service allowed attackers to stage server-side request forgery (SSRF) and cross-site scripting (XSS) attacks against some cloud-hosted Gatsby websites.The Daily Swig
November 03, 2022 – Hacker
Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT Full Text
Abstract
The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. "Given the geography of the targets and the current geopolitical situation, it's unlikely that the RomCom RAT threat actor is cybercrime-motivated," the BlackBerry Threat Research and Intelligence Team said in a new analysis. The latest findings come a week after the Canadian cybersecurity company disclosed a spear-phishing campaign aimed at Ukrainian entities to deploy a remote access trojan called RomCom RAT. The unknown threat actor has also been observed leveraging trojanized variants of Advanced IP Scanner and pdfFiller as droppers to distribute the implant. The latest iteration of the campaign entails setting up decoy lookalike websites with a similar domainThe Hacker News
November 3, 2022 – Privacy
Updated TikTok Privacy Policy confirms that Chinese staff can access European users’ data Full Text
Abstract
TikTok updated its privacy policy for European Economic Area (“EEA”) and confirmed that its Chinese staff can access their users' data. The short-form video-sharing service TikTok updated its privacy policy for European Economic Area...Security Affairs
November 03, 2022 – Outage
ALMA Observatory shuts down operations due to a cyberattack Full Text
Abstract
The Atacama Large Millimeter Array (ALMA) Observatory in Chile has suspended all astronomical observation operations and taken its public website offline following a cyberattack on Saturday, October 29, 2022.BleepingComputer
November 3, 2022 – General
Cybersecurity recovery is a process that starts long before a cyberattack occurs Full Text
Abstract
Organizations that can prove their resiliency and compliance with NIS guidelines – showing that they will be able to recover quickly in the event of an attack – could reduce their risks and their insurance premiums.Help Net Security
November 03, 2022 – General
New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users’ Data Full Text
Abstract
Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China. The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee access to users in the region, minimize data flows outside of it, and store the information locally. The privacy policy update applies to users located in the U.K., the European Economic Area (EEA), and Switzerland, and goes into effect on December 2, 2022, according to The Guardian . "Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, SThe Hacker News
November 3, 2022 – Vulnerabilities
Fortinet fixed 16 vulnerabilities, 6 rated as high severity Full Text
Abstract
Fortinet addressed 16 vulnerabilities in some of the company’s products, six flaws received a ‘high’ severity rate. One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374, in Log pages of FortiADC. The root cause of the issue...Security Affairs
November 03, 2022 – Cryptocurrency
New clipboard hijacker replaces crypto wallet addresses with lookalikes Full Text
Abstract
A new clipboard stealer called Laplas Clipper spotted in the wild is using cryptocurrency wallet addresses that look like the address of the victim's intended recipient.BleepingComputer
November 3, 2022 – Attack
Black Basta Ransomware Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor Full Text
Abstract
SentinelLabs experts analyzed tools used by the ransomware gang in attacks, including some custom tools used for EDR evasion. SentinelLabs believes the developer of these tools is, or was, a developer for the FIN7 gang.Sentinel One
November 03, 2022 – Criminals
Black Basta ransomware gang linked to the FIN7 hacking group Full Text
Abstract
Security researchers at Sentinel Labs have uncovered evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7, also known as "Carbanak."BleepingComputer
November 3, 2022 – General
Chinese Mob Has 100K Slaves Working in Cambodian Cybercrime Mills Full Text
Abstract
Up to 100,000 people from across Asia have been lured to Cambodia by Chinese crime syndicates with the promise of good jobs. When they arrive, their passports are seized and they are put to work in modern-day sweatshops, running cybercrime campaigns.Dark Reading
November 3, 2022 – Government
US Electric Cooperatives Awarded $15 Million to Expand ICS Security Capabilities Full Text
Abstract
The US Department of Energy has awarded $15 million to the National Rural Electric Cooperative Association (NRECA) in an effort to help electric cooperatives expand their cybersecurity capabilities for industrial control systems (ICS).Security Week
November 3, 2022 – Vulnerabilities
India Metro Smart Cards Vulnerable to ‘Free Top-up’ Bug Allowing Free Rides Full Text
Abstract
India’s mass rapid transit systems — or metro, as it’s known locally — rely on commuter smart cards that are apparently vulnerable to exploitation and allow anyone to effectively travel for free.Tech Crunch
November 02, 2022 – Botnet
Emotet botnet starts blasting malware again after 4 month break Full Text
Abstract
The Emotet malware operation is again spamming malicious emails after almost a four-month "vacation" that saw little activity from the notorious cybercrime operation.BleepingComputer
November 02, 2022 – Attack
Hundreds of U.S. news sites push malware in supply-chain attack Full Text
Abstract
The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.BleepingComputer
November 2, 2022 – Breach
API of Website Scan Engine Urlscan.io Unwittingly Leaks Sensitive URLs, Data Full Text
Abstract
In a blog post published today, Positive Security said the urlscan API came to its attention due to an email sent by GitHub in February, warning customers that GitHub Pages URLs had been accidentally leaked via a third party during metadata analysis.The Daily Swig
November 02, 2022 – Vulnerabilities
Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software Full Text
Abstract
Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers. "These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower," SonarSource researcher Stefan Schiller said in a technical analysis. Checkmk's open source edition of the monitoring tool is based on Nagios Core and offers integrations with NagVis for the visualization and generation of topological maps of infrastructures, servers, ports, and processes. According to its Munich-based developer tribe29 GmbH, its Enterprise and Raw editions are used by over 2,000 customers , including Airbus, Adobe, NASA, Siemens, Vodafone, and others. The four vulnerabilities, which consist of two Critical and two Medium severity bugs, are as follows - A code injection flawThe Hacker News
November 2, 2022 – General
Vitali Kremez passed away Full Text
Abstract
I'm deeply saddened by the absurd death of Vitali Kremez, he died during a scuba diving off the coast of Hollywood Beach in Florida Vitali Kremez (36), founder and CEO of AdvIntel, has been found dead after scuba diving off the coast of Hollywood...Security Affairs
November 02, 2022 – Botnet
Emotet botnet starts blasting malware again after 5 month break Full Text
Abstract
The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation.BleepingComputer
November 2, 2022 – General
Where do business continuity plans fit in a ransomware attack? Full Text
Abstract
Recovery isn't the only priority when ransomware hits. Careful planning, training and coordination among IT teams are critical to maintain business continuity during an attack.Tech Target
November 02, 2022 – Phishing
These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites Full Text
Abstract
A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign. The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectively downloaded over one million times. According to Malwarebytes , the websites are designed to generate revenues through pay-per-click ads, and worse, prompt users to install cleaner apps on their phones with the goal of deploying additional malware. The list of apps is as follows - Bluetooth App Sender (com.bluetooth.share.app) - 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices) - 1,000,000+ downloads Driver: Bluetooth, Wi-Fi, USB (com.driver.finder.bluetooth.wifi.usb) - 10,000+ downloads Mobile transfer: smart switch (com.mobile.faster.transfer.smart.switch) - 1,000+ downloads It's no surprise that malicious apps have devised new ways to geThe Hacker News
November 2, 2022 – Malware
4 Malicious apps on Play Store totaled +1M downloads Full Text
Abstract
Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. Malwarebytes researchers discovered four malicious apps uploaded by the same developer (Mobile apps Group) to the official Google Play....Security Affairs
November 02, 2022 – Malware
Dozens of PyPI packages caught dropping ‘W4SP’ info-stealing malware Full Text
Abstract
Researchers have discovered over two dozen Python packages on the PyPI registry that are pushing info-stealing malware.BleepingComputer
November 2, 2022 – General
Why the ideal CISO reporting structure is highest level Full Text
Abstract
CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best.Tech Target
November 02, 2022 – Malware
Inside Raccoon Stealer V2 Full Text
Abstract
Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware collected 50 million credentials. This article will give a quick guide to the latest info stealer's version. What is Raccoon infostealer V2? Raccoon Stealer is a kind of malware that steals various data from an infected computer. It's quite a basic malware, but hackers have made Raccoon popular with excellent service and simple navigation. In 2019, Raccoon infostealer was one of the most discussed malware. In exchange for $75 per week and $200 per month, cybercriminals sold this simple but versatile info stealer as a MaaS. The malware was successful in attacking a number of systems. In March 2022, however, threat authors ceased to operate. An updated version of this malware was rThe Hacker News
November 2, 2022 – Malware
SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority Full Text
Abstract
Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed...Security Affairs
November 02, 2022 – Breach
Vodafone Italy discloses data breach after reseller hacked Full Text
Abstract
Vodafone Italia is sending customers notices of a data breach, informing them that one of its commercial partners, FourB S.p.A., who operates as a reseller of the telco's services in the country, has fallen victim to a cyberattack.BleepingComputer
November 2, 2022 – Breach
Leaked Amazon Prime Video Server Exposed Users Viewing Habits Full Text
Abstract
The exposed database contained 215 million records of pseudonymized viewing data. This includes the name of the movie or show being streamed, the streaming device, and similar internal data such as subscription information and network quality.Hackread
November 02, 2022 – Malware
Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App Full Text
Abstract
A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike . It has not been attributed to any particular threat group. "SandStrike is distributed as a means to access resources about the Bahá'í religion that are banned in Iran," the company noted in its APT trends report for the third quarter of 2022. While the app is ostensibly designed to provide victims with a VPN connection to bypass the ban, it's also configured to covertly siphon data from the victims' devices, such as call logs, contacts, and even connect to a remote server to fetch additional commands. The booby-trapped VPN service, while fully functional, is said to be distributed via a Telegram channel controlled by the adversary. Links to the channel are also advertised on fabricated social media accoThe Hacker News
November 2, 2022 – Breach
Dropbox discloses unauthorized access to 130 GitHub source code repositories Full Text
Abstract
Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories...Security Affairs
November 02, 2022 – Government
U.S. govt employees exposed to mobile attacks from outdated Android, iOS Full Text
Abstract
Roughly half of all Android-based mobile phones used by state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities threat actors can leverage to perform cyberattacks.BleepingComputer
November 2, 2022 – General
Denmark’s Cybersecurity Journey to Becoming the Most Cyber-Secure Country Full Text
Abstract
Denmark is one of the most digitalized countries worldwide, with technologies used in the private and public sectors as well. This means that Denmark is also a target with a generous and attractive attack surface for threat actors.Heimdal Security
November 02, 2022 – Breach
Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories Full Text
Abstract
File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub. "These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team," the company revealed in an advisory. The breach resulted in the access of some API keys used by Dropbox developers as well as "a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors." It, however, stressed that the repositories did not contain source code related to its core apps or infrastructure. Dropbox, which offers cloud storage, data backup, and document signing services, among others, has over 17.37 million paying users and 700 million registered users as of August 2022 . The diThe Hacker News
November 2, 2022 – Vulnerabilities
OpenSSL fixed two high-severity vulnerabilities Full Text
Abstract
The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities,...Security Affairs
November 2, 2022 – Criminals
LockBit 3.0 Ransomware Gang Claims to Have Stolen Data from Thales Full Text
Abstract
Thales was added to the list of victims of the LockBit 3.0 group on October 31, the gang is threatening to publish stolen data by November 7, 2022, if the company will not pay the ransom.Security Affairs
November 01, 2022 – Breach
Dropbox discloses breach after hacker stole 130 GitHub repositories Full Text
Abstract
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.BleepingComputer
November 1, 2022 – Hacker
Cranefly Group Abuses Legitimate IIS Logs To Deliver New Malware Full Text
Abstract
The Cranefly hacker group was spotted leveraging Microsoft IIS to deploy a previously undocumented dropper, named Danfuan, on security tools such as load balancers and SANS arrays. With new custom tools and evasive techniques, Cranefly is maintaining a foothold on compromised servers and focusing o ... Read MoreCyware Alerts - Hacker News
November 01, 2022 – Vulnerabilities
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities Full Text
Abstract
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786 , have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email address. "In a TLS client, this can be triggered by connecting to a malicious server," OpenSSL said in an advisory for CVE-2022-3786. "In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects." OpenSSL is an open source implementation of the SSL and TLS protocols used for secure communication and is baked into several operating systems and a wide range of software. Versions 3.0.0 through 3.0.6 of the library are affected by the new flaws, which has been remediated in version 3.0.7. It's worth noting thaThe Hacker News
November 1, 2022 – Criminals
LockBit 3.0 gang claims to have stolen data from Thales Full Text
Abstract
The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations...Security Affairs
November 01, 2022 – Malware
Malicious Android apps with 1M+ installs found on Google Play Full Text
Abstract
A set of four malicious applications currently available in Google Play, the official store for the Android system, are directing users sites that steal sensitive information or generate 'pay-per-click' revenue for the operators.BleepingComputer
November 1, 2022 – Ransomware
Azov Ransomware - New Data Wiper Frames Security Researchers Full Text
Abstract
A new data wiper strain, dubbed Azov Ransomware, has debuted recently. It is being distributed through pirated software, key generators, and adware bundles. In the ongoing campaign, the wiper operators try to frame some renowned security groups and researchers. The wiper appears to have borrowed it ... Read MoreCyware Alerts - Hacker News
November 01, 2022 – Vulnerabilities
Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB Full Text
Abstract
Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss . "In short, if an attacker had knowledge of a Notebook's 'forwardingId,' which is the UUID of the Notebook Workspace, they would have had full permissions on the Notebook without having to authenticate, including read and write access, and the ability to modify the file system of the container running the notebook," researchers Lidor Ben Shitrit and Roee Sagi said. This container modification could ultimately pave the way for obtaining remote code execution in the Notebook container by overwriting a Python file associated with the Cosmos DB Explorer to spawn a reverse shell. Successful exploitationThe Hacker News
November 1, 2022 – Vulnerabilities
Experts warn of critical RCE in ConnectWise Server Backup Solution Full Text
Abstract
ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise, the vulnerability is an Improper Neutralization of Special Elements...Security Affairs
November 01, 2022 – Vulnerabilities
OpenSSL fixes two high severity vulnerabilities, what you need to know Full Text
Abstract
The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections.BleepingComputer
November 1, 2022 – General
UK: Not enough ransomware victims are reporting attacks, and that’s a problem for everyone Full Text
Abstract
Ransomware continues to be a significant cyber threat to businesses and the general public - but it's difficult to know the true impact of attacks because many victims aren't coming forward to report them.ZDNet
November 01, 2022 – Hacker
Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware Full Text
Abstract
The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda , also called APT10 , Bronze Riverside, Cicada, and Potassium, is a cyber espionage group known for its intrusions against organizations identified as strategically significant to China. The threat actor is believed to have been active since at least 2009. The latest set of attacks, observed between March and June 2022, involve the use of a bogus Microsoft Word file and a self-extracting archive ( SFX ) file in RAR format propagated via spear-phishing emails, leading to the execution of a backdoor called LODEINFO. While the maldoc requires users to enable macros to activate the killchain, the June 2022 campaign was found to drop this method in faThe Hacker News
November 1, 2022 – General
Ransomware activity and network access sales in Q3 2022 Full Text
Abstract
Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity...Security Affairs
November 01, 2022 – Malware
New SandStrike spyware infects Android devices via malicious VPN app Full Text
Abstract
Threat actors are using a newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Persian-speaking Android users.BleepingComputer
November 1, 2022 – Denial Of Service
The New Fodcha DDoS Botnet Adds Extortion Feature to its Arsenal Full Text
Abstract
A new version of the Fodcha DDoS botnet delivers ransom demands directly within DDoS packets used against victims’ networks, revealed Netlab 360. The latest Fodcha version 4 now uses encryption to establish communication with the C2 server and relies on 42 C2 domains to operate 60,000 active bot no ... Read MoreCyware Alerts - Hacker News
November 01, 2022 – Vulnerabilities
Last Years Open Source - Tomorrow’s Vulnerabilities Full Text
Abstract
Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: " given enough eyeballs, all bugs are shallow ." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and everyone to fix bugs, it's pretty safe. But is it? Or is the saying "all bugs are shallow" only true for shallow bugs and not ones that lie deeper? It turns out that security flaws in open source can be harder to find than we thought. Emil Wåreus, Head of R&D at Debricked , took it upon himself to look deeper into the community's performance. As the data scientist he is, he, of course, asked the data: how good is the open source community at finding vulnerabilities in a timely manner ? The thrill of the (vulnerability) hunt Finding open source vulnerabilities is typically done by the maintainers of the open source project, users, auditors, or external securThe Hacker News
November 1, 2022 – Vulnerabilities
Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices Full Text
Abstract
A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected phones. A now-patched vulnerability in the Galaxy Store app for Samsung devices could have potentially triggered remote...Security Affairs
November 01, 2022 – Education
Using Regex to Implement Passphrases in Your Active Directory Full Text
Abstract
Passphrases provide a superior type of password for authentication as they allow you to create strong passwords you can remember. Furthermore, you can use regex (regular expression) to effectively help develop solid passphrases and ensure these do not contain weak elements. Let's see how.BleepingComputer
November 1, 2022 – Business
Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit Full Text
Abstract
Mondelez International and Zurich American Insurance reached a settlement late last week in their multi-year legal battle over the food company’s $100 million claim regarding damage from the NotPetya cyberattack in 2017.The Record
November 01, 2022 – Vulnerabilities
Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution Full Text
Abstract
IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The issue, characterized as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to result in the execution of remote code or disclosure of sensitive information. ConnectWise's advisory notes that the flaw affects Recover v2.9.7 and earlier, as well as R1Soft SBM v6.16.3 and earlier, are impacted by the critical flaw. At its core, the issue is tied to an upstream authentication bypass vulnerability in the ZK open source Ajax web application framework ( CVE-2022-36537 ), which was initially patched in May 2022. "Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover (v2.9.9)," the company said , urging customers to upgrade to SBM v6.16.4 shipped on October 28, 2022. Cybersecurity firm HuntressThe Hacker News
November 01, 2022 – Vulnerabilities
Microsoft fixes critical RCE flaw affecting Azure Cosmos DB Full Text
Abstract
Analysts at Orca Security have found a critical vulnerability affecting Azure Cosmos DB that allowed unauthenticated read and write access to containers.BleepingComputer
November 1, 2022 – Attack
Snatch Ransomware Group Claims to Have Hacked Military Technology Provider HENSOLDT France Full Text
Abstract
The Snatch ransomware group added HENSOLDT France to the list of victims published on its Tor leak site. The group has published a sample of the stolen data (94 MB) as proof of the hack.Security Affairs
November 01, 2022 – Malware
Google ad for GIMP.org served info-stealing malware via lookalike site Full Text
Abstract
Searching for 'GIMP' on Google as recently as last week would show visitors an ad for 'GIMP.org,' the official website of the well known graphics editor, GNU Image Manipulation Program. But clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which was malware.BleepingComputer
November 1, 2022 – Breach
Experian tool exposed partial Social Security numbers, putting customers at risk Full Text
Abstract
An Experian product that allows organizations to verify customers’ identity could be exploited to expose partial Social Security numbers, a researcher found through testing several organizations that use the product.CyberScoop