September, 2022
September 30, 2022 – Ransomware
The Week in Ransomware - September 30th 2022 - Emerging from the Shadows Full Text
Abstract
This week's news primarily revolves around LockBit, BlackMatter, and the rising enterprise-targeting Royal ransomware operation.BleepingComputer
September 30, 2022 – Attack
Update: Vice Society raises ransomware pressure on Los Angeles school district Full Text
Abstract
The threat, which was discovered and published on Twitter by Brett Callow from Emsisoft, effectively gives the Los Angeles school district less than four days to respond. Vice Society did not include any details about the data it plans to publish.Cybersecurity Dive
September 30, 2022 – Malware
New Malware Families Found Targeting VMware ESXi Hypervisors Full Text
Abstract
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access to the hypervisor as well as execute arbitrary commands. The hyperjacking attacks , per the cybersecurity vendor, involved the use of malicious vSphere Installation Bundles ( VIBs ) to sneak in two implants, dubbed VIRTUALPITA and VIRTUALPIE, on the ESXi hypervisors. "It is important to highlight that this is not an external remote code execution vulnerability; the attacker needs admin-level privileges to the ESXi hypervisor before they can deploy malware," Mandiant researchers Alexander Marvi, Jeremy Koppen, Tufail Ahmed, and Jonathan Lepore said in an exhausThe Hacker News
September 30, 2022 – APT
Witchetty APT used steganography in attacks against Middle East entities Full Text
Abstract
A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom's Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously...Security Affairs
September 30, 2022 – Government
CISA: Hackers exploit critical Bitbucket Server flaw in attacks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days.BleepingComputer
September 30, 2022 – Ransomware
Dissecting BlueSky Ransomware Payload Full Text
Abstract
BlueSky is a ransomware firstly spotted in May 2022. The group behind the ransomware doesn’t adopt the double-extortion model and their targets are even normal users because the ransomware has been discovered inside cracks of programs and games.Yoroi
September 30, 2022 – Attack
Cyber Attacks Against Middle East Governments Hide Malware in Windows logo Full Text
Abstract
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty , which is also known as LookingFrog , a subgroup operating under the TA410 umbrella. Intrusions involving TA410 – which is believed to share connections with a Chinese threat group known as APT10 (aka Cicada, Stone Panda, or TA429) – primarily feature a modular implant called LookBack. Symantec's latest analysis of attacks between February and September 2022, during which the group targeted the governments of two Middle Eastern countries and the stock exchange of an African nation, highlights the use of a new backdoor called Stegmap. The new malware leverages steganography – a technique used to embed a message (in this case, malware) in a non-secret docThe Hacker News
September 30, 2022 – Government
US DoD announced the results of the Hack US bug bounty challenge Full Text
Abstract
The US Department of Defense (DoD) shared the results of the Hack US bug bounty program that took place in July. On July 4, 2022, the US Department of Defense (DoD) and HackerOne started the Hack US, a one-week bug bounty challenge, which...Security Affairs
September 30, 2022 – Phishing
Fake US govt job offers push Cobalt Strike in phishing attacks Full Text
Abstract
A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices.BleepingComputer
September 30, 2022 – Phishing
Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security Full Text
Abstract
The fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.Krebs on Security
September 30, 2022 – Attack
New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons Full Text
Abstract
A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains commands to perform targeted process injection of arbitrary binaries and has a high reputation domain configured, exhibiting the redirection technique to masquerade the beacon's traffic." The malicious activity, discovered in August 2022, attempts to exploit the vulnerability CVE-2017-0199 , a remote code execution issue in Microsoft Office, that allows an attacker to take control of an affected system. The entry vector for the attack is a phishing email containing a Microsoft Word attachment that employs job-themed lures for roles in the U.S. government and PublThe Hacker News
September 30, 2022 – Vulnerabilities
Microsoft confirms Exchange zero-day flaws actively exploited in the wild Full Text
Abstract
Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild. Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity...Security Affairs
September 30, 2022 – Breach
Optus breach victims will get “supercharged” fraud protection Full Text
Abstract
The Australian Federal Police (AFP) announced today the launch of Operation Guardian which will ensure that more than 10,000 customers who had their personal info leaked in the Optus data breach will get priority protection against fraud attempts.BleepingComputer
September 30, 2022 – Vulnerabilities
Cisco Patches High-Severity Vulnerabilities in Networking Software Full Text
Abstract
Cisco announced IOS and IOS XE software updates that address 12 security vulnerabilities. The bugs were resolved as part of Cisco’s semiannual bundle patches for its networking software, which it releases in March and September.Security Week
September 30, 2022 – General
Why Organisations Need Both EDR and NDR for Complete Network Protection Full Text
Abstract
Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches. Why Modern Organisations Need EDR According to the 2020 global risk report by Ponemon Institute, smartphones, laptops, mobile devices, and desktops are some of the most vulnerable entry points that allow threat actors to compromise enterprise networks. Security teams must assess and address the security risks created by these devices before they can damage the organisation. And for this, they require Endpoint Detection & Response (EDR). EDR solutions provide real-time visibility into endpoints and detect threats like malware and ransomware. By continuously monitoring endpoints, they enable security teams to uncover malicious activities, investigate threats, and initiate appropriate responses to prThe Hacker News
September 30, 2022 – Vulnerabilities
Unpatched Microsoft Exchange Zero-Day actively exploited in the wild Full Text
Abstract
Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks...Security Affairs
September 30, 2022 – Criminals
Germany arrests hacker for stealing €4 million via phishing attacks Full Text
Abstract
Germany's Bundeskriminalamt (BKA), the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000.BleepingComputer
September 30, 2022 – Criminals
‘Disgruntled insider’ shared REvil information with researchers, helped law enforcement Full Text
Abstract
The insider went on to help researchers understand the inner workings of the group that became known as REvil, whose antics and crimes made headlines after attacking beef producer JBS.CyberScoop
September 30, 2022 – Hacker
North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks Full Text
Abstract
A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc , which is also tracked under the names Labyrinth Chollima. Attacks targeted employees in organizations across multiple industries, including media, defense and aerospace, and IT services in the U.S., the U.K., India, and Russia. The tech giant said it observed Zinc leveraging a "wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer for these attacks." According to CrowdStrike , Zinc "has been active since 2009 in operations aimed at collecting political, military, and economic intelliThe Hacker News
September 30, 2022 – Malware
Experts uncovered novel Malware persistence within VMware ESXi Hypervisors Full Text
Abstract
Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over...Security Affairs
September 30, 2022 – Attack
Microsoft confirms new Exchange zero-days are used in attacks Full Text
Abstract
Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.BleepingComputer
September 30, 2022 – Hacker
North Korean State-backed Hackers Found Rigging Legit Open-Source Software with Malware Full Text
Abstract
The hackers, a sub-group of Lazarus called ZINC, are weaponizing a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installers in a new wave of malware attacks.Security Week
September 30, 2022 – Vulnerabilities
Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild Full Text
Abstract
Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation . "The first vulnerability, identified as CVE-2022-41040 , is a Server-Side Request Forgery ( SSRF ) vulnerability, while the second, identified as CVE-2022-41082 , allows remote code execution (RCE) when PowerShell is accessible to the attacker," the tech giant said . The company also confirmed that it's aware of "limited targeted attacks" weaponizing the flaws to obtain initial access to targeted systems, but emphasized that authenticated access to the vulnerable Exchange Server is required to achieve successful exploitation. The attacks detailed by Microsoft show that the two flaws are stringed together in an exploit chain, with the SSRF bug enabling an authenticated adversary to remotely trigger arbitrary code execution. The Redmond-based company also confirmed that it'The Hacker News
September 30, 2022 – Business
Pathlock Expands SAP Capabilities with Acquisition of Grey Monarch Full Text
Abstract
The acquisition will strengthen Pathlock's vision of providing the industry's most complete 360-degree platform for application security and control automation for the SAP ecosystem.Dark Reading
September 30, 2022 – Attack
WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation Full Text
Abstract
Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. The two vulnerabilities, which are formally yet to be assigned CVE identifiers, are being tracked by the Zero Day Initiative as ZDI-CAN-18333 (CVSS score: 8.8) and ZDI-CAN-18802 (CVSS score: 6.3). GTSC said that successful exploitation of the flaws could be abused to gain a foothold in the victim's systems, enabling adversaries to drop web shells and carry out lateral movements across the compromised network. "We detected web shells, mostly obfuscated, being dropped to Exchange servers," the company noted . "Using the user-agent, we detected that the attacker useThe Hacker News
September 29, 2022 – Attack
New Microsoft Exchange zero-days actively exploited in attacks Full Text
Abstract
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.BleepingComputer
September 29, 2022 – Vulnerabilities
New Microsoft Exchange zero-day actively exploited in attacks Full Text
Abstract
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.BleepingComputer
September 29, 2022 – Vulnerabilities
Drupal Updates Patch Vulnerability in Twig Template Engine Full Text
Abstract
“Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials,” Drupal noted.Security Week
September 29, 2022 – Hacker
Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware Full Text
Abstract
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said . "This enables the attackers to keep updating their tools in order to find a way to circumvent the authorization policies, allowing them to perform their attacks." The cybercrime group emerged on the scene with ATM-focused malware attacks in the South American nation, providing it the ability to break into ATM machines to perform jackpotting – a type of attack aiming to dispense cash illegitimately – and clone thousands of credit cards to steal funds from the targeted bank's customers. Prilex's modus operandi over the years has since evolved to take advantage of processes relating to point-of-saleThe Hacker News
September 29, 2022 – Hacker
Hacker groups support protestors in Iran using Telegram, Signal and Darkweb Full Text
Abstract
Several hacker groups are assisting protestors in Iran using Telegram, Signal and other tools to bypass government censorship. Check Point Research (CPR) observed multiple hacker groups using Telegram, Signal and the darkweb to support protestors...Security Affairs
September 29, 2022 – Hacker
Hacking group hides backdoor malware inside Windows logo image Full Text
Abstract
Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo.BleepingComputer
September 29, 2022 – Vulnerabilities
Details Disclosed After Schneider Electric Patches Critical Flaw Allowing PLC Hacking Full Text
Abstract
Schneider Electric in recent months released patches for its EcoStruxure platform and some Modicon programmable logic controllers (PLCs) to address a critical vulnerability that was disclosed more than a year ago.Security Week
September 29, 2022 – Attack
Researchers Uncover Covert Attack Campaign Targeting Military Contractors Full Text
Abstract
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out starting in late summer 2022 targeting at least two high-profile military contractor companies," Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in an analysis. Infection chains begin with a phishing mail with a ZIP archive attachment containing a shortcut file that claims to be a PDF document about "Company & Benefits," which is then used to retrieve a stager -- an initial binary that's used to download the desired malware -- from a remote server. This PowerShell stager sets the stage for a "robust chain of stagers" that progresses through seven mThe Hacker News
September 29, 2022 – Malware
A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums Full Text
Abstract
The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime...Security Affairs
September 29, 2022 – Insider Threat
Fired admin cripples former employer’s network using old credentials Full Text
Abstract
An IT system administrator of a prominent financial company based in Hawaii, U.S., used a pair of credentials that hadn't been invalidated after he was laid off to wreak havoc on his employer.BleepingComputer
September 29, 2022 – General
Nearly 700 ransomware incidents traced back to wholesale access markets: Report Full Text
Abstract
Researchers have traced almost 700 ransomware incidents back to wholesale access markets (WAM) — platforms where people sell access to compromised endpoints, access over various remote protocols such as RDP, and more.The Record
September 29, 2022 – Education
Five Steps to Mitigate the Risk of Credential Exposure Full Text
Abstract
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft. While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, the reality is that existing methodologies have proven largely ineffective. According to the 2022 Verizon Data Breach Investigations Report , over 60% of breaches involve compromised credentials. Attackers use techniques such as social engineering, brute force, and purchasing leaked credentials on the dark web to compromise legitimate identities and gain unauthorized access to victim organizations' systems and resources. Adversaries often leverage the fact that some passwords are shared among different users, making it easier to breach multiple accounts in the same organization. Some empThe Hacker News
September 29, 2022 – Malware
Go-based Chaos malware is rapidly growing targeting Windows, Linux and more Full Text
Abstract
A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target...Security Affairs
September 29, 2022 – Vulnerabilities
Matrix: Install security update to fix end-to-end encryption flaws Full Text
Abstract
Matrix decentralized communication platform has published a security warning about two critical-severity vulnerabilities that affect the end-to-end encryption in the software development kit (SDK).BleepingComputer
September 29, 2022 – Breach
Update: Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach Full Text
Abstract
Both companies are wholly owned subsidiaries of Optus, with the company shuttering the Virgin brand in 2018, but it was not apparent until now whether these customers would have been caught up in the breach.The Guardian
September 29, 2022 – Breach
Swachh City Platform Suffers Data Breach Leaking 16 Million User Records Full Text
Abstract
A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report shared by security firm CloudSEK with The Hacker News. The website is currently inaccessible. The Swachhata Platform is part of the Indian government's Swachh Bharat Mission (translated as Clean India Mission) nationwide initiative to "achieve universal sanitation coverage." According to Cyble , the database comprises 101,718 unique email addresses and 15,835,111 unique mobile numbers, putting users at risk of phishing, smishing, social engineering, and identity theft. The cybersecurity firm said that the breach possibly leveraged compromised credentials belonging to administrator and non-administThe Hacker News
September 29, 2022 – Hacker
Microsoft: Lazarus hackers are weaponizing open-source software Full Text
Abstract
Microsoft says the North Korean-sponsored Lazarus threat group is trojanizing legitimate open-source software and using it to backdoor organizations in many industry sectors, such as technology, defense, and media entertainment.BleepingComputer
September 29, 2022 – General
The various ways ransomware impacts your organization Full Text
Abstract
Despite increased investment in tools to fight ransomware, 90% of organizations were affected by ransomware in some capacity over the past 12 months, according to SpyCloud’s 2022 Ransomware Defense Report.Help Net Security
September 29, 2022 – Hacker
Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks Full Text
Abstract
Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. "Key activities are data leaking and selling, including officials' phone numbers and emails, and maps of sensitive locations," Israeli cybersecurity firm Check Point said in a new report. The company said it has also witnessed sharing of proxies and open VPN servers to get around censorship and reports on the internet status in the country, with one group helping the anti-government demonstrators access social media sites. Chief among them is a Telegram channel called Official Atlas Intelligence Group (AIG) that's primarily focused on publishing data associated with government officials as well as maps of prominent locations. Calling itself the "CyberArmy," the group is said to have commenced its operations in May and has alsoThe Hacker News
September 29, 2022 – Business
Brave browser to start blocking annoying cookie consent banners Full Text
Abstract
The Brave browser will soon allows users to block annoying and potentially privacy-harming cookie consent banners on all websites they visit.BleepingComputer
September 29, 2022 – Phishing
Microsoft improves phishing protection in Windows 11 22H2 Full Text
Abstract
The enhanced phishing protection automatically detects when a user types their password into an app or website and knows immediately whether the app or site has a secure connection to a trusted website.The Register
September 29, 2022 – Ransomware
New Royal Ransomware emerges in multi-million dollar attacks Full Text
Abstract
A new ransomware operation named Royal is quickly ramping up, targeting corporations with ransom demands ranging from $250,000 to over $2 million.BleepingComputer
September 29, 2022 – Cryptocurrency
Crypto Trading Bot Earns $1 Million but Loses Everything to a Hacker an Hour Later Full Text
Abstract
According to the blockchain security firm PeckShield, the bug can be traced back to the bot's callback routine, and this was exploited by the hacker to approve an arbitrary address for spending.Coin Telegraph
September 29, 2022 – Education
How to protect your Mac against ransomware and other cyberthreats Full Text
Abstract
A popular myth says that "Mac's don't get viruses," but that's never quite been true — and today's Mac users face more cyberthreats than ever before. If you've got a friend or family member who thinks they don't have to worry at all about cybersecurity, pass along this article.BleepingComputer
September 29, 2022 – Malware
New malware backdoors VMware ESXi servers to hijack virtual machines Full Text
Abstract
Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection.BleepingComputer
September 29, 2022 – Malware
Upgraded Prilex Point-of-Sale malware bypasses credit card security Full Text
Abstract
Security analysts have observed three new versions of Prilex this year, indicating that the authors and operators of the PoS-targeting malware are back to action.BleepingComputer
September 28, 2022 – Hacker
Hackers now sharing cracked Brute Ratel post-exploitation kit online Full Text
Abstract
The Brute Ratel post-exploitation toolkit has been cracked and is now being shared for free across Russian-speaking and English-speaking hacking communities.BleepingComputer
September 28, 2022 – Phishing
New campaign uses government, union-themed lures to deliver Cobalt Strike beacons Full Text
Abstract
The lure themes in the phishing documents in this campaign are related to the job details of a government organization in the United States and a trade union in New Zealand.Cisco Talos
September 28, 2022 – Malware
Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems Full Text
Abstract
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute-forcing SSH private keys, as well as launch DDoS attacks," researchers from Lumen's Black Lotus Labs said in a write-up shared with The Hacker News. A majority of the bots are located in Europe, specifically Italy, with other infections reported in China and the U.S., collectively representing "hundreds of unique IP addresses" over a one-month time period from mid-June through mid-July 2022. Written in Chinese and leveraging China-based infrastructure for command-and-control, the botnet joins a long list of malware that are designed to establish persiThe Hacker News
September 28, 2022 – Malware
Threat actors use Quantum Builder to deliver Agent Tesla malware Full Text
Abstract
The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT),...Security Affairs
September 28, 2022 – Hacker
Hacker shares how they allegedly breached Fast Company’s site Full Text
Abstract
Fast Company took its website offline after it was hacked to display stories and push out Apple News notifications containing obscene and racist comments. Today, the hacker shared how they allegedly breached the site.BleepingComputer
September 28, 2022 – Solution
NUVOLA: the new Cloud Security tool Full Text
Abstract
Just like other forms of attacks, privilege escalation can go unnoticed, especially in a complex cloud environment where companies already have difficulty gaining visibility into their internal users, identities, and actions.Security Affairs
September 28, 2022 – Criminals
Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware Full Text
Abstract
A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for €189 a month, Quantum Builder is a customizable tool for generating malicious shortcut files as well as HTA, ISO, and PowerShell payloads to deliver next-stage malware on the targeted machines, in this case Agent Tesla . The multi-stage attack chain starts with a spear-phishing containing a GZIP archive attachment that includes a shortcut designed to execute PowerShell code responsible for launching a remote HTML application (HTA) using MSHTA . The phishing emails purport to be an order confirmation message from a Chinese supplier of lump and rock sugar, with the LNK file masquerading as aThe Hacker News
September 28, 2022 – Disinformation
ONLINE DISINFORMATION: Under the hood of a Doppelgänger Full Text
Abstract
ONLINE DISINFORMATION is one of the defining issues of our time and the influence of fake news has become an acute threat to our society. Disinformation undermines true journalism and steers the public opinion in highly charged topics such as immigration,...Security Affairs
September 28, 2022 – Government
IRS warns Americans of massive rise in SMS phishing attacks Full Text
Abstract
The Internal Revenue Service (IRS) warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks.BleepingComputer
September 28, 2022 – Business
MPCH Labs Closes $40M Series A Funding Full Text
Abstract
The round was led by Liberty City Ventures with participation from QCP Capital, Mantis VC, Human Capital, Global Coin Research, LedgerPrime, Finality Capital, Oak HC FT, Polygon Studios, Quantstamp, and Animoca Brands.FinSMEs
September 28, 2022 – Solution
Improve your security posture with Wazuh, a free and open source XDR Full Text
Abstract
Organizations struggle to find ways to keep a good security posture. This is because it is difficult to create secure system policies and find the right tools that help achieve a good posture. In many cases, organizations work with tools that do not integrate with each other and are expensive to purchase and maintain. Security posture management is a term used to describe the process of identifying and mitigating security misconfigurations and compliance risks in an organization. To maintain a good security posture, organizations should at least do the following: Maintain inventory: Asset inventory is considered first because it provides a comprehensive list of all IT assets that should be protected. This includes the hardware devices, applications, and services that are being used. Perform vulnerability assessment: The next step is to perform a vulnerability assessment to identify weaknesses in applications and services. Knowledge of the vulnerabilities help to prioritize risksThe Hacker News
September 28, 2022 – APT
APT28 relies on PowerPoint Mouseover to deliver Graphite malware Full Text
Abstract
The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware,...Security Affairs
September 28, 2022 – Breach
Auth0 warns that some source code repos may have been stolen Full Text
Abstract
Authentication service provider and Okta subsidiary Auth0 has disclosed what it calls a "security event" involving some of its code repositories.BleepingComputer
September 28, 2022 – Government
EU’s cybersecurity agency chief warns to keep guard up Full Text
Abstract
While there has been no radical change in cyber threats since the beginning of the war in Ukraine, attacks have become more intense and sophisticated, said Juhan Lepassaar, executive director of the EU cybersecurity agency, ENISA, on Monday.Euractiv
September 28, 2022 – Hacker
Hackers Using PowerPoint Mouseover Trick to Infect System with Malware Full Text
Abstract
The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive." The dropper, a seemingly harmless image file, functions as a pathway for a follow-on payload, a variant of a malware known as Graphite, which uses the Microsoft Graph API and OneDrive for command-and-control (C2) communications to retrieve additional payloads. The attack employs a lure document that makes use of a template potentially linked to the Organisation for Economic Co-operation and Development ( OECD ), a Paris-based intergovernmental entity. Cluster25 noted the attacks may be ongoing, conThe Hacker News
September 28, 2022 – Ransomware
Bl00dy ransomware gang started using leaked LockBit 3.0 builder in attacks Full Text
Abstract
The recently born Bl00Dy Ransomware gang has started using the recently leaked LockBit ransomware builder in attacks in the wild. The Bl00Dy Ransomware gang is the first group that started using the recently leaked LockBit ransomware builder in attacks...Security Affairs
September 28, 2022 – Business
Google to test disabling Chrome Manifest V2 extensions in June 2023 Full Text
Abstract
Developers of extensions for Google Chrome can keep their hopes up that the transition from Manifest V2 to V3 will be as gradual as possible, helping to minimize the negative impact on the community of users.BleepingComputer
September 28, 2022 – Attack
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks Full Text
Abstract
MFA provides an extra layer of security for user accounts. If a threat actor can obtain an account’s username and password through phishing or other methods, MFA should prevent them from accessing the account.Security Week
September 28, 2022 – Disinformation
Facebook Shuts Down Covert Political ‘Influence Operations’ from Russia and China Full Text
Abstract
Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior (CIB) so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic, the Russian network primarily targeted Germany, France, Italy, Ukraine and the U.K. with themes surrounding the ongoing war in Ukraine. "The largest and most complex Russian operation we've disrupted since the war in Ukraine began, it ran a sprawling network of over 60 websites impersonating news organizations, as well as accounts on Facebook, Instagram, YouTube, Telegram, Twitter, Change.org and Avaaz, and even LiveJournal," the social media behemoth said . The sophisticated Russian activity, which commenced in May 2022, impersonated mainstream European news outlets like Der Spiegel, The Guardian, and Bild, not to mention build credibility by creating fake accounts acrossThe Hacker News
September 28, 2022 – Solution
NUVOLA: the new Cloud Security tool Full Text
Abstract
nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa (@_notdodo_), Security Engineer at Prima...Security Affairs
September 28, 2022 – Hacker
Stealthy hackers target military and weapons contractors in recent attack Full Text
Abstract
Security researchers have discovered a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier.BleepingComputer
September 28, 2022 – Disinformation
Meta Disables Russian Propaganda Network Targeting Europe Full Text
Abstract
A sprawling disinformation network originating in Russia sought to use hundreds of fake social media accounts and dozens of sham news websites to spread Kremlin talking points about the invasion of Ukraine, Meta revealed Tuesday.Security Week
September 28, 2022 – Vulnerabilities
Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely Full Text
Abstract
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12. Also patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an opposite category of errors that occur when the result of an operation is too small for storing the value within the allocated memory space. The high-severity issue, given the CVE identifier CVE-2022-27492 (CVSS score: 7.8), affects WhatsApp for Android prior to versions 2.22.16.2 and WhatsApp for iOS version 2.22.15.9, and could be triggered upon receiving a specially crafted video file. Exploiting integer overflows andThe Hacker News
September 28, 2022 – General
Meta dismantled the largest Russian network since the war in Ukraine began Full Text
Abstract
Meta dismantled a network of Facebook and Instagram accounts spreading disinformation across European countries. Meta announced to have taken down a huge Russian network of Facebook and Instagram accounts used to spread disinformation published on more...Security Affairs
September 28, 2022 – Malware
New Chaos malware infects Windows, Linux devices for DDoS attacks Full Text
Abstract
A quickly expanding botnet called Chaos is targeting and infecting Windows and Linux devices to use them for cryptomining and launching DDoS attacks.BleepingComputer
September 28, 2022 – Vulnerabilities
Java template framework Pebble vulnerable to command injection Full Text
Abstract
Java templating engine Pebble was vulnerable to a bug that could allow attackers to bypass its security mechanisms and conduct command injection attacks against host servers.The Daily Swig
September 28, 2022 – Vulnerabilities
Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks Full Text
Abstract
Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets.BleepingComputer
September 28, 2022 – Solution
Wazuh - The free and open source XDR platform Full Text
Abstract
Wazuh is a free and open source security platform that provides unified SIEM and XDR protection. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. Wazuh is one of the fastest growing open source security solutions, with over 10 million downloads per year.BleepingComputer
September 28, 2022 – Cryptocurrency
Cryptominers hijack $53 worth of system resources to earn $1 Full Text
Abstract
Security researchers estimate that the financial impact of cryptominers infecting cloud servers costs victims about $53 for every $1 worth of cryptocurrency threat actors mine on hijacked devices.BleepingComputer
September 28, 2022 – Attack
Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks Full Text
Abstract
The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies.BleepingComputer
September 27, 2022 – Malware
New NullMixer dropper infects your PC with a dozen malware families Full Text
Abstract
A new malware dropper named 'NullMixer' is infecting Windows devices with a dozen different malware families simultaneously through fake software cracks promoted on malicious sites in Google Search results.BleepingComputer
September 27, 2022 – Criminals
How Underground Groups Use Stolen Identities and Deepfakes Full Text
Abstract
The growing appearance of deepfake attacks is significantly reshaping the threat landscape for organizations, financial institutions, celebrities, political figures, and even ordinary people.Trend Micro
September 27, 2022 – Government
Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures Full Text
Abstract
The Ukrainian government on Monday warned of "massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said. "By the cyberattacks, the enemy will try to increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine," the agency said in a brief advisory. GUR also cautioned of intensified distributed denial-of-service (DDoS) attacks aimed at the critical infrastructure of Ukraine's closest allies, chiefly Poland and the Baltic states of Estonia, Latvia, and Lithuania. It's not immediately clear what prompted the intelligence agency to issue the notice, but Ukraine has been at the receiving end of disruptive and destructive cyberattacks since the onset of the Russo-Ukrainian war earliThe Hacker News
September 27, 2022 – Education
Can You Hack It? Find Out In Our Lawfare Class Full Text
Abstract
We're bringing hacking and cybersecurity education to a remote cohort of Lawfare's material supporters and challenging them to become hackers themselves. There's still time to join us.Lawfare
September 27, 2022 – Hacker
North Korea-linked Lazarus continues to target job seekers with macOS malware Full Text
Abstract
North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The attackers...Security Affairs
September 27, 2022 – Phishing
Lazarus hackers drop macOS malware via Crypto.com job offers Full Text
Abstract
The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency.BleepingComputer
September 27, 2022 – Malware
More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID Full Text
Abstract
This particular attack chain was discovered in early August 2022 and delivered IcedID, also known as Bokbot, as the final payload. This information stealer, IcedID, is well-known malware that has been attacking users since 2019.Palo Alto Networks
September 27, 2022 – Malware
New NullMixer Malware Campaign Stealing Users’ Payment Data and Credentials Full Text
Abstract
Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware, and many others." Besides siphoning users' credentials, address, credit card data, cryptocurrencies, and even Facebook and Amazon account session cookies, what makes NullMixer insidious is its ability to download dozens of trojans at once, significantly widening the scale of the infections. Attack chains typically start when a user attempts to download cracked software from one of the sites, which leads to a password-protected archive that contains an executable filThe Hacker News
September 27, 2022 – Breach
Defense firm Elbit Systems of America discloses data breach Full Text
Abstract
Elbit Systems of America, a subsidiary of defense giant Elbit Systems, disclosed a data breach after Black Basta ransomware gang claimed to have hacked it. In late June, the Black Basta ransomware gang claimed to have hacked Elbit Systems of America,...Security Affairs
September 27, 2022 – Disinformation
Meta dismantles massive Russian network spoofing Western news sites Full Text
Abstract
Meta says it took down a large network of Facebook and Instagram accounts pushing disinformation published on more than 60 websites that spoofed multiple legitimate news sites across Europe.BleepingComputer
September 27, 2022 – Malware
Agent Tesla RAT Delivered by Quantum Builder With New TTPs Full Text
Abstract
Zscaler ThreatLabz has observed a campaign that delivers Agent Tesla, a .NET-based keylogger and remote access trojan (RAT) active since 2014, using a builder named “Quantum Builder” sold on the dark web.Zscaler
September 27, 2022 – Malware
Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme Full Text
Abstract
As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019. The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively. Prior to their removal from the app storefronts, the apps had been collectively installed more than 13 million times. The original Poseidon operation comprised over 40 Android apps that were designed to display ads out of context or hidden from the view of the device user. Charybdis, on the other hand, was an improvement over the former by making use of code obfuscation tactics to target advertising platforms. Scylla presents the latest adaption of the scheme in that it expands beyond Android to make a foray into the iOS ecosystem for the first time, alongside relying on additional layers of code roundabout using the AllThe Hacker News
September 27, 2022 – Vulnerabilities
WhatsApp fixed critical and high severy vulnerabilities Full Text
Abstract
WhatsApp has addressed two severe Remote Code Execution vulnerabilities affecting the mobile version of the software. WhatsApp has published three security advisories for 2022, two of which are related to CVE-2021-24042 and CVE-2021-24043 vulnerabilities...Security Affairs
September 27, 2022 – Hacker
Optus hacker apologizes and allegedly deletes all stolen data Full Text
Abstract
The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum.BleepingComputer
September 27, 2022 – Vulnerabilities
Two Remote Code Execution Vulnerabilities Patched in WhatsApp Full Text
Abstract
WhatsApp only has three security advisories for 2022, with the first two released in January and February. The latest advisory, released this month, informs customers of two memory-related issues affecting the WhatsApp mobile applications.Security Week
September 27, 2022 – General
Why Continuous Security Testing is a Must for Organizations Today Full Text
Abstract
The global cybersecurity market is flourishing. Experts at Gartner predict that the end-user spending for the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026. One big area of spending includes the art of putting cybersecurity defenses under pressure, commonly known as security testing. MarketsandMarkets forecasts the global penetration testing (pentesting) market size is expected to grow at a Compound Annual Growth Rate (CAGR) of 13.7% from 2022 to 2027. However, the costs and limitations involved in carrying out a penetration test are already hindering the market growth, and consequently, many cybersecurity professionals are making moves to find an alternative solution. Pentests aren't solving cybersecurity pain points Pentesting can serve specific and important purposes for businesses. For example, prospective customers may ask for the results of one as proof of compliance. However, for certain challenges, thisThe Hacker News
September 27, 2022 – Malware
Erbium info-stealing malware, a new option in the threat landscape Full Text
Abstract
The recently discovered Erbium information-stealer is being distributed as fake cracks and cheats for popular video games. Threat actors behind the new 'Erbium' information-stealing malware are distributing it as fake cracks and cheats for popular...Security Affairs
September 27, 2022 – Attack
Pass-the-Hash Attacks and How to Prevent them in Windows Domains Full Text
Abstract
Hackers often start out with nothing more than a low-level user account and then work to gain additional privileges that will allow them to take over the network. One of the methods that is commonly used to acquire these privileges is a pass-the-hash attack. Here are five steps to prevent a pass-the-hash attack in a Windows domain.BleepingComputer
September 27, 2022 – Policy and Law
Samsung Sued Over Recent Data Breaches Full Text
Abstract
Represented by Clarkson Law Firm, two Samsung users have filed a class action lawsuit against the electronics manufacturer over the two data breaches the company suffered in 2022.Security Week
September 27, 2022 – Hacker
North Korea’s Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs Full Text
Abstract
The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto[.]com have been used to mount the attacks. The latest disclosure builds on previous findings from Slovak cybersecurity firm ESET in August, which delved into a similar phony job posting for the Coinbase cryptocurrency exchange platform. Both these fake job advertisements are just the latest in a series of attacks dubbed Operation In(ter)ception , which, in turn, is a constituent of a broader campaign tracked under the name Operation Dream Job . Although the exact distribution vector for the malware remains unknown, it's suspected that potential targets are singled out via direct messages on the business networking site LinkeThe Hacker News
September 27, 2022 – Hacker
Mandiant identifies 3 hacktivist groups working in support of Russia Full Text
Abstract
Researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the GRU. Mandiant researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia,...Security Affairs
September 27, 2022 – Government
Ukraine warns of ‘massive cyberattacks’ coming from Russia on critical infrastructure sites Full Text
Abstract
The Russian government is planning “massive cyberattacks” against Ukrainian critical infrastructure facilities to “increase the effect of missile strikes on electrical supply facilities,” the Ukrainian government said Monday.CyberScoop
September 27, 2022 – Breach
Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme Full Text
Abstract
The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP said in a statement. The development comes after Optus, Australia's second-largest wireless carrier, disclosed on September 22, 2022, that it was a victim of a cyberattack. It claimed it "immediately shut down the attack" as soon as it came to light. The threat actor behind the breach also briefly released a sample of 10,200 records from the breach – putting those users at heightened risk of fraud – in addition to asking for $1 million as part of an extortion demand. The dataset has since been taken down, with the attacker also claiming to have deleted the only copy of the stoThe Hacker News
September 26, 2022 – Malware
New Erbium password-stealing malware spreads as game cracks, cheats Full Text
Abstract
The new 'Erbium' information-stealing malware is being distributed as fake cracks and cheats for popular video games to steal victims' credentials and cryptocurrency wallets.BleepingComputer
September 26, 2022 – Malware
NullMixer drops Redline Stealer, SmokeLoader and other malware Full Text
Abstract
The infection vector of NullMixer is based on a ‘User Execution’ malicious link that requires the end user to click on and download a password-protected ZIP/RAR archive with a malicious file that is extracted and executed manually.Securelist
September 26, 2022 – Hacker
Researchers Identify 3 Hacktivist Groups Supporting Russian Interests Full Text
Abstract
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn' are coordinating their operations with Russian Main Intelligence Directorate (GRU)-sponsored cyber threat actors." Mandiant's assessment is based on evidence that the leakage of data stolen from Ukrainian organizations occurred within 24 hours of malicious wiper incidents undertaken by the Russian nation-state group tracked as APT28 (aka Fancy Bear, Sofacy, or Strontium). To that end, four of the 16 data leaks from these groups coincided with disk wiping malware attacks by APT28 that involved the use of a strain dubbed CaddyWiper . APT28 , aThe Hacker News
September 26, 2022 – Government
Russia prepares massive cyberattacks on the critical infrastructure of Ukraine and its allies Full Text
Abstract
The Ukrainian military intelligence warns that Russia is planning to escalate cyberattacks targeting Ukraine and Western allies. The Main Directorate of Intelligence of the Ministry of Defence of Ukraine (HUR MO) warns that Russia is planning to escalate...Security Affairs
September 26, 2022 – Malware
Hackers use PowerPoint files for ‘mouseover’ malware delivery Full Text
Abstract
Hackers believed to work for Russia have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script.BleepingComputer
September 26, 2022 – Policy and Law
TikTok could face $29 million fine for failing to protect UK children’s privacy Full Text
Abstract
The UK Information Commissioner’s Office (ICO) announced on Monday that it had issued TikTok with a “notice of intent” which is a legal document that TikTok is allowed to respond to ahead of a potential fine.The Record
September 26, 2022 – Hacker
Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor Full Text
Abstract
A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile. The intrusions involved the exploitation of CVE-2022-1040 and CVE-2022-30190 (aka "Follina"), two remote code execution vulnerabilities in Sophos Firewall and Microsoft Office, respectively. "This willingness to rapidly incorporate new techniques and methods of initial access contrasts with the group's continued use of well known and reported capabilities, such as the Royal Road RTF weaponizer, and often lax infrastructure procurement tendencies," Recorded Future said in a new technical analysis. TA413, also known as LuckyCat, has been linked to relThe Hacker News
September 26, 2022 – APT
China-linked TA413 group targets Tibetan entities with new backdoor Full Text
Abstract
China-linked cyberespionage group TA413 exploits employ a never-before-undetected backdoor called LOWZERO in attacks aimed at Tibetan entities. A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat), is exploiting recently disclosed...Security Affairs
September 26, 2022 – Malware
Adware on Google Play and Apple Store installed 13 million times Full Text
Abstract
Security researchers have discovered 75 applications on Google Play and another ten on Apple's App Store engaged in ad fraud. Collectively, they add to 13 million installations.BleepingComputer
September 26, 2022 – Ransomware
Data Corruption, A Potential New Trend in Ransomware Attacks Full Text
Abstract
The new data corruption tactic was identified in a new BlackCat ransomware attack and analyzed by the Cyderes Special Operations team and the Stairwell Threat Research team.Heimdal Security
September 26, 2022 – Criminals
BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal Full Text
Abstract
The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software," researchers from Symantec said in a new report. BlackCat, also known by the names ALPHV and Noberus, is attributed to an adversary tracked as Coreid (aka FIN7 , Carbanak, or Carbon Spider) and is said to be a rebranded successor of DarkSide and BlackMatter , both of which shut shop last year following a string of high-profile attacks, including that of Colonial Pipeline. The threat actor, like other notorious ransomware groups, is known to run a ransomware-as-a-service (RaaS) operation, which involves its core developers enlisting the help of affiliates to carry out the attacks in exchange for a cutThe Hacker News
September 26, 2022 – APT
Metador, a never-before-seen APT targeted ISPs and telco for about 2 years Full Text
Abstract
A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked...Security Affairs
September 26, 2022 – Government
Ukraine warns allies of Russian plans to escalate cyberattacks Full Text
Abstract
The Ukrainian military intelligence service warned today that Russia is planning "massive cyber-attacks" targeting the critical infrastructure of Ukraine and its allies.BleepingComputer
September 26, 2022 – Phishing
Spam email campaign targeting businesses delivers the Agent Tesla stealer Full Text
Abstract
In a new malspam campaign, someone posing as a Malaysian prospect and using a fairly odd variety of English, asks the recipient to review some customer requirements and get back with the requested documents.Securelist
September 26, 2022 – Education
5 Network Security Threats And How To Protect Yourself Full Text
Abstract
Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, these would all live on one "corporate network," - networks today are often just made up of the devices themselves, and how they're connected: across the internet, sometimes via VPNs, to the homes and cafes people work from, to the cloud and data centres where services live. So what threats does this modern network face? Let's look at them in more detail. #1 Misconfiguration According to recent research by Verizon , misconfiguration errors and misuse now make up 14% of breaches. Misconfiguration errors occur when configuring a system or application so that it&The Hacker News
September 26, 2022 – Malware
Exmatter exfiltration tool used to implement new extortion tactics Full Text
Abstract
Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case...Security Affairs
September 26, 2022 – Business
Web3 bug-bounty platform Immunefi raises $24M for its Series A funding round Full Text
Abstract
Immunefi has raised $24 million as part of its Series A round led by Framework Ventures. Other investors include Samsung Next, Electric Capital, and Polygon Ventures. That brings its total raised to now $29.5 million.Tech Crunch
September 26, 2022 – Business
Google to Make Account Login Mandatory for New Fitbit Users in 2023 Full Text
Abstract
Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said . The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is expected to continue until at least the beginning of 2025, after which a Google account will be mandatory for using the devices. The deeper integration also means that a Google account will be compulsory to sign up for Fitbit and activate new features, including those that incorporate Google products and services such as Google Assistant. Also necessitated as part of the transition is the consent from the part of users to move their personal data from Fitbit to Google. The internet giant stressed that users' personal information will not be used to serve ads. The goal, Fitbit saidThe Hacker News
September 26, 2022 – Criminals
Ukraine Arrests Cybercrime Group for Selling Data of 30 Million Accounts Full Text
Abstract
Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems like YooMoney, Qiwi, and WebMoney that are outlawed in the country. "Their 'wholesale clients' were pro-kremlin propagandists," the Security Service of Ukraine (SSU) said in a press release. "It was them who used the received identification data of Ukrainian and foreign citizens to spread fake 'news' from the front and sow panic." The goal behind the campaign was "large-scale destabilization in multiple countries," it stated, adding the hacked accounts were used to propagate false information about the socio-political situation in UThe Hacker News
September 25, 2022 – Ransomware
Ransomware data theft tool may show a shift in extortion tactics Full Text
Abstract
Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future.BleepingComputer
September 25, 2022 – Hacker
Attackers impersonate CircleCI platform to compromise GitHub accounts Full Text
Abstract
Threat actors target GitHub users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. GitHub is warning of an ongoing phishing campaign targeting its users to steal credentials and two-factor...Security Affairs
September 25, 2022 – Hacker
New hacking group ‘Metador’ lurking in ISP networks for months Full Text
Abstract
A previously unknown threat actor that researchers have named 'Metador' has been breaching telecommunications, internet services providers (ISPs), and universities for about two years.BleepingComputer
September 25, 2022 – Attack
OpIran: Anonymous declares war on Teheran amid Mahsa Amini’s death Full Text
Abstract
OpIran: Anonymous launched Operation Iran against Teheran due to the ongoing crackdown on dissent after Mahsa Amini’s death. Anonymous launched OpIran against Iran due to the ongoing crackdown on dissent after Mahsa Amini’s death. The protests...Security Affairs
September 25, 2022 – General
Security Affairs newsletter Round 385 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. ISC...Security Affairs
September 24, 2022 – Solution
Windows 11 now warns when typing your password in Notepad, websites Full Text
Abstract
Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites.BleepingComputer
September 24, 2022 – Attack
Microsoft SQL servers hacked in TargetCompany ransomware attacks Full Text
Abstract
Security analysts at ASEC have discovered a new wave of attacks targeting vulnerable Microsoft SQL servers, involving the deployment of a ransomware strain named FARGO.BleepingComputer
September 24, 2022 – Vulnerabilities
ISC fixed high-severity flaws in the BIND DNS software Full Text
Abstract
The Internet Systems Consortium (ISC) fixed six remotely exploitable vulnerabilities in the BIND DNS software. The Internet Systems Consortium (ISC) this week released security patches to address six remotely exploitable vulnerabilities in BIND DNS software. Four...Security Affairs
September 24, 2022 – Breach
American Airlines learned it was breached from phishing targets Full Text
Abstract
American Airlines says its Cyber Security Response Team found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account.BleepingComputer
September 24, 2022 – Criminals
Ukraine: SSU dismantled cyber gang that stole 30 million accounts Full Text
Abstract
The cyber department of Ukraine 's Security Service (SSU) dismantled a gang that stole accounts of about 30 million individuals. The cyber department of Ukraine 's Security Service (SSU) has taken down a group of hackers that is behind the theft of about...Security Affairs
September 24, 2022 – Breach
London Police arrested a teen suspected to be behind Uber, Rockstar Games breaches Full Text
Abstract
The City of London Police this week announced the arrest of a 17-year-old teenager on suspicion of hacking. Is he the Uber hacker? The City of London Police on Friday announced to have arrested a 17-year-old teenager on suspicion of hacking, however,...Security Affairs
September 24, 2022 – Criminals
Colonial Pipeline ransomware group using new tactics to become more dangerous Full Text
Abstract
Also known in some circles as FIN7 or Carbon Spider, Coreid is a ransomware-as-a-service (RaaS) operation that develops ransomware tools and services and then collects money from affiliates who use these tools to carry out the actual attacks.Tech Republic
September 24, 2022 – Criminals
London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches Full Text
Abstract
The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said , adding "he remains in police custody." The department said the arrest was made as part of an investigation in partnership with the U.K. National Crime Agency's cyber crime unit. No further details about the nature of the investigation were disclosed, although it's suspected that the law enforcement action may have something to do with the recent string of high-profile hacks aimed at Uber and Rockstar Games . Both the intrusions are alleged to have been committed by the same threat actor, who goes by the name Tea Pot (aka teapotuberhacker). Uber, for its part, has pinned the breach on an attacker (or attackers) that it believes is associated with the LAPSUS$ extortionThe Hacker News
September 24, 2022 – Malware
Malicious NPM package discovered in supply chain attack Full Text
Abstract
Researchers with ReversingLabs said the Material Tailwind library is being impersonated for an apparent supply chain attack targeting developers. The team spotted a look-alike NPM package circulating on repositories.Tech Target
September 24, 2022 – Vulnerabilities
Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability Full Text
Abstract
Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it "has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region," adding it directly notified these entities. As a workaround, Sophos is recommending that users take steps to ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest supported version - v19.5 GA v19.0 MR2 (19.0.2) v19.0 GA, MR1, and MR1-1 v18.5 MR5 (18.5.5) v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4 v18.0 MR3, MR4, MR5, and MR6 v17.5 MR12, MR13, MR14, MR15, MR16, and MR17 v17.0 MR10 UsersThe Hacker News
September 24, 2022 – Vulnerabilities
Sophos warns of a new actively exploited flaw in Firewall product Full Text
Abstract
Cybersecurity firm, Sophos, warned of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild.Security Affairs
September 24, 2022 – Phishing
SEO poisoning campaign directs search engine visitors from multiple industries to JavaScript malware Full Text
Abstract
Researchers have discovered a high-effort search engine optimization (SEO) poisoning campaign that seems to be targeting employees from multiple industries and government sectors when they search for specific terms that are relevant to their work.CSO Online
September 24, 2022 – Government
Iranian State Actors Conduct Cyber Operations Against the Government of Albania Full Text
Abstract
In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable.US CERT
September 23, 2022 – Ransomware
The Week in Ransomware - September 23rd 2022 - LockBit leak Full Text
Abstract
This week we saw some embarrassment for the LockBit ransomware operation when their programmer leaked a ransomware builder for the LockBit 3.0 encryptor.BleepingComputer
September 23, 2022 – Vulnerabilities
Sophos warns of a new actively exploited flaw in Firewall product Full Text
Abstract
Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product...Security Affairs
September 23, 2022 – Attack
UK Police arrests teen believed to be behind Uber, Rockstar hacks Full Text
Abstract
The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks.BleepingComputer
September 23, 2022 – Attack
Anonymous claims to have hacked the website of the Russian Ministry of Defense Full Text
Abstract
The popular collective Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked data of 305,925 people. The #OpRussia (#OpRussia) launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the popular...Security Affairs
September 23, 2022 – Attack
Sophos warns of new firewall RCE bug exploited in attacks Full Text
Abstract
Sophos warned today that a critical code injection security vulnerability in the company's Firewall product is being exploited in the wild.BleepingComputer
September 23, 2022 – Phishing
Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts Full Text
Abstract
GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent messages claim to notify users that their CircleCI sessions have expired and that they should log in using GitHub credentials by clicking on a link. Another bogus email revealed by CircleCI prompts users to sign in to their GitHub accounts to accept the company's new Terms of Use and Privacy Policy by following the link embedded in the message. Regardless of the lure, doing so redirects the target to a lookalike GitHub login page designed to steal and exfiltrate the entered credentials as well as the Time-based One Time Password (TOTP) codes in real-time to the attacker, effectively allowingThe Hacker News
September 23, 2022 – Government
CISA adds Zoho ManageEngine flaw to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
CISA added a security flaw in Zoho ManageEngine, tracked as CVE-2022-35405, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a recently disclosed security flaw in Zoho ManageEngine,...Security Affairs
September 23, 2022 – Cryptocurrency
npm packages used by crypto exchanges compromised Full Text
Abstract
Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects, appear to have been compromised. Powered by the Ethereum blockchain, dydX is a decentralized exchange platform offering perpetual trading options for over 35 popular cryptocurrencies including Bitcoin (BTC) and Ether (ETH).BleepingComputer
September 23, 2022 – APT
Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities Full Text
Abstract
A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions," researchers from SentinelOne said in a new report. The cybersecurity firm codenamed the group Metador in reference to a string "I am meta" in one of their malware samples and because of Spanish-language responses from the command-and-control (C2) servers. The threat actor is said to have primarily focused on the development of cross-platform malware in its pursuit of espionage aims. Other hallmarks of the campaign are the limited number of intrusions and long-term access to targets. This includes two different Windows malware platforms called metaMain and MaThe Hacker News
September 23, 2022 – Vulnerabilities
Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw Full Text
Abstract
Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento...Security Affairs
September 23, 2022 – Solution
Signal calls on users to run proxies for bypassing Iran blocks Full Text
Abstract
Signal is urging its global community to help people in Iran stay connected with each other and the rest of the world by volunteering proxies to bypass the aggressive restrictions imposed by the Iranian regime.BleepingComputer
September 23, 2022 – Government
CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities ( KEV ) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency said in a notice. The critical vulnerability , tracked as CVE-2022-35405 , is rated 9.8 out of 10 for severity on the CVSS scoring system, and was patched by Zoho as part of updates released on June 24, 2022. Although the exact nature of the flaw remains unknown, the India-based enterprise solutions company said it addressed the issue by removing the vulnerable components that could lead to the remote execution of arbitrary code. Zoho has also warned of the public availability of a proof-of-concept (PoC) exploit for the vulnerability, making it imperative that customers moveThe Hacker News
September 23, 2022 – Breach
Australian Telecoms company Optus discloses security breach Full Text
Abstract
Australian telecoms company Optus disclosed a data breach, threat actors gained access to former and current customers. Optus, one of the largest service providers in Australia, disclosed a data breach. The intruders gained access to the personal...Security Affairs
September 23, 2022 – Criminals
Ukraine dismantles hacker gang that stole 30 million accounts Full Text
Abstract
The cyber department of Ukraine's Security Service (SSU) has taken down a group of hackers that stole accounts of about 30 million individuals and sold them on the dark web.BleepingComputer
September 23, 2022 – Hacker
Researchers unearth hacking group that’s been active, yet undetected for years Full Text
Abstract
The group attacks with variants of two Windows malware platforms deployed directly into memory, with indications of an additional Linux implant, and are capable of rapid adaptations.CyberScoop
September 23, 2022 – General
Firing Your Entire Cybersecurity Team? Are You Sure? Full Text
Abstract
What on earth were they thinking? That's what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don't know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications of the decision would be inescapable for any organization. Fire the internal team and you take a huge risk Patreon is a content-creator site that handles billions of dollars in revenue. For reasons unknown to us, Patreon fired not just a couple of staff members or someone in middle management. No: the company fired its entire security team. It's a big decision with significant consequences because it results in an incalculable loss of organizational knowledge. At the technical level, it's a loss of soft knowledge around deep system interdependencies that internal security experts will just "know" about and acThe Hacker News
September 23, 2022 – Solution
This image shows its own MD5 checksum — and it’s kind of a big deal Full Text
Abstract
Generating checksums—cryptographic hashes such as MD5 or SHA-256 functions for files is hardly anything new and one of the most efficient means to ascertain the integrity of a file, or to check if two files are identical. But a researcher has generated an image that visibly contains its own MD5 hash.BleepingComputer
September 23, 2022 – Malware
The Harly Trojan subscriber in Google Play apps Full Text
Abstract
Since 2020 more than 190 apps infected with Harly have been found on Google Play. A conservative estimate of the number of downloads of these apps is 4.8 million, but the actual figure may be even higher.Kaspersky Lab
September 23, 2022 – Hacker
Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities Full Text
Abstract
A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur , the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles in cyber espionage and data theft, selling the stolen information to anyone willing to pay," Trend Micro noted at the time. Attacks conducted by the group are typically both generic and opportunistic and are aimed at gaining unauthorized access to widely-used email services, social media, messaging, and corporate accounts. Earlier this June, Google's Threat Analysis Group (TAG) took the wraps off a set of credential theft attacks targeting journalists, European politicians, and non-profit's mounted by the threat actor. "Void Balaur also goes after targets vaThe Hacker News
September 23, 2022 – Criminals
Multi-million dollar credit card fraud operation uncovered Full Text
Abstract
A massive operation that has reportedly siphoned millions of USD from credit cards since its launch in 2019 has been exposed and is considered responsible for losses for tens of thousands of victims.BleepingComputer
September 23, 2022 – General
What you need to know about Evil-Colon attacks Full Text
Abstract
Evil-Colon operates similarly to the now-defunct Poison-NULL-Byte attacks. Though Poison-NULL-Byte attacks are now obsolete, they may have paved the path for new, similar attacks that could wreak havoc in your code if not dealt with properly.Help Net Security
September 22, 2022 – Government
CISA warns of critical ManageEngine RCE bug used in attacks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalog of bugs exploited in the wild.BleepingComputer
September 22, 2022 – General
Gaming Sector Under Relentless Attack Full Text
Abstract
Hackers are relentlessly targeting the gaming sector. In less than a month, hackers have carried out five major attacks on gamers and gaming platforms; 2K Games became the recent victim. The gaming industry has been a bastion for cyberattackers, owing to its exponential growth over the years, ... Read MoreCyware Alerts - Hacker News
September 22, 2022 – Privacy
Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs Full Text
Abstract
A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of the Android malware, which were disguised as book, pictures, and an audio version of the Quran. The malware, while relatively unsophisticated from a technical standpoint, comes with extensive capabilities to steal sensitive data from an infected device, send SMS messages on the victim's behalf, make phone calls, and track their locations. Additionally, it allows the recording of incoming and outgoing phone calls as well as surrounding audio. "All this makes it a powerful and dangerous surveillance tool," Israeli cybersecurity firm Check Point said in a technical deepdive, calling the spyware MobileOrderThe Hacker News
September 22, 2022 – General
Two Americas: Cross-Border Data Requests Post-Dobbs Full Text
Abstract
Following the Supreme Court’s abortion ruling in Dobbs this past June, cross-border data requests between states for abortion-related investigations may start to resemble cross-border requests between countries and trigger new conflicts of law.Lawfare
September 22, 2022 – Vulnerabilities
AttachMe: a critical flaw affects Oracle Cloud Infrastructure (OCI) Full Text
Abstract
A critical vulnerability in Oracle Cloud Infrastructure (OCI) could be exploited to access the virtual disks of other Oracle customers. Wiz researchers discovered a critical flaw in Oracle Cloud Infrastructure (OCI) that could be exploited by users...Security Affairs
September 22, 2022 – Government
NSA shares guidance to help secure OT/ICS critical infrastructure Full Text
Abstract
The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure.BleepingComputer
September 22, 2022 – General
MFA Fatigue - New Social Engineering Attack Takes Toll on Corporate Firms Full Text
Abstract
MFA Fatigue is coming out as a new technique for cybercriminals excelling in social engineering attacks. They are targeting big firms to obtain corporate credentials. This method is turning out to be more successful as it does not need malware or phishing infrastructure.Cyware Alerts - Hacker News
September 22, 2022 – Malware
Malicious NPM Package Caught Mimicking Material Tailwind CSS Package Full Text
Abstract
A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its maintainers as an "easy to use components library for Tailwind CSS and Material Design." "The malicious Material Tailwind npm package, while posing as a helpful development tool, has an automatic post-install script," Karlo Zanki, security researcher at ReversingLabs, said in a report shared with The Hacker News. This script is engineered to download a password-protected ZIP archive file that contains a Windows executable capable of running PowerShell scripts. The rogue package, named material-tailwindcss , has been downloaded 320 times to date, all of which occurred on or after September 15, 2022. In a tactic that's becoming increasingly common, the threatThe Hacker News
September 22, 2022 – Vulnerabilities
A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects Full Text
Abstract
More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS...Security Affairs
September 22, 2022 – Phishing
Microsoft Exchange servers hacked via OAuth apps for phishing Full Text
Abstract
Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails.BleepingComputer
September 22, 2022 – Business
DataGuard locks down $61M for data protection as a service Full Text
Abstract
The Series B round was led by Morgan Stanley Expansion Capital to double down on the market. The investment also includes One Peak, the U.K. VC that led DataGuard’s last fundraise of $20 million in 2020.Tech Crunch
September 22, 2022 – General
IT Security Takeaways from the Wiseasy Hack Full Text
Abstract
Last month Tech Crunch reported that payment terminal manufacturer Wiseasy had been hacked . Although Wiseasy might not be well known in North America, their Android-based payment terminals are widely used in the Asia Pacific region and hackers managed to steal passwords for 140,000 payment terminals. How Did the Wiseasy Hack Happen? Wiseasy employees use a cloud-based dashboard for remotely managing payment terminals. This dashboard allows the company to perform a variety of configuration and management tasks such as managing payment terminal users, adding or removing apps, and even locking the terminal. Hackers were able to gain access to the Wiseasy dashboard by infecting employee's computers with malware. This allowed hackers to gain access to two different employee's dashboards, ultimately leading to a massive harvesting of payment terminal credentials once they gained access. Top Lessons Learned from the Wiseasy Hack 1 — Transparency isn't always the best policy While iThe Hacker News
September 22, 2022 – Vulnerabilities
Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign Full Text
Abstract
Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134...Security Affairs
September 22, 2022 – Vulnerabilities
Critical Magento vulnerability targeted in new surge of attacks Full Text
Abstract
Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.BleepingComputer
September 22, 2022 – Outage
Anonymous takes down Iranian government websites amid protests following death of Mahsa Amini Full Text
Abstract
Several websites, including the ones for the central bank, the national government portal, and state-owned media sites, have been intermittently unreachable following the hacktivist attacks.The Record
September 22, 2022 – Vulnerabilities
Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure Full Text
Abstract
Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as such." "Given the OCID of a victim's disk that is not currently attached to an active server or configured as shareable, an attacker could 'attach' to it and obtain read/write over it," Tamari added. The cloud security firm, which dubbed the tenant isolation vulnerability " AttachMe ," said Oracle patched the issue within 24 hours of responsible disclosure on June 9, 2022. Accessing a volume using the CLI without sufficient permissions At its core, the vulnerability is rooted in the fact that a disk could be attached to a computeThe Hacker News
September 22, 2022 – Insider Threat
A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder Full Text
Abstract
A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that...Security Affairs
September 22, 2022 – Hacker
Hackers stealing GitHub accounts using fake CircleCI notifications Full Text
Abstract
GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform.BleepingComputer
September 22, 2022 – Malware
ChromeLoader Campaign Spreads Several Malware Full Text
Abstract
The multi-stage malware attack chain hijacks the browser and redirects targets to advertising sites, for the threat actors to generate revenue from ad clicks and views.Cyware Alerts - Hacker News
September 22, 2022 – Vulnerabilities
15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects Full Text
Abstract
As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming, tracked as CVE-2007-4559 (CVSS score: 6.8), is rooted in the tarfile module, successful exploitation of which could lead to code execution from an arbitrary file write. "The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the '..' sequence to filenames in a TAR archive," Trellix security researcher Kasimir Schulz said in a writeup. Originally disclosed in August 2007, the bug has to do with how a specially crafted tar archive can be leveraged to overwrite aThe Hacker News
September 22, 2022 – Ransomware
BlackCat ransomware’s data exfiltration tool gets an upgrade Full Text
Abstract
The BlackCat ransomware (aka ALPHV) isn't showing any signs of slowing down, and the latest example of its evolution is a new version of the gang's data exfiltration tool used for double-extortion attacks.BleepingComputer
September 22, 2022 – Government
Malaysia: Cyber security awareness master plan to be ready in 2023, says NSC Full Text
Abstract
The cyber security awareness master plan is expected to be completed next year as the primary reference in the implementation of cyber security awareness programs at the national level, says the National Security Council (NSC).The Star
September 22, 2022 – Hacker
Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners Full Text
Abstract
A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment information stealers, remote access trojans (RATs), and ransomware," Trend Micro threat researcher Sunil Bharti said in a report. The issue, tracked as CVE-2022-26134 (CVSS score: 9.8), was addressed by the Australian software company in June 2022. In one of the infection chains observed by the cybersecurity company, the flaw was leveraged to download and run a shell script ("ro.sh") on the victim's machine, which, in turn, fetched a second shell script ("ap.sh"). The malicious code is designed to update the PATH variable to include additional pathsThe Hacker News
September 21, 2022 – Solution
Windows 11 gets better protection against SMB brute-force attacks Full Text
Abstract
Microsoft announced that the Windows 11 SMB server is now better protected against brute-force attacks with the release of the Insider Preview Build 25206 to the Dev Channel.BleepingComputer
September 21, 2022 – Breach
Capital One freed from consent order tied to 2019 breach Full Text
Abstract
With the termination of the consent order, Capital One is no longer required to submit quarterly updates detailing its risk management and auditing practices to the OCC, which it was required to do following the discovery of the hack.Cybersecurity Dive
September 21, 2022 – Vulnerabilities
Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet Full Text
Abstract
An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner . It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known technique" designed to trick the servers into writing data to arbitrary files – a case of unauthorized access that was first documented in September 2018. "The general idea behind this exploitation technique is to configure Redis to write its file-based database to a directory containing some method to authorize a user (like adding a key to '.ssh/authorized_keys'), or start a process (like adding a script to '/etc/cron.d')," Censys said in a new write-up. The attack surface management platform said it uncovered evidence (i.e., Redis commands) indicating efforts on part of the attacker to store malicious crontab entries into the file "/var/The Hacker News
September 21, 2022 – Cryptocurrency
Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Full Text
Abstract
Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message...Security Affairs
September 21, 2022 – Criminals
Domain shadowing becoming more popular among cybercriminals Full Text
Abstract
Threat analysts at Palo Alto Networks (Unit 42) discovered that the phenomenon of 'domain shadowing' might be more prevalent than previously thought, uncovering 12,197 cases while scanning the web between April and June 2022.BleepingComputer
September 21, 2022 – Government
India: CERT-In warns of vulnerabilities in Zoom Full Text
Abstract
The cyber security agency said that vulnerabilities can be exploited by a remote attacker to join meetings they are authorized to join without appearing to other participants.The Times Of India
September 21, 2022 – Cryptocurrency
Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident Full Text
Abstract
In what's the latest crypto heist to target the decentralized finance (DeFi) space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute . The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker's wallet . The company said that its centralized finance (CeFi) and over-the-counter (OTC) operations have not been impacted by the security incident. It did not disclose when the hack took place. The digital asset market maker, which provides liquidity to more several exchanges and crypto platforms, warned of disruption to its services in the coming days, but stressed that it's "solvent with twice over that amount in equity left." "We are (still) open to treat[ing] this as a white hat, so if you are the attacker – get in touch," the company's founder and CEO, Evgeny Gaevoy, said in a tweet. DetaiThe Hacker News
September 21, 2022 – Criminals
Hackers stole $160 Million from Crypto market maker Wintermute Full Text
Abstract
Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute. Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading...Security Affairs
September 21, 2022 – Vulnerabilities
Twitter failed to log you out of all devices after password resets Full Text
Abstract
Twitter logged out some users after addressing a bug where some Twitter accounts remained logged on some mobile devices after voluntary password resets.BleepingComputer
September 21, 2022 – Vulnerabilities
Prototype pollution bug in Chromium bypassed Sanitizer API Full Text
Abstract
Reported by security researcher Micha? Bentkowski, the bug highlights the challenges of preventing client-side prototype pollution attacks. Prototype pollution can happen both on the client side (browser) and server side (Node.js servers).The Daily Swig
September 21, 2022 – General
Why Zero Trust Should be the Foundation of Your Cybersecurity Ecosystem Full Text
Abstract
For cybersecurity professionals, it is a huge challenge to separate the "good guys" from the "villains". In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore . Threats from within organizations – also known as "insider threats" – are increasing and cybersecurity practitioners are feeling the pain. Traditional perimeter defenses are not designed to prevent these attacks. They also struggle to keep external attackers out. Clever hackers continuously find ways in and "weaponize" their trusted status inside the network to compromise sensitive assets and orchestrate larger attacks. And an increasing number of enterprise resources – applications, devices, data, and even people – now live outside the perimeter. It's difficult to protect these assets with legacy approaches, much less fortify the perimeter to keep attackers out completely. How can you protect your organization in this landscape? TheThe Hacker News
September 21, 2022 – Government
U.S. gov adds more Chinese Telecom firms to the Covered List Full Text
Abstract
The U.S. Federal Communications Commission (FCC) has added more Chinese telecom firms to the Covered List. The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, ComNet (USA) LLC, and China Unicom (Americas) Operations Limited,...Security Affairs
September 21, 2022 – Government
FBI: Iranian hackers lurked in Albania’s govt network for 14 months Full Text
Abstract
The Federal Bureau of Investigation (FBI) and CISA said that one of the Iranian threat groups behind the destructive attack on the Albanian government's network in July lurked inside its systems for roughly 14 months.BleepingComputer
September 21, 2022 – Business
Sardine raises $51.5M led by a16z to sniff out fishy fintech transactions Full Text
Abstract
The company announced it has raised $51.5 million in a Series B round led by Andreessen Horowitz’s (a16z) Growth Fund after closing $19.5 million for its Series A earlier this year.Tech Crunch
September 21, 2022 – Government
U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List Full Text
Abstract
The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the companies are subject to the Chinese government's exploitation, influence, and control, and could be forced to comply with requests for intercepting and misrouting communications, without the ability to challenge such requests. The Public Safety and Homeland Security Bureau further noted that equipment and services from ComNet and China Unicom could present an opportunity for the Chinese government to carry out espionage operations and gather intelligence against the U.S. Alternatively, they could also provide the Chinese government with a strategic capability to "target, collect, alter, block, and reroute network traffic." China Unicom also earned a place on the list foThe Hacker News
September 21, 2022 – Denial Of Service
Imperva blocked a record DDoS attack with 25.3 billion requests Full Text
Abstract
Cybersecurity company Imperva announced to have mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests. Cybersecurity firm Imperva mitigated a DDoS attack with over 25.3 billion requests on June 27, 2022....Security Affairs
September 21, 2022 – Ransomware
LockBit ransomware builder leaked online by “angry developer” Full Text
Abstract
The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.BleepingComputer
September 21, 2022 – Vulnerabilities
Parse Server fixes brute-forcing bug that put sensitive user data at risk Full Text
Abstract
Tracked as CVE-2022-36079, the high severity issue was assigned a CVSS rating of 8.6 by GitHub but 7.5 by the National Institute of Standards and Technology (NIST). Attack complexity was deemed ‘low’.The Daily Swig
September 21, 2022 – Denial Of Service
Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing Full Text
Abstract
Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests on June 27, 2022. The "strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second (RPS). "Attackers used HTTP/2 multiplexing, or combining multiple packets into one, to send multiple requests at once over individual connections," Imperva said in a report published on September 19. The attack was launched from a botnet that comprised nearly 170,000 different IP addresses spanning routers, security cameras, and compromised servers located in more than 180 countries, primarily the U.S., Indonesia, and Brazil. The disclosure also comes as web infrastructure provider Akamai said it fielded a new DDoS assault aimed at a customer based in Eastern Europe on September 12, with attack traffic spiking at 704.8 million pThe Hacker News
September 21, 2022 – Vulnerabilities
Unpatched 15-year old Python bug allows code execution in 350k projects Full Text
Abstract
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.BleepingComputer
September 21, 2022 – General
PrivateLoader and Ruzki PPI - What’s the Connection? Full Text
Abstract
Upon tracking PrivateLoader’s network infrastructure and activities associated with ruzki PPI, SEKOIA researchers observed an overlap between the former’s C2 servers and the latter’s URLs offered to subscribers.Cyware Alerts - Hacker News
September 21, 2022 – Vulnerabilities
Critical Remote Hack Flaws Found in Dataprobe’s Power Distribution Units Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency said in a notice. Credited with disclosing the flaws is industrial cybersecurity firm Claroty, which said the weaknesses could be remotely triggered "either through a direct web connection to the device or via the cloud." iBoot-PDU is a power distribution unit (PDU) that provides users with real-time monitoring capabilities and sophisticated alerting mechanisms via a web interface so as to control the power supply to devices and other equipment in an OT environment. The vulnerabilities assume new significance when taking into considThe Hacker News
September 21, 2022 – General
DDoS and bot attacks in 2022: Business sectors at risk and how to defend Full Text
Abstract
According to Gcore, in 2022, the number and volume of DDoS attacks will roughly double compared to 2021. The average attack power will grow from 150-300 Gbps to 500-700 Gbps. Andrew Slastenov, Head of Web Security, at Gcore talks to his colleagues about trends in the cybersecurity market:BleepingComputer
September 21, 2022 – Breach
Update: Hackers post residents’ data stolen in Suffolk cyberattack Full Text
Abstract
Documents published by a group taking responsibility for the ransomware attack on Suffolk County government include speeding tickets, contracts with county vendors, and a handwritten marriage license from 1908, according to a Newsday review.News Day
September 21, 2022 – General
Product Review: Stellar Cyber Open XDR Platform Full Text
Abstract
Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs. Stellar Cyber delivers an Open XDR solution that allows organizations to use whatever security tools they desire in their security stack, feeding alerts and logs into Stellar Cyber. Stellar Cyber's "Open" approach means their platform can work with any product. As a result, a security team can make changes without wondering if the Stellar Cyber Open XDR platform will still work. Stellar Cyber address the needs of lean enterprise security teams by providing capabilities typically found in NG-SIEM, NDR, and SOAR products in their Open XDR platform, managed by a single license. This consolidation enables customers to eliminate security stack complexity.The Hacker News
September 21, 2022 – Phishing
LinkedIn Smart Links abused in evasive email phishing attacks Full Text
Abstract
Phishing actors are abusing LinkedIn's Smart Link feature to bypass email security products and successfully redirect targeted users to phishing pages that steal login credentials.BleepingComputer
September 21, 2022 – Government
Cyberspace Solarium Commission members push to advance remaining recommendations Full Text
Abstract
A new report released Wednesday shows the Cyberspace Solarium Commission is on track to have 85% of all of its recommendations implemented with the remaining either facing some hurdles or “significant barriers.”CyberScoop
September 21, 2022 – General
Okta: Credential stuffing accounts for 34% of all login attempts Full Text
Abstract
Credential stuffing attacks have become so prevalent in the first quarter of 2022 that their traffic surpassed that of legitimate login attempts from normal users in some countries.BleepingComputer
September 21, 2022 – Hacker
Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group Full Text
Abstract
The hackers did not post any data that would help verify their claims. Motherboard could not independently verify whether the hacktivists stole the personal data of Wagner mercenaries.Vice
September 20, 2022 – Denial Of Service
Imperva mitigated long-lasting, 25.3 billion request DDoS attack Full Text
Abstract
Internet security company Imperva has announced its DDoS (distributed denial of service) mitigation solution has broken a new record, defending against a single attack that sent over 25.3 billion requests to one of its customers.BleepingComputer
September 20, 2022 – Policy and Law
EU Court Rules Against German Data Collection Law Full Text
Abstract
Firms Telekom Deutschland and SpaceNet took action in the German courts challenging the law that obliged telecom companies to retain customers' traffic and location data for several weeks.Security Week
September 20, 2022 – Hacker
Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware Full Text
Abstract
A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT . The attacks are said to be an expansion of the same campaign that previously distributed DCRat (or DarkCrystal RAT) using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine. Sandworm is a destructive Russian threat group that's best known for carrying out attacks such as the 2015 and 2016 targeting of Ukrainian electrical grid and 2017's NotPetya attacks. It's confirmed to be Unit 74455 of Russia's GRU military intelligence agency. The adversarial collective, also known as Voodoo Bear, sought to damage high-voltage electrical sThe Hacker News
September 20, 2022 – APT
Russian Sandworm APT impersonates Ukrainian telcos to deliver malware Full Text
Abstract
Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target...Security Affairs
September 20, 2022 – Breach
2K Games says hacked help desk targeted players with malware Full Text
Abstract
American video game publisher 2K has confirmed that its help desk platform was hacked and used to target customers with fake support tickets pushing malware via embedded links.BleepingComputer
September 20, 2022 – General
Quantifying ROI in Cybersecurity Spend Full Text
Abstract
When it comes to cybersecurity, there are too many variables on both the attack and defense sides to easily calculate the return on investment (ROI) for specific expenditures.Security Week
September 20, 2022 – Breach
Uber Blames LAPSUS$ Hacking Group for Recent Security Breach Full Text
Abstract
Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based company said in an update. The financially-motivated extortionist gang was dealt a huge blow in March 2022 when the City of London Police moved to arrest seven suspected LAPSUS$ gang members aged between 16 and 21. Weeks later, two of them were charged for their actions. The hacker behind the Uber breach, an 18-year-old teenager who goes by the moniker Tea Pot, has also claimed responsibility for breaking into video game maker Rockstar Games over the weekend. Uber said it's working with "several leading digital forensics firms" as the company's investigation iThe Hacker News
September 20, 2022 – Attack
Uber believes that the LAPSUS$ gang is behind the recent attack Full Text
Abstract
Uber disclosed additional details about the security breach, the company blames a threat actor allegedly affiliated with the LAPSUS$ hacking group. Uber revealed additional details about the recent security breach, the company believes that the threat...Security Affairs
September 20, 2022 – Solution
Windows 11 22H2 adds kernel exploit protection to security baseline Full Text
Abstract
Microsoft has released the final version of security configuration baseline settings for Windows 11, version 22H2, downloadable today using the Microsoft Security Compliance Toolkit.BleepingComputer
September 20, 2022 – Vulnerabilities
Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs Full Text
Abstract
Companies are faced with a backlog of 100,000 vulnerabilities within their systems. Not all are exploitable – in fact, 85% cannot or cannot really be exploited. Nevertheless, 15,000 remaining vulnerabilities is a frightening number.Security Week
September 20, 2022 – General
Analyzing IP Addresses to Prevent Fraud for Enterprises Full Text
Abstract
How can businesses protect themselves from fraudulent activities by examining IP addresses? The police would track burglars if they left calling cards at the attacked properties. Internet fraudsters usually leave a trail of breadcrumbs whenever they...Security Affairs
September 20, 2022 – Ransomware
Hive ransomware claims attack on New York Racing Association Full Text
Abstract
The Hive ransomware operation claimed responsibility for an attack on the New York Racing Association (NYRA), which previously disclosed that a cyber attack on June 30, 2022, impacted IT operations and website availability and compromised member data.BleepingComputer
September 20, 2022 – Policy and Law
China: Cybersecurity law violators to face heavier penalties Full Text
Abstract
The Cyberspace Administration of China proposed a set of amendments to the Cybersecurity Law last week that would raise the size of fines for some violations and diversify penalties for infractions committed by operators of critical infrastructure.China Daily
September 20, 2022 – Breach
American Airlines disclosed a data breach Full Text
Abstract
American Airlines disclosed a data breach, threat actors had access to an undisclosed number of employee email accounts. American Airlines recently suffered a data breach, threat actors compromised a limited number of employee email accounts. The...Security Affairs
September 20, 2022 – Breach
2K game support hacked to email RedLine info-stealing malware Full Text
Abstract
Hackers have compromised the support system of American video game publisher 2K and now are sending support tickets to gamers containing the RedLine password-stealing malware.BleepingComputer
September 20, 2022 – Government
CISA Plans to Measure the Effect of Coming Standards on Industry’s Cybersecurity Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency will spend the next three years measuring the success of the government’s effort to protect both publicly and privately controlled critical infrastructure from cyberattacks.Nextgov
September 20, 2022 – Cryptocurrency
Hackers steal $162 million from Wintermute crypto market maker Full Text
Abstract
Digital assets trading firm Wintermute has been hacked and lost $162.2 million in DeFi operations, the company CEO, Evgeny Gaevoy, announced earlier today.BleepingComputer
September 20, 2022 – General
Countering the Future Growth of Ransomware Full Text
Abstract
Ransomware has grown into a major threat to organizations globally. The United States and its partners should work through international institutions to prevent ransomware gangs from expanding into other countries.CFR
September 20, 2022 – General
Top 8 takeaways from the VMWare Cybersecurity Threat Report Full Text
Abstract
VMware has recently released the 2022 edition of its annual Global Incident Response Threat Report. It is critically important for IT professionals to understand these trends and what they could mean for your organization's cyber security efforts. Let's break down VMware's 8 key findings and offer meaningful insights into each.BleepingComputer
September 20, 2022 – Attack
Bosnia and Herzegovina Investigating Alleged Ransomware Attack on Parliament Full Text
Abstract
While the prosecutor would not say what type of attack it is, sources confirmed to Nezavisne that it involved ransomware. The Sarajevo Times reported that the main server of parliament was shut off after the attack.The Record
September 20, 2022 – Solution
Microsoft Defender for Endpoint will turn on tamper protection by default Full Text
Abstract
Microsoft says tamper protection will soon be turned on by default for all enterprise customers in Microsoft Defender for Endpoint (MDE) for better defense against ransomware attacks.BleepingComputer
September 20, 2022 – Government
US government rejects ransom payment ban to spur disclosure Full Text
Abstract
Ultimately, U.S. officials decided against an outright ban, Anne Neuberger, deputy national security advisor for cyber and emerging technology on the National Security Council, said earlier this month at the Code Conference.Cybersecurity Dive
September 20, 2022 – Vulnerabilities
MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches Full Text
Abstract
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue.BleepingComputer
September 20, 2022 – Cryptocurrency
Crypto Market Maker Wintermute Loses $160 Million in DeFi Hack Full Text
Abstract
Wintermute, a leading crypto market maker, has lost about $160 million in a hack, a top executive said Tuesday, becoming the latest firm in the industry to suffer a breach.Tech Crunch
September 20, 2022 – General
Critical Infrastructure Takes Center Stage Full Text
Abstract
Every service provider that may be a valuable target for attackers needs to take into account how their IT infrastructure may be vulnerable. Modern networks are diverse and uncentralized, opening companies to greater risk along their supply chain.Security Boulevard
September 20, 2022 – Malware
IT giants warn of ongoing Chromeloader malware campaigns Full Text
Abstract
VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser...Security Affairs
September 19, 2022 – Breach
American Airlines discloses data breach after employee email compromise Full Text
Abstract
American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information.BleepingComputer
September 19, 2022 – Privacy
EU moves to protect journalists from spyware Full Text
Abstract
Alongside measures promoting ownership transparency and editorial independence, the European Media Freedom Act (EMFA) proposed on Friday will introduce “strong safeguards against the use of spyware against media, journalists and their families.”The Record
September 19, 2022 – Breach
Rockstar Games Confirms Hacker Stole Early Grand Theft Auto VI Footage Full Text
Abstract
American video game publisher Rockstar Games on Monday revealed it was a victim of a "network intrusion" that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI. "At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects," the company said in a notice shared on its social media handles. The company said that the third-party accessed "confidential information from our systems," although it's not immediately clear if it involved any other data beyond the game footage. The trove of data, contains some 90 videos of clips from the game, leaked over the weekend on GTAForums by a user with an alias "teapotuberhacker," hinting that the party is also the same person responsible for the recent Uber breach . The Uber hacker, who is going by the name Tea Pot , is believed to be an 18-year-old teenager. No other deThe Hacker News
September 19, 2022 – Breach
Revolut security breach: data of +50,000 users exposed Full Text
Abstract
Revolut has suffered a cyberattack, threat actors have had access to personal information of tens of thousands of customers. The financial technology company Revolut suffered a 'highly targeted' cyberattack over the weekend, threat actors had access...Security Affairs
September 19, 2022 – Phishing
Microsoft 365 phishing attacks impersonate U.S. govt agencies Full Text
Abstract
An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents.BleepingComputer
September 19, 2022 – General
India: September 30 deadline for Demat account holders to enable 2-factor authentication Full Text
Abstract
According to a notification issued by the National Stock Exchange (NSE) on June 14, the two-factor authentication can be done using biometric authentication along with the knowledge/possession factor.Hindustan Times
September 19, 2022 – Botnet
Emotet Botnet Started Distributing Quantum and BlackCat Ransomware Full Text
Abstract
The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, which would allow the attacker to control it remotely. Although the infrastructure associated with the invasive malware loader was taken down as part of a law enforcement effort in January 2021, the Conti ransomware cartel is said to have played an instrumental role in its comeback late last year. "From November 2021 to Conti's dissolution in June 2022, Emotet was an exclusive Conti ransomware tool, however, the Emotet infection chain is currently attributed to Quantum and BlackCat," AdvIntel said in an advisory published last week. Typical attack sequencesThe Hacker News
September 19, 2022 – Breach
Alleged Grand Theft Auto 6 (GTA6) gameplay videos and source code leaked online Full Text
Abstract
Threat actors leaked source code and gameplay videos of Grand Theft Auto 6 (GTA6) after they have allegedly breached Rockstar Game. Threat actors allegedly compromised Rockstar Game's Slack server and Confluence wiki and leaked Grand Theft Auto 6 gameplay...Security Affairs
September 19, 2022 – Hacker
Russian Sandworm hackers pose as Ukrainian telcos to drop malware Full Text
Abstract
The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware.BleepingComputer
September 19, 2022 – Vulnerabilities
High severity vulnerabilities found in Harbor open-source artifact registry Full Text
Abstract
Oxeye security researchers have uncovered several new high severity variants of the Insecure Director Object Reference (IDOR) vulnerabilities in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware.Help Net Security
September 19, 2022 – Education
Microsoft Teams’ GIFShell Attack: What Is It and How You Can Protect Yourself from It Full Text
Abstract
Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been correctly set. This article takes a look at what the method entails and the steps needed to combat it. The GifShell Attack Method Discovered by Bobby Rauch , the GIFShell attack technique enables bad actors to exploit several Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and other network monitoring tools. This attack method requires a device or user that is already compromised. Learn how an SSPM can assess, monitor and remediate SaaS misconfigurations and Device-to-SaaS user risk . The main component of this aThe Hacker News
September 19, 2022 – Criminals
TeamTNT is back and targets servers to run Bitcoin encryption solvers Full Text
Abstract
AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts...Security Affairs
September 19, 2022 – Breach
Uber links breach to Lapsus$ group, blames contractor for hack Full Text
Abstract
Uber believes the hacker behind last week's breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, Nvidia, Samsung, and Okta.BleepingComputer
September 19, 2022 – Government
India: CERT-In issues advisory of ‘Best Practices’ to protect against online fraud while using smartphones Full Text
Abstract
The advisory asks users to be cautious while downloading applications. It can be harmful to download apps from sources other than the official app stores only; Google Play Store and App Store.Hindustan Times
September 19, 2022 – Ransomware
Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware Full Text
Abstract
A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zürich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegian aluminum giant Norsk Hydro . It's said to have infected more than 1,800 victims in 71 countries, causing an estimated $104 million in damages. The ransomware operation received a significant blow in October 2021 when 12 people in connection with the group, alongside MegaCortex and Dharma, were apprehended as part of an international law enforcement effort . The arrests, which took place in Ukraine and Switzerland, also saw the seizure of cash worth $52,000, five luxury vehicles, and a number of electronic devices. One of the accused is currently in pretrial detention in Zurich. The Zurich Cantonal Police further said it spent the past months examining the data storage devicesThe Hacker News
September 19, 2022 – Vulnerabilities
Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes Full Text
Abstract
Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. Researchers from Necrum Security Labs discovered a couple of critical vulnerabilities, tracked as CVE–2022–36158...Security Affairs
September 19, 2022 – Malware
VMware, Microsoft warn of widespread Chromeloader malware attacks Full Text
Abstract
The operators of the Chromeloader adware are evolving their attack methods and gradually transforming the low-risk tool into a dangerous malware loader, seen dropping ransomware in some cases.BleepingComputer
September 19, 2022 – Criminals
Update: ‘Vindictive’ couple behind IHG hack deleted hotel chain data for fun Full Text
Abstract
Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. An expert says the case highlights the vindictive side of criminal hackers.BBC
September 19, 2022 – Phishing
Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers Full Text
Abstract
Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's cybersecurity division is tracking the developing threat cluster under the name DEV-0796. Attach chains mounted by the adversary commence with an ISO file that's downloaded onto a victim's machine upon clicking on a malicious ad or comments on YouTube. The ISO file, when opened, is designed to install a browser node-webkit (aka NW.js ) or rogue browser extension. It's worth noting that the ISO file masquerades as hacks and cheats for the Krunker first-person shooter game. Cheats are programs that help gamers gain an added advantage beyond the available capabiliThe Hacker News
September 19, 2022 – Breach
Revolut hack exposes data of 50,000 users, fuels new phishing wave Full Text
Abstract
Revolut is sending out notices of a data breach to a small percentage of impacted users, informing them of a security incident where an unauthorized third party accessed internal data.BleepingComputer
September 19, 2022 – Breach
ClearBalance data breach class action settlement Full Text
Abstract
The settlement benefits a nationwide Class of individuals whose personal identifying information was compromised in the CSI Financial Services data breach between March 8, 2021, and April 26, 2021.Top Class Actions
September 19, 2022 – Botnet
How botnet attacks work and how to defend against them Full Text
Abstract
Experts believe that the development of serverless technologies will further simplify the creation of botnets for DDoS attacks. Here's how Gcore can counter these threats.BleepingComputer
September 19, 2022 – Attack
New Gamaredon Campaign Targets Ukrainian entities with New Info-stealer Full Text
Abstract
A new cyberespionage campaign by Gamaredon is targeting employees from the Ukrainian government, law enforcement, and defense agencies, with custom-made malware. Researchers claim that its new infostealer is capable of stealing files from attached storage devices (local and remote).Cyware Alerts - Hacker News
September 19, 2022 – Vulnerabilities
Netgear Routers impacted by FunJSQ Game Acceleration Module flaw Full Text
Abstract
Researchers at security firm Onekey warned of an arbitrary code execution flaw via FunJSQ, a third-party module developed by Xiamen Xunwang Network Technology for online game acceleration, that impacts multiple Netgear router models.Security Affairs
September 19, 2022 – Breach
San Dieguito High School 1.75M Data Breach Settlement Full Text
Abstract
The settlement benefits individuals who had an Aeries account through the San Dieguito Union High School District during the Aeries Software data breach around November 4, 2019.Top Class Actions
September 18, 2022 – Breach
GTA 6 source code and videos leaked after Rockstar Games hack Full Text
Abstract
Grand Theft Auto 6 gameplay videos and source code have been leaked after a hacker allegedly breached Rockstar Game's Slack server and Confluence wiki.BleepingComputer
September 18, 2022 – Vulnerabilities
Netgear Routers impacted by FunJSQ Game Acceleration Module flaw Full Text
Abstract
Multiple Netgear router models are impacted by an arbitrary code execution via FunJSQ, which is a third-party module for online game acceleration. Researchers at security and compliance assessment firm Onekey warns of an arbitrary code execution via FunJSQ,...Security Affairs
September 18, 2022 – Cryptocurrency
TeamTNT hijacking servers to run Bitcoin encryption solvers Full Text
Abstract
Threat analysts at AquaSec have spotted signs of TeamTNT activity on their honeypots since early September, leading them to believe the notorious hacking group is back in action.BleepingComputer
September 18, 2022 – Breach
Uber says there is no evidence that users’ private information was compromised Full Text
Abstract
Uber hack update: There is no evidence that users' private information was compromised in the data breach. Uber provided an update regarding the recent security breach of its internal computer systems, the company confirmed that there is no evidence...Security Affairs
September 17, 2022 – Vulnerabilities
Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack Full Text
Abstract
A few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI, using a newly discovered technique called a "prompt injection attack."ARS Technica
September 17, 2022 – Breach
Uber Claims No Sensitive Data Exposed in Latest Breach… But There’s More to This Full Text
Abstract
Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said . "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational." The ride-hailing company also said it's brought back online all the internal software tools it took down previously as a precaution, reiterating it's notified law enforcement of the matter. It's not immediately clear if the incident resulted in the theft of any other information or how long the intruder was inside Uber's network. Uber has not provided more specifics of how the incident played out beyond saying its investigation and response efforts are ongoing. But independent security researcher Bill Demirkapi characterized Uber's &quThe Hacker News
September 17, 2022 – Vulnerabilities
Water Tank Management System Used Worldwide Has Unpatched Security Hole Full Text
Abstract
A water tank management system used by organizations worldwide is affected by a critical vulnerability that can be exploited remotely and the vendor does not appear to want to patch it.Security Week
September 17, 2022 – Privacy
Google, Microsoft can get your passwords via web browser’s spellcheck Full Text
Abstract
Enhanced Spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.BleepingComputer
September 17, 2022
Starbucks Singapore Says Customer Database Breached Full Text
Abstract
The customer database was breached online, with local media reporting that 200,000 people's information was stolen. However, the company said that no credit card details were taken as it does not store them.Security Week
September 17, 2022 – General
Security Affairs newsletter Round 384 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. LastPass...Security Affairs
September 17, 2022 – Botnet
Emotet botnet now pushes Quantum and BlackCat ransomware Full Text
Abstract
While monitoring the Emotet botnet's current activity, security researchers found that the malware is now being used by the Quantum and BlackCat ransomware gang to deploy their payloads.BleepingComputer
September 17, 2022 – Breach
LastPass revealed that intruders had internal access for four days during the August hack Full Text
Abstract
The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered...Security Affairs
September 17, 2022 – Breach
New York ambulance service discloses data breach after ransomware attack Full Text
Abstract
Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information.BleepingComputer
September 17, 2022 – Government
CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including the bug used in the Stuxnet attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)...Security Affairs
September 17, 2022 – Breach
Hackers Had Access to LastPass’s Development Systems for Four Days Full Text
Abstract
Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "there is no evidence that this incident involved any access to customer data or encrypted password vaults." LastPass in late August revealed that a breach targeting its development environment resulted in the theft of some of its source code and technical information, although no further specifics were offered. The company, which said it completed the probe into the hack in partnership with incident response firm Mandiant, said the access was achieved using a developer's compromised endpoint. While the exact method of initial entry remains "inconclusive," LastPass noted the adversaryThe Hacker News
September 16, 2022 – Ransomware
The Week in Ransomware - September 16th 2022 - Iranian Sanctions Full Text
Abstract
It has been a fairly quiet week on the ransomware front, with the biggest news being US sanctions on Iranians linked to ransomware attacks.BleepingComputer
September 16, 2022 – Government
Biden admin launches $1B cyber grant program for state, local governments Full Text
Abstract
The Biden administration on Friday launched a long-awaited federal cybersecurity grant program that will funnel up to $1 billion to state and local governments to upgrade their digital defenses.The Record
September 16, 2022 – Solution
Bitdefender releases Universal LockerGoga ransomware decryptor Full Text
Abstract
Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover...Security Affairs
September 16, 2022 – Insider Threat
LastPass says hackers had internal access for four days Full Text
Abstract
LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted.BleepingComputer
September 16, 2022 – Government
White House gives U.S. agencies 90 days to create inventory of all software Full Text
Abstract
Now that NIST has finished creating its guidance, the OMB wants all agencies to implement it for any third-party software used with an organization’s computer systems. The rules do not apply to software developed by agencies themselves.The Record
September 16, 2022 – Malware
Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services Full Text
Abstract
Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI platform offered by a cybercriminal actor dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said. The cybersecurity firm said its investigations into the twin services led it to conclude that PrivateLoader is the proprietary loader of the ruzki PPI malware service. PrivateLoader, as the name implies, functions as a C++-based loader to download and deploy additional malicious payloads on infected Windows hosts. It's primarily distributed through SEO-optimized websites that claim to provide cracked software. Although it was first documented earlier this February by Intel471, it's said to have been put to use starting as early as May 2021. SThe Hacker News
September 16, 2022 – APT
North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp Full Text
Abstract
North Korea-linked threat actor UNC4034 is spreading tainted versions of the PuTTY SSH and Telnet client. In July 2022, Mandiant identified a novel spear phish methodology that was employed by North Korea-linked threat actor UNC4034. The attackers...Security Affairs
September 16, 2022 – Government
CISA orders agencies to patch vulnerability used in Stuxnet attacks Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor's instructions to fix them.BleepingComputer
September 16, 2022 – Hacker
Opsec Mistakes Reveal COBALT MIRAGE Threat Actors Full Text
Abstract
Despite Secureworks CTU researchers publicly disclosing COBALT MIRAGE tactics, techniques, and procedures (TTPs) in May 2022, the threat actors continue to demonstrate many of the same behaviors.Secure Works
September 16, 2022 – Hacker
North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application Full Text
Abstract
A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. Google-owned threat intelligence firm Mandiant attributed the new campaign to an emerging threat cluster it tracks under the name UNC4034 . "UNC4034 established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility," Mandiant researchers said . The utilization of fabricated job lures as a pathway for malware distribution is an oft-used tactic by North Korean state-sponsored actors, including the Lazarus Group, as part of an enduring campaign called Operation Dream Job . The entry point of the attack is an ISO file that masquerades as an Amazon Assessment as part of a potential job opportunity at the tech giant.The Hacker News
September 16, 2022 – Breach
Uber hacked, internal systems and confidential documents were allegedly compromised Full Text
Abstract
Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents,...Security Affairs
September 16, 2022 – Criminals
Hacker sells stolen Starbucks data of 219,000 Singapore customers Full Text
Abstract
The Singapore division of Starbucks, the popular American coffeehouse chain, has admitted that it suffered a data breach incident impacting over 219,000 of its customers.BleepingComputer
September 16, 2022 – Solution
Open source CMS TYPO3 tackles XSS vulnerability Full Text
Abstract
The flaw has been patched in 7.6.58, 8.7.48, 9.5.37, 10.4.32, and 11.5.16 of typo3/cms-core. All prior versions on these release lines are affected. As user interaction is required, the bug is classified as moderate severity (CVSS score of 6.1).The Daily Swig
September 16, 2022 – General
How to Use a UTM Solution & Win Time, Money and Resources Full Text
Abstract
Unified threat management is thought to be a universal solution for many reasons. First of all, it is compatible with almost any hardware. As a business or an MSP, you don't have to bother with leasing or subleasing expensive equipment. There is no need to chase your clients to return your costly hardware. The all-in-one UTM solution will save you money and time & make work routine less stressful. However, solely purchasing a sophisticated IT solution might end up in a waste of money, if the vendor does not tailor it up specifically for your needs. More troubles occur if your staff does not have much IT background or simply is not tech-savvy enough. We put together a compilation of the best use cases of SafeUTM so you can see how to integrate such a solution into your infrastructure & help you cut back on unnecessary expenses of all kinds. UTM as a lifesaver for enterprise cybersecurity Large metal industry company of 4,500 users Among the challenges faced before impleThe Hacker News
September 16, 2022
Bitdefender releases free decryptor for LockerGoga ransomware Full Text
Abstract
Romanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover their files without paying a ransom.BleepingComputer
September 16, 2022 – Government
CISA Sets Strategic Plan for 2023-2025, Eyes Unity of Efforts Full Text
Abstract
The first three goals in the plan focus on how the agency will “reduce risk and build resilience to cyber and physical threats,” while the fourth goal pledges an internal focus to unify as “One CISA.”Meritalk
September 16, 2022 – Cryptocurrency
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies Full Text
Abstract
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as Security-Enhanced Linux ( SELinux ), and others. The operators behind the Kinsing malware have a history of scanning for vulnerable servers to co-opt them into a botnet, including that of Redis , SaltStack , Log4Shell , Spring4Shell , and the Atlassian Confluence flaw ( CVE-2022-26134 ). The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts. The latest wave of attacks entails the actor weaponizing CVE-2020-14882 (CVSS score:The Hacker News
September 16, 2022 – Phishing
Fake cryptocurrency giveaway sites have tripled this year Full Text
Abstract
The number of websites promoting cryptocurrency giveaway scams to lure gullible victims has increased by more than 300% in the first half of this year, targeting mostly English and Spanish speakers using celebrity deepfakes.BleepingComputer
September 16, 2022 – Vulnerabilities
OIG Warns USCIS Over Unauthorized Access to Systems and Information Full Text
Abstract
OIG said the deficiencies stemmed from insufficient internal controls and day-to-day oversight to ensure access controls are administered appropriately and effectively to prevent unauthorized access.HS Today
September 16, 2022 – Breach
Uber Says It’s Investigating a Potential Breach of Its Computer Systems Full Text
Abstract
Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident. The company pointed to its tweeted statement when asked for comment on the matter. The hack is said to have forced the company to take its internal communications and engineering systems offline as it investigated the extent of the breach. The publication said the malicious intruder compromised an employee's Slack account, and leveraged it to broadcast a message that the company had "suffered a data breach," in addition to listing internal databases that's supposed to have been compromised. "It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees," the New York Times said. Uber has yet to offer additional details abouThe Hacker News
September 16, 2022 – Breach
Uber hacked, internal systems breached and vulnerability reports stolen Full Text
Abstract
Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.BleepingComputer
September 16, 2022 – Vulnerabilities
SAP Patches High-Severity Flaws in Business One, BusinessObjects, GRC Full Text
Abstract
The most important of the newly released security notes deals with a high-severity vulnerability, tracked as CVE-2022-35292 (CVSS score of 7.8), in Business One that could lead to escalation of privileges.Security Week
September 15, 2022 – Malware
Hackers trojanize PuTTY SSH client to backdoor media company Full Text
Abstract
North Korean hackers are using trojanized versions of the PuTTY SSH client to deploy backdoors on targets' devices as part of a fake Amazon job assessment.BleepingComputer
September 15, 2022 – General
SMBs are hardest-hit by ransomware Full Text
Abstract
During the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021, according to the 2022 Cyber Claims Report by Coalition.Help Net Security
September 15, 2022 – Malware
Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube Full Text
Abstract
Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. "The videos advertise cheats and cracks and provide instructions on hacking popular games and software," Kaspersky security researcher Oleg Kupreev said in a new report published today. Games mentioned in the videos are APB Reloaded, CrossFire, DayZ, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Sniper Elite, and Spider-Man, among others. Downloading the self-extracting RAR archive leads to the execution of Redline Stealer, a coin miner, as well as a number of other binaries that enable the bundle's self-propagation. Specifically, this is achieved by means of an open-source C#-based password stealer that's capable of extracting cookies from browsers, which is then used by the operators to gain unauthorized access toThe Hacker News
September 15, 2022 – Denial Of Service
Akamai mitigated a new record-breaking DDoS attack against a Europen customer Full Text
Abstract
Akamai announced to have recently blocked a new record-breaking distributed denial-of-service (DDoS) attack. On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. The malicious traffic...Security Affairs
September 15, 2022 – Ransomware
Hive ransomware claims cyberattack on Bell Canada subsidiary Full Text
Abstract
The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS).BleepingComputer
September 15, 2022 – Business
SandboxAQ acquires Cryptosense to accelerate the deployment of PQC solutions to organizations Full Text
Abstract
The acquisition of Cryptosense complements and accelerates the deployment of SandboxAQ’s Post-Quantum Cryptography (PQC) solutions to corporations and government institutions worldwide.Help Net Security
September 15, 2022 – Hacker
Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware Full Text
Abstract
An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a technical write-up shared with The Hacker News. "LNK files, PowerShell, and VBScript enable initial access, while malicious binaries are deployed in the post-infection phase." Active since 2013, Gamaredon – also known as Actinium, Armageddon, Primitive Bear, Shuckworm, and Trident Ursa – has been linked to numerous attacks aimed at Ukrainian entities in the aftermath of Russia's military invasion of Ukraine in late February 2022. The targeted phishing operation, observed as recently as August 2022, also follows similar intrusions uncovered by Symantec last month inThe Hacker News
September 15, 2022 – Malware
Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube Full Text
Abstract
Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners Researchers from Kaspersky have spotted a self-extracting archive, served to gamers looking for cheats on YouTube, that...Security Affairs
September 15, 2022 – Denial Of Service
Akamai stopped new record-breaking DDoS attack in Europe Full Text
Abstract
A new distributed denial-of-service (DDoS) attack that took place on Monday, September 12, has broken the previous record that Akamai recorded recently in July.BleepingComputer
September 15, 2022 – Vulnerabilities
Google Improves Chrome Protections Against Use-After-Free Bug Exploitation Full Text
Abstract
For security flaws in the browser process, Google has introduced MiraclePtr, which rewrites the codebase to use a smart pointer type called ‘raw_ptr’ to prevent the exploitation of use-after-free bugs.Security Week
September 15, 2022 – Insider Threat
5 Ways to Mitigate Your New Insider Threats in the Great Resignation Full Text
Abstract
Companies are in the midst of an employee "turnover tsunami" with no signs of a slowdown. According to Fortune Magazine, 40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation - creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide. At Davos 2022 , statistics connect the turmoil of the great resignation to the rise of new insider threats. Security teams are feeling the impact. It's even harder to keep up with your employee security. Companies need a fresh approach to close the gaps and prevent attacks. This article will examine what your security teams must do within the new organizational dynamics to quickly and effectively address unique challenges. Handling Your New Insider Threats Implementing a successful security awareness program is more challenging than ever for your security team—the new blood coming in causeThe Hacker News
September 15, 2022 – APT
Russia-linked Gamaredon APT target Ukraine with a new info-stealer Full Text
Abstract
Russia-linked Gamaredon APT targets employees of the Ukrainian government, defense, and law enforcement agencies with a custom information-stealing malware. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear,...Security Affairs
September 15, 2022 – Vulnerabilities
Microsoft Edge’s News Feed ads abused for tech support scams Full Text
Abstract
An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams.BleepingComputer
September 15, 2022 – APT
Gamaredon APT Targets Ukrainian Government, Defense Agencies in New Campaign Full Text
Abstract
The campaign aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infection chain.Cisco Talos
September 15, 2022 – Hacker
Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks Full Text
Abstract
A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT , Gh0st RAT , and 9002 RAT ," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. The cybersecurity firm said at least one of the indicators of compromise (IOCs) was used in an attack against an IT service provider operating in multiple Asian countries. It's worth pointing out that all the three backdoors are primarily associated with Chinese threat actors such as Stone Panda (APT10), Aurora Panda (APT17), Emissary Panda (APT27), and Judgement Panda (APT31), among others, although they have been put to use by other hacking groups. Symantec said the Webworm threat actor exhibits tactical overlaps with another new adversaThe Hacker News
September 15, 2022 – Government
FBI: Millions in Losses resulted from attacks against Healthcare payment processors Full Text
Abstract
The FBI has issued an alert about threat actors targeting healthcare payment processors in an attempt to hijack the payments. The Federal Bureau of Investigation (FBI) has issued an alert about cyber attacks against healthcare payment processors to redirect...Security Affairs
September 15, 2022 – Malware
New malware bundle self-spreads through YouTube gaming videos Full Text
Abstract
A new malware bundle uses victims' YouTube channels to upload malicious video tutorials advertising fake cheats and cracks for popular video games to spread the malicious package further.BleepingComputer
September 15, 2022 – Phishing
Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish Full Text
Abstract
According to an advisory by Vectra, access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.Dark Reading
September 15, 2022 – Policy and Law
U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks Full Text
Abstract
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked under the names APT35, Charming Kitten, Nemesis Kitten, Phosphorus, and TunnelVision. "This group has launched extensive campaigns against organizations and officials across the globe, particularly targeting U.S. and Middle Eastern defense, diplomatic, and government personnel, as well as private industries including media, energy, business services, and telecommunications," the Treasury said . The Nemesis Kitten actor, which is also known as Cobalt Mirage , DEV-0270 , and UNC2448 , has come under the scanner in recent months for its pattern of ransomware attacks for oThe Hacker News
September 15, 2022 – Phishing
Crooks are using lures related to Her Majesty Queen Elizabeth II in phishing attacks Full Text
Abstract
Threat actors are exploiting the death of Queen Elizabeth II as bait in phishing attacks to steal Microsoft account credentials from victims. Researchers from Proofpoint are warning of threat actors that are using the death of Queen Elizabeth II as bait...Security Affairs
September 15, 2022 – Outage
Zoom outage left users unable to sign in or join meetings Full Text
Abstract
The Zoom video conference platform was down and experienced an outage preventing users from logging in or joining meetings.BleepingComputer
September 15, 2022 – Policy and Law
U.S. charges three Iranians for ransomware attacks on women’s shelter, businesses Full Text
Abstract
While the criminal charges do not say whether the alleged hackers worked for the Iranian government, a separate U.S. Treasury Department statement said they were affiliated with the Islamic Revolutionary Guard Corps (IRGC).Reuters
September 15, 2022 – Attack
Russian hackers use new info stealer malware against Ukrainian orgs Full Text
Abstract
Russian hackers have been targeting Ukrainian entities with previously unseen info-stealing malware during a new espionage campaign that is still active.BleepingComputer
September 15, 2022 – Attack
Webworm hackers modify old malware in new attacks to evade attribution Full Text
Abstract
Chinese cyberespionage hackers of the 'Webworm' group are undergoing experimentation, using modified decade-old RATs (remote access trojans) in the wild.BleepingComputer
September 14, 2022 – Phishing
Gay hookup site typosquatted to push dodgy Chrome extensions, scams Full Text
Abstract
Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with many typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription.BleepingComputer
September 14, 2022 – Government
FBI: Hackers steal millions from healthcare payment processors Full Text
Abstract
The Federal Bureau of Investigation (FBI) has issued an alert about hackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker.BleepingComputer
September 14, 2022 – General
Modernizing data security with a zero trust approach to data access Full Text
Abstract
Regardless of the approach to zero trust, to follow the zero trust principle, every organization must continuously validate users who need access to data – i.e., continuously authenticate, authorize and validate users across all data sources.Help Net Security
September 14, 2022 – Ransomware
Lorenz Ransomware Exploit Mitel VoIP Systems to Breach Business Networks Full Text
Abstract
The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting on the network perimeter," researchers from cybersecurity firm Arctic Wolf said in a report published this week. "Lorenz exploited CVE-2022-29499 , a remote code execution vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, to obtain a reverse shell and subsequently used Chisel as a tunneling tool to pivot into the environment." Lorenz, like many other ransomware groups, is known for double extortion by exfiltrating data prior to encrypting systems, with the actor targeting small and medium businesses (SMBs) located in the U.S., and to a lesser extent in China and Mexico, since at least February 2021. Calling it an "ever-evolvinThe Hacker News
September 14, 2022 – Government
CISA added 2 more security flaws to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
CISA added more security flaws to its Known Exploited Vulnerabilities Catalog, including Windows and iOS flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 2 new vulnerabilities to its Known Exploited Vulnerabilities...Security Affairs
September 14, 2022 – Phishing
Gay hookup site typosquatted by 50 domains to push dodgy Chrome extensions Full Text
Abstract
Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with many typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription.BleepingComputer
September 14, 2022 – Malware
GIFShell, a New Tool to Abuse Microsoft Teams GIFs Full Text
Abstract
A cybersecurity consultant has discovered a new attack chain, GIFShell, that leverages GIF images in Microsoft Teams to execute arbitrary commands on the target’s machine. Since the data exfiltration is performed by leveraging Microsoft's own servers, it is challenging to identify the traffic and d ... Read MoreCyware Alerts - Hacker News
September 14, 2022 – APT
SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor Full Text
Abstract
A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. Slovak cybersecurity firm ESET, which detected the malware in the university's network, attributed the backdoor to a nation-state actor dubbed SparklingGoblin . The unnamed university is said to have been already targeted by the group in May 2020 during the student protests . "The group continuously targeted this organization over a long period of time, successfully compromising multiple key servers, including a print server, an email server, and a server used to manage student schedules and course registrations," ESET said in a report shared with The Hacker News. SparklingGoblin is the name given to a Chinese advanced persistent threat (APT) group with connections to the Winnti umbrella (aka APT41, Barium, Earth Baku, or Wicked Panda). It's primarily known for its attacks targeting various enThe Hacker News
September 14, 2022 – APT
SparklingGoblin APT adds a new Linux variant of SideWalk implant to its arsenal Full Text
Abstract
China-linked SparklingGoblin APT was spotted using a Linux variant of a backdoor known as SideWalk against a Hong Kong university. Researchers from ESET discovered a Linux variant of the SideWalk backdoor, which is a custom implant used by the China-linked...Security Affairs
September 14, 2022 – Phishing
Death of Queen Elizabeth II exploited to steal Microsoft credentials Full Text
Abstract
Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to malicious sites designed to steal their Microsoft account credentials.BleepingComputer
September 14, 2022 – Phishing
Phishers take aim at Facebook page owners Full Text
Abstract
Phishers are looking to trick owners of Facebook pages with fake notices from the social network (i.e., Meta, the company behind Facebook, Instagram and WhatsApp), in an attempt to get them to part with sensitive information.Help Net Security
September 14, 2022 – Education
How to Do Malware Analysis? Full Text
Abstract
Based on the findings of Malwarebytes' Threat Review for 2022, 40 million Windows business computers' threats were detected in 2021. In order to combat and avoid these kinds of attacks, malware analysis is essential. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox. What is malware analysis? Malware analysis is a process of studying a malicious sample. During the study, a researcher's goal is to understand a malicious program's type, functions, code, and potential dangers. Receive the information organization needs to respond to the intrusion. Results of analysis that you get: how malware works: if you investigate the code of the program and its algorithm, you will be able to stop it from infecting the whole system. characteristics of the program: improve detection by using data on malware like its family, type, version, etc. what is the goal of malware: trigger the sample'sThe Hacker News
September 14, 2022 – Government
Twitter former head of security told the Senate of severe security failings by the company Full Text
Abstract
Twitter whistleblower, and former head of security, Peiter Zatko, told the US Congress that the platform ignored his security concerns. Peiter ‘Mudge’ Zatko, former head of security, testified in front of Congress on Tuesday, sustaining that...Security Affairs
September 14, 2022 – Vulnerabilities
New Lenovo BIOS updates fix security bugs in hundreds of models Full Text
Abstract
Chinese computer manufacturer Lenovo has issued a security advisory to warn its clients about several high-severity vulnerabilities impacting a wide range of products in the Desktop, All in One, Notebook, ThinkPad, ThinkServer, and ThinkStation lines.BleepingComputer
September 14, 2022 – Government
CISA Requests Input on Terms Already Defined by Incident Reporting Law Full Text
Abstract
The CISA is casting the widest net possible to get feedback for its implementation of the Cyber Incident Reporting for Critical Infrastructure Act, asking stakeholders to opine on the most basic of terms used in the legislation.Nextgov
September 14, 2022 – Malware
Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware Full Text
Abstract
Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger , which has been touted as a successor to the widely used information stealer and remote access trojan (RAT) known as Agent Tesla . A .NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted systems and beacon sensitive information to an actor-controlled domain. Known to be used in the wild since 2014, it's advertised for sale on dark web forums and is generally distributed through malicious spam emails as an attachment. In February 2021, cybersecurity firm Sophos disclosed two new variants of the commodity malware (version 2 and 3) that featured capabilities to steal credentials from web browsers, email apps, and VPN clients, as well as use Telegram API for command-and-control. Now according to Unit 42 researcher Jeff White, what has been tagged as AgentTesla version 3The Hacker News
September 14, 2022 – Vulnerabilities
Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin Full Text
Abstract
Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180)...Security Affairs
September 14, 2022 – Government
CISA orders agencies to patch Windows, iOS bugs used in attacks Full Text
Abstract
CISA added two new vulnerabilities to its list of security bugs exploited in the wild today, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs.BleepingComputer
September 14, 2022 – Vulnerabilities
Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices Full Text
Abstract
Researchers Thomas Knudsen and Samy Younsi of Necrum Security Labs identified the vulnerabilities in the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec.Security Week
September 14, 2022 – Vulnerabilities
Microsoft’s Latest Security Update Fixes 64 New Flaws, Including a Zero-Day Full Text
Abstract
Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its Chromium-based Edge browser earlier this month. "In terms of CVEs released, this Patch Tuesday may appear on the lighter side in comparison to other months," Bharat Jogi, director of vulnerability and threat research at Qualys, said in a statement shared with The Hacker News. "However, this month hit a sizable milestone for the calendar year, with MSFT having fixed the 1000th CVE of 2022 – likely on track to surpass 2021 which patched 1,200 CVEs in total." The actively exploited vulnerability in question is CVE-2022-37969 (CVSS score: 7.8), a privilege escalation flawThe Hacker News
September 14, 2022 – Vulnerabilities
Microsoft September 2022 Patch Tuesday fixed actively exploited zero-day Full Text
Abstract
Microsoft released September 2022 Patch Tuesday security updates to address 64 flaws, including an actively exploited Windows zero-day. Microsoft September 2022 Patch Tuesday security updates address 64 vulnerabilities, including an actively exploited...Security Affairs
September 14, 2022 – Government
US govt sanctions ten Iranians linked to ransomware attacks Full Text
Abstract
The Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks.BleepingComputer
September 14, 2022 – Insider Threat
One in 10 employees leaks sensitive company data every 6 months: report Full Text
Abstract
On average, 2.5% of employees exfiltrate sensitive information in a month, but over a six-month period, nearly one in 10, or 9.4% of employees, do so, Cyberhaven noted in its report.CSO Online
September 14, 2022 – Vulnerabilities
Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability Full Text
Abstract
A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence noted. "Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," Wordfence researcher Ram Gall said in an advisory. WPGateway is billed as a means for site administrators to install, backup, and clone WordPress plugins and themes from a unified dashboard. The most common indicator that a website running the plugin has been compromised is the presence of an administrator with the username "rangex." Additionally, the appearance of requests to "//wp-content/plugins/wpgateway/wpgateway-webseThe Hacker News
September 14, 2022 – Vulnerabilities
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs Full Text
Abstract
Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on.BleepingComputer
September 14, 2022 – Ransomware
Ransomware Attacks on Agriculture Potentially Timed to Critical Seasons Full Text
Abstract
The FBI has warned the Food and Agriculture (FA) sector that ransomware actors may be preparing to attack agricultural cooperatives during critical planting and harvest seasons.Security Intelligence
September 14, 2022 – Phishing
Phishing page embeds keylogger to steal passwords as you type Full Text
Abstract
A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them.BleepingComputer
September 14, 2022 – Malware
Researchers Discover New Linux Variant of ‘SideWalk’ Modular Backdoor Full Text
Abstract
This variant was deployed against a Hong Kong university in February 2021, the same university that had already been targeted by SparklingGoblin during the student protests in May 2020.ESET Security
September 14, 2022 – IOT
Securing your IoT devices against cyber attacks in 5 steps Full Text
Abstract
How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices.BleepingComputer
September 14, 2022 – Outage
Legislature of Argentinian Capital City Suffers Disruptive Ransomware Attack Full Text
Abstract
The legislature’s website is still down as of Tuesday afternoon EST. The affected government agencies did not respond to requests for comment about the state of the restoration effort.The Record
September 14, 2022 – Malware
Chinese hackers create Linux version of the SideWalk Windows malware Full Text
Abstract
State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector.BleepingComputer
September 13, 2022 – Phishing
Hackers now use ‘sock puppets’ for more realistic phishing attacks Full Text
Abstract
An Iranian-aligned hacking group uses a new, elaborate phishing technique involving multiple personas and email accounts to lure targets into opening malicious documents.BleepingComputer
September 13, 2022 – Government
FBI warns of vulnerabilities in medical devices following several CISA alerts Full Text
Abstract
“Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity,” the alert said.The Record
September 13, 2022 – Education
How GRC protects the value of organizations — A simple guide to data quality and integrity Full Text
Abstract
Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a challenge, though. Businesses are collecting more data than ever before, and new technologies have accelerated this process dramatically. As a result, organizations have significant volumes of data, making it hard to manage, protect, and get value from it. Here is where Governance, Risk, and Compliance (GRC) comes in. GRC enables companies to define and implement the best practices, procedures, and governance to ensure the data is clean, safe, and reliable across the board. More importantly, organizations can use GRC platforms like StandardFusion to create an organizational culture around security.The Hacker News
September 13, 2022 – Privacy
Cyber espionage campaign targets Asian countries since 2021 Full Text
Abstract
A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage...Security Affairs
September 13, 2022 – Vulnerabilities
Zero-day in WPGateway Wordpress plugin actively exploited in attacks Full Text
Abstract
The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.BleepingComputer
September 13, 2022 – Government
CISA launches solicitation for public feedback on incident reporting rule Full Text
Abstract
CISA also will hold a series of listening sessions across the country in the coming months to collect additional input, with events slated in cities like Oakland, Boston, Atlanta, and Chicago.The Record
September 13, 2022 – Attack
Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks Full Text
Abstract
Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. "A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as DLL side-loading ," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. The campaign is said to be exclusively geared towards government institutions related to finance, aerospace, and defense, as well as state-owned media, IT, and telecom firms. Dynamic-link library (DLL) side-loading is a popular cyberattack method that leverages how Microsoft Windows applications handle DLL files. In these intrusions, a spoofed malicious DLL is planted in the Windows Side-by-Side ( WinSxS ) directory so that the operating system loads itThe Hacker News
September 13, 2022 – Vulnerabilities
Trend Micro addresses actively exploited Apex One zero-day Full Text
Abstract
Trend Micro addressed multiple vulnerabilities in its Apex One endpoint security product, including actively exploited zero-day flaws. Trend Micro announced this week the release of security patches to address multiple vulnerabilities in its Apex...Security Affairs
September 13, 2022 – Vulnerabilities
Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws Full Text
Abstract
Today is Microsoft's September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws.BleepingComputer
September 13, 2022 – Hacker
Chinese government hackers using diverse toolset to target Asian prime ministers, telecoms Full Text
Abstract
Hackers associated with the Chinese military are leveraging a wide range of legitimate software packages in order to load their malware payloads and target government leaders across Asia, according to the Symantec Threat Hunter team.The Record
September 13, 2022 – Hacker
Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research Full Text
Abstract
Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security, and genome research as part of a new social engineering campaign designed to hunt for sensitive information. Enterprise security firm Proofpoint attributed the targeted attacks to a threat actor named TA453 , which broadly overlaps with cyber activities monitored under the monikers APT42, Charming Kitten, and Phosphorus. It all starts with a phishing email impersonating legitimate individuals at Western foreign policy research organizations that's ultimately designed to gather intelligence on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC). Spoofed personas include people from Pew Research Center, the Foreign Policy Research Institute (FRPI), the U.K.'s Chatham House, and the scientific journal Nature. The technique is said to have been deployed in mid-June 2022. What's different from other phishing attacks is the use of a tactThe Hacker News
September 13, 2022 – Attack
Iran-linked TA453 used new Multi-Persona Impersonation technique in recent attacks Full Text
Abstract
Iran-linked threat actors target individuals specializing in Middle Eastern affairs, nuclear security and genome research. In mid-2022, Proofpoint researchers uncovered a cyberespionage campaign conducted by Iran-linked TA453 threat actors. The...Security Affairs
September 13, 2022 – Policy and Law
Tax fraud ring leader jailed for selling children’s stolen identities Full Text
Abstract
The owner of a fraudulent tax preparation business, Ariel Jimenez, was sentenced to 12 years in prison for selling the stolen identities of children on welfare and helping "customers" to falsely claim tax credits, causing tens of millions of dollars in tax loss.BleepingComputer
September 13, 2022 – Malware
Evil Corp Deploys ServHelper Backdoor Via Custom-made Software Panel Full Text
Abstract
Researchers provided insights into TeslaGun, a never-seen-before software control panel, used by the TA505, aka Evil Corp, to deploy the ServHelper backdoor. The ServHelper backdoor, once downloaded, sets up reverse SSH tunnels that allow attackers to access the infected system via RDP. The threat ... Read MoreCyware Alerts - Hacker News
September 13, 2022 – Vulnerabilities
Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw Full Text
Abstract
Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier CVE-2022-32917 , is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. "Apple is aware of a report that this issue may have been actively exploited," the iPhone maker acknowledged in a brief statement, adding it resolved the bug with improved bound checks. An anonymous researcher has been credited with reporting the shortcoming. It's worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month. Patches are available in versions iOS 15.7, iPadOS 15.7 , iOS 16 , macOS Big Sur 11.7 , and macOS Monterey 12.6 . The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generatiThe Hacker News
September 13, 2022 – Attack
Montenegro and its allies are working to recover from the massive cyber attack Full Text
Abstract
A massive cyberattack hit Montenegro, officials believe that it was launched by pro-Russian hackers and the security services of Moscow. A massive cyberattack hit Montenegro, the offensive forced government headquarters to disconnect the systems from...Security Affairs
September 13, 2022 – Cryptocurrency
Police arrest man for laundering tens of millions in stolen crypto Full Text
Abstract
The Dutch police arrested a 39-year-old man on suspicions of laundering tens of millions of euros worth of cryptocurrency stolen in phishing attacks.BleepingComputer
September 13, 2022 – Government
FCC proposes cybersecurity changes to emergency alert system Full Text
Abstract
FCC chairwoman Jessica Rosenworcel has proposed several changes to the U.S. Emergency Alert System (EAS) and Wireless Emergency Alerts designed to beef up the cybersecurity of the systems following the discovery of vulnerabilities last month.The Record
September 13, 2022 – Attack
Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel Full Text
Abstract
The hacktivist collective GhostSec claimed to have compromised 55 Berghof PLCs used by Israeli organizations. Pro-Palestinian Hacking Group GhostSec claimed to have compromised 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations...Security Affairs
September 13, 2022 – Breach
Hackers breach software vendor for Magento supply-chain attacks Full Text
Abstract
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.BleepingComputer
September 13, 2022 – Vulnerabilities
Azure Active Directory Pass-Through Authentication Flaws Full Text
Abstract
Secureworks CTU researchers shared their findings with Microsoft on May 10, 2022. Microsoft responded on July 2 that PTA is working as intended and gave no indication of plans to address the reported flaws.Secure Works
September 13, 2022 – Vulnerabilities
Trend Micro warns of actively exploited Apex One RCE vulnerability Full Text
Abstract
Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible.BleepingComputer
September 13, 2022 – Solution
iOS 16 Has 2 New Security Features for Worst-Case Scenarios Full Text
Abstract
Safety Check and Lockdown Mode are very different tools, but Apple has built them both into its latest mobile operating system release as lifelines for digital worst-case scenarios.Wired
September 13, 2022 – Hacker
New PsExec spinoff lets hackers bypass network security defenses Full Text
Abstract
Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a less monitored port.BleepingComputer
September 13, 2022 – Vulnerabilities
Siemens and Schneider Electric Fix High-Severity Vulnerabilities Full Text
Abstract
Siemens and Schneider Electric have released their Patch Tuesday security advisories to inform customers about dozens of vulnerabilities affecting their industrial products.Security Week
September 13, 2022 – Privacy
Cyberspies drop new infostealer malware on govt networks in Asia Full Text
Abstract
Security researchers have identified new cyber-espionage activity focusing on government entities in Asia, as well as state-owned aerospace and defense firms, telecom companies, and IT organizations.BleepingComputer
September 13, 2022 – Business
Cloud Data Security Startup Theom Emerges From Stealth With $16 Million in Funding Full Text
Abstract
Founded by former executives from Google, Cisco, and Yahoo, Theom has developed a solution designed to help organizations secure their data in the cloud and SaaS data stores.Security Week
September 13, 2022 – Vulnerabilities
Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks Full Text
Abstract
The security hole allows the agent to download unverified rollback components and execute arbitrary code, according to a translation of a Japanese-language advisory released by Trend Micro.Security Week
September 12, 2022 – Attack
Hackers steal Steam accounts in new Browser-in-the-Browser attacks Full Text
Abstract
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors.BleepingComputer
September 12, 2022 – Vulnerabilities
Vulnerability in Xalan-J could allow arbitrary code execution Full Text
Abstract
Xalan-J is a Java version implementation of an XSLT processor. The project is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets, discovered by Google Project Zero’s Felix Wilhelm.The Daily Swig
September 12, 2022 – Attack
China Accuses NSA’s TAO Unit of Hacking its Military Research University Full Text
Abstract
China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations ( TAO ) at the USA's National Security Agency (NSA) of orchestrating thousands of attacks against the entities located within the country. "The U.S. NSA's TAO has carried out tens of thousands of malicious cyber attacks on China's domestic network targets, controlled tens of thousands of network devices (network servers, Internet terminals, network switches, telephone exchanges, routers, firewalls, etc.), and stole more than 140GB of high-value data," the NCVERC said . The agency further said that the attack on the Northwestern Polytechnical University employed no fewer than 40 differentThe Hacker News
September 12, 2022 – Vulnerabilities
Apple fixed the eighth actively exploited zero-day this year Full Text
Abstract
Apple has addressed the eighth zero-day vulnerability that is actively exploited in attacks against iPhones and Macs since January. Apple has released security updates to fix a zero-day vulnerability, tracked as CVE-2022-32917, which is actively exploited...Security Affairs
September 12, 2022 – Breach
U-Haul discloses data breach exposing customer driver licenses Full Text
Abstract
Moving and storage giant U-Haul International (U-Haul) disclosed a data breach after a customer contract search tool was hacked to access customers' names and driver's license information.BleepingComputer
September 12, 2022 – General
Ransomware attacks on retail increase, average retail payment grows to more than $200K Full Text
Abstract
Sophos researchers spoke to 422 IT workers at mid-sized organizations in the retail sector across 31 countries, finding startling increases in the number of respondents who said their organizations suffered ransomware attacks.The Record
September 12, 2022 – Breach
Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel Full Text
Abstract
A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers ( PLCs ) used by Israeli organizations as part of a "Free Palestine" campaign. Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were secured by trivially guessable credentials. Details of the compromise first came to light on September 4 after GhostSec shared a video on its Telegram channel demonstrating a successful login to the PLC's admin panel, in addition to dumping data from the hacked controllers. The Israeli company said the system dumps and screenshots were exported directly from the admin panel following unauthorized access to the controllers through their public IP addresses. GhostSec (aka Ghost Security), first identified in 2015, is a self-proclaimed vigilante group that was initially formedThe Hacker News
September 12, 2022 – Business
Google announced the completion of the acquisition of Mandiant for $5.4 billion Full Text
Abstract
Google completed the acquisition of the threat intelligence firm Mandiant, the IT giant will pay $5.4 billion. Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March...Security Affairs
September 12, 2022 – Vulnerabilities
Apple fixes eighth zero-day used to hack iPhones and Macs this year Full Text
Abstract
Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.BleepingComputer
September 12, 2022 – Vulnerabilities
More Path Filter Bypass Vulnerabilities in Java Open Source Projects Full Text
Abstract
As a security precaution, a web application typically has a path filter mechanism to prevent an unauthorized user from exploiting an unintended functionality via a specially crafted URL.Fortinet
September 12, 2022 – Education
Why Vulnerability Scanning is Critical for SOC 2 Full Text
Abstract
SOC 2 may be a voluntary standard, but for today's security-conscious business, it's a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box. Security is critical for all organisations, including those that outsource key business operations to third parties like SaaS vendors and cloud providers. Rightfully so, since mishandled data – especially by application and network security providers – can leave organisations vulnerable to attacks, such as data theft, extortion and malware. But how secure are the third parties you've entrusted with your data? SOC 2 is a framework that ensures these service providers securely manage data to protect their customers and clients. For security-conscious businesses – and security should be a priority for every business today – SOC 2 is now a minimal requirement when considering a SaaS provider. What SOCThe Hacker News
September 12, 2022 – Breach
Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems Full Text
Abstract
Cisco confirmed the May attack and that the data leaked by the Yanluowang ransomware group was stolen from its systems. In August, Cisco disclosed a security breach, the Yanluowang ransomware gang breached its corporate network in late May and stole...Security Affairs
September 12, 2022 – Ransomware
Lorenz ransomware breaches corporate network via phone systems Full Text
Abstract
The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises using their phone systems for initial access to their corporate networks.BleepingComputer
September 12, 2022 – Business
SaaS Alerts Raises $22 Million to Help MSPs Protect Business Applications Full Text
Abstract
SaaS Alerts, a cybersecurity startup that helps managed service providers (MSPs) protect their customers' core business SaaS applications, has received a $22 million growth investment from Insight Partners.Security Week
September 12, 2022 – Vulnerabilities
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices Full Text
Abstract
A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement." Firmware flaws can have serious implications as they can be abused by an adversary to achieve long-term persistence on a device in a manner that can survive reboots and evade traditional operating system-level security protections. The high-severity weaknesses identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling the execution of arbitrary code with the highest privileges - CVE-2022-23930 (CVSS score: 8.2) - Stack-based bufferThe Hacker News
September 12, 2022 – Vulnerabilities
Some firmware bugs in HP business devices are yet to be fixed Full Text
Abstract
Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities...Security Affairs
September 12, 2022 – Vulnerabilities
VMware: 70% drop in Linux ESXi VM performance with Retbleed fixes Full Text
Abstract
VMware is warning that ESXi VMs running on Linux kernel 5.19 can have up to a 70% performance drop when Retbleed mitigations are enabled compared to the Linux kernel 5.18 release.BleepingComputer
September 12, 2022 – Attack
Albania Hit by Second Cyberattack Allegedly by Same Group of Iranian Hackers Full Text
Abstract
“The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, was committed by the same actors who in July attacked the country’s public and government service systems,” said the interior ministry.Security Affairs
September 12, 2022 – Solution
Apple released iOS 16 with Lockdown, Safety Check security features Full Text
Abstract
Apple released iOS 16 today with new features to boost iPhone users' security and privacy, including Lockdown Mode and Security Check.BleepingComputer
September 12, 2022 – General
Browser extensions: more dangerous than you think Full Text
Abstract
In recent years, cybercriminals have been actively spreading malicious WebSearch adware extensions. Members of this family are usually disguised as tools for Office files, for example, for Word-to-PDF conversion.Kaspersky Lab
September 12, 2022 – Education
Five ways your data may be at risk — and what to do about it Full Text
Abstract
We store vast amounts of data — financial records, photos/videos, family schedules, freelance projects and more — on our personal computers and smartphones. Let's take a look at some of the most common threats to your data, and how you can step up your protection today.BleepingComputer
September 12, 2022 – Outage
Ransomware Attack Knocked Kentucky City-based ISP Offline Before Holiday Full Text
Abstract
The initial outage struck last Friday and lasted 18 hours, the Nelson County Gazette reported. Bardstown is a small city of roughly 13,000 people — and Bardstown Connect is the high-speed ISP for a majority of the city’s residents and businesses.The Record
September 12, 2022 – Breach
Cisco confirms Yanluowang ransomware leaked stolen company data Full Text
Abstract
Cisco has confirmed that the data leaked yessterday by the Yanluowang ransomware gang was stolen from the company network during a cyberattack in May.BleepingComputer
September 12, 2022 – Botnet
Bad bots are coming at APIs! How to beat the API bot attacks? Full Text
Abstract
75% of login attempts from Application Programming Interface (API) endpoints are malicious – according to perimeterx. Hackers systematically use bots for malicious login attempts.Help Net Security
September 12, 2022 – Vulnerabilities
Critical KEPServerEX Flaws Can Put Attackers in Powerful Position in OT Networks Full Text
Abstract
Claroty discovered that KEPServerEX is affected by two critical vulnerabilities that could allow an attacker to crash a server, obtain data, or remotely execute arbitrary code by sending specially crafted OPC UA messages to the targeted system.Security Week
September 12, 2022 – Criminals
Triple Extortion Ransomware: A New Trend Among Cybercriminals Full Text
Abstract
In addition to data encryption (the first layer), and the threat of leaking important data (the second layer), the cybercriminal can add another tactic of his choosing (the third layer).Heimdal Security
September 11, 2022 – Vulnerabilities
Firmware bugs in many HP computer models left unfixed for over a year Full Text
Abstract
A set of six high-severity firmware vulnerabilities impacting a broad range of HP devices used in enterprise environments are still waiting to be patched, although some of them were publicly disclosed since July 2021.BleepingComputer
September 11, 2022 – Hacker
North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies Full Text
Abstract
Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group.Tech Crunch
September 11, 2022 – APT
Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents Full Text
Abstract
A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran's Islamic Revolutionary Guard Corps (IRGC), not to mention shares partial overlaps with another cluster called APT35 , which is also known as Charming Kitten, Cobalt Illusion, ITG18, Phosphorus, TA453, and Yellow Garuda. APT42 has exhibited a propensity to strike various industries such as non-profits, education, governments, healthcare, legal, manufacturing, media, and pharmaceuticals spanning at least 14 countries, including in Australia, Europe, the Middle East, and the U.S. Intrusions aimed at the pharmaceutical sector are also notable for the fact that they commenced at the onset of the COVID-19 pandemic in March 2020, iThe Hacker News
September 11, 2022 – Attack
Albania was hit by a new cyberattack and blames Iran Full Text
Abstract
Albania blamed Iran for a new cyberattack that hit computer systems used by the state police on Friday. Albania blamed the government of Teheran for a new cyberattack that hit computer systems used by the state police on Saturday. "The national...Security Affairs
September 11, 2022 – General
Security Affairs newsletter Round 383 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. IHG...Security Affairs
September 11, 2022 – APT
Iran-linked APT42 is behind over 30 espionage attacks Full Text
Abstract
Iran-linked APT42 (formerly UNC788) is suspected to be the actor behind over 30 cyber espionage attacks against activists and dissidents. Experts attribute over 30 cyber espionage attacks against activists and dissidents to the Iran-linked APT42...Security Affairs
September 10, 2022 – Criminals
Ransomware gangs switching to new intermittent encryption tactic Full Text
Abstract
A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims' systems faster while reducing the chances of being detected and stopped.BleepingComputer
September 10, 2022 – Government
U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania Full Text
Abstract
The U.S. Treasury Department on Friday announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. "Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector organizations around the world and across various critical infrastructure sectors," the Treasury said . The agency also accused Iranian state-sponsored actors of staging disruptive attacks aimed at Albanian government computer systems in mid-July 2022, an incident that forced the latter to temporarily suspend its online services. The development comes months nearly nine months after the U.S. Cyber Command characterized the advanced persistent threat (APT) known as MuddyWater as a subordinate element within MOIS. It also comes almost two years following the Treasury's saThe Hacker News
September 10, 2022 – Attack
IHG suffered a cyberattack that severely impacted its booking process Full Text
Abstract
InterContinental Hotels Group PLC (IHG) discloses a security breach, parts of its IT infrastructure has been subject to unauthorised activity The hospitality conglomerate, InterContinental Hotel Group (IHG) manages 17 hotel chains, including the Regent,...Security Affairs
September 10, 2022 – APT
China-Linked BRONZE PRESIDENT APT targets Government officials worldwide Full Text
Abstract
China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government...Security Affairs
September 10, 2022 – Phishing
Scammers live-streamed on YouTube a fake Apple crypto event Full Text
Abstract
Scammers live-streamed on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. Cybercriminals were live-streaming on YouTube an old interview with Tim Cook as part of a fake Apple crypto...Security Affairs
September 10, 2022 – Malware
New Linux malware combines unusual stealth with a full suite of capabilities Full Text
Abstract
Dubbed Shikitega by the researchers at AT&T Alien Labs who discovered it, the malware is delivered through a multistage infection chain using polymorphic encoding. It also abuses legitimate cloud services to host command-and-control servers.ARS Technica
September 10, 2022 – Vulnerabilities
Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin Full Text
Abstract
The vulnerability, tracked as CVE-2022-31474 (CVSS score: 7.5), can be exploited by an unauthenticated user to download arbitrary files from the affected site. It has been estimated that the plugin has around 140,000 active installations.Security Affairs
September 09, 2022 – Ransomware
The Week in Ransomware - September 9th 2022 - Schools under fire Full Text
Abstract
Ransomware gangs have been busy this week, launching attacks against NAS devices, one of the largest hotel groups, IHG, and LAUSD, the second largest school district in the USA.BleepingComputer
September 09, 2022 – General
6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged Full Text
Abstract
Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you're putting yourself and others at risk. API attacks are more dangerous than other breaches. Facebook had a 50M user account affected by an API breach, and an API data breach on the Hostinger account exposed 14M customer records. If a hacker gets into your API endpoints, it could spell disaster for your project. Depending on the industries and geographies you're talking about, insecure APIs could get you into hot water. Especially in the EU, if you're serving the banking, you could face massive legal and compliance problems if you're discovered to be using insecure APIs. To mitigate these risks, you need to be aware of the potential API vulnerabilities that cybercriminals can exploit. 6 Commonly Overlooked API Security Risks #1 No API VisibiliThe Hacker News
September 9, 2022 – Government
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack Full Text
Abstract
The U.S. Treasury Department sanctioned Iran 's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the Albania cyberattack. The U.S. Treasury Department announced sanctions against Iran 's Ministry of Intelligence and Security...Security Affairs
September 09, 2022 – Policy and Law
Coinbase funds lawsuit against Tornado Cash cryptomixer sanctions Full Text
Abstract
Coinbase announced on Tuesday that it is funding a lawsuit brought by six people in the U.S. against the Department of Treasury's for the sanctions on the Tornado Cash open-source cryptocurrency mixer platform.BleepingComputer
September 09, 2022 – Criminals
U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers Full Text
Abstract
More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains," Erin Plante, senior director of investigations at Chainalysis, said . The development arrives more than five months after the crypto hack resulted in the theft of $620 million from the decentralized finance (DeFi) platform Ronin Network, with the attackers laundering a majority of the proceeds – amounting to $455 million – through the Ethereum-based cryptocurrency tumbler Tornado Cash. The March 2022 cryptocurrency heist resulted in losses totaling 173,600 ETH wortThe Hacker News
September 9, 2022 – Cryptocurrency
$30 Million worth of cryptocurrency stolen by Lazarus from Axie Infinity was recovered Full Text
Abstract
US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover...Security Affairs
September 09, 2022 – Government
US sanctions Iran’s Ministry of Intelligence over Albania cyberattack Full Text
Abstract
The U.S. Treasury Department announced sanctions today against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for their role in the July cyberattack against the government of Albania, a U.S. ally and a NATO member state.BleepingComputer
September 9, 2022 – General
Chasing the Cyber 1%: How to Beat the Cybersecurity Poverty Line Full Text
Abstract
The cyber poverty line (CPL) is a threshold that divides all organizations into two distinct categories: those that are able to implement essential measures well and those that are unable.Security Intelligence
September 09, 2022 – Hacker
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts Full Text
Abstract
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said . BackupBuddy allows users to back up their entire WordPress installation from within the dashboard, including theme files, pages, posts, widgets, users, and media files, among others. The plugin is estimated to have around 140,000 active installations, with the flaw (CVE-2022-31474, CVSS score: 7.5) affecting versions 8.5.8.0 to 8.7.4.1. It's been addressed in version 8.7.5 released on September 2, 2022. The issue is rooted in the function called "Local Directory Copy" that's designed to store a local copy of the backups. According to Wordfence, the vulnerability is the result of the insecure implementation, which enables an unauthenticated threat actThe Hacker News
September 9, 2022 – Vulnerabilities
Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin Full Text
Abstract
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy...Security Affairs
September 09, 2022 – Attack
Vice Society claims LAUSD ransomware attack, theft of 500GB of data Full Text
Abstract
The Vice Society gang has claimed the ransomware attack that hit Los Angeles Unified (LAUSD), the second largest school district in the United States, over the weekend.BleepingComputer
September 9, 2022 – Attack
Update: Vice Society ransomware claims credit for Los Angeles school attack Full Text
Abstract
The ransomware outfit known as Vice Society has claimed credit for an attack earlier this week that disabled several IT systems at the Los Angeles Unified School District, according to a report.State Scoop
September 9, 2022 – Hacker
Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices Full Text
Abstract
Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims' devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 (Nemesis Kitten) has been abusing...Security Affairs
September 09, 2022 – Phishing
Lampion malware returns in phishing attacks abusing WeTransfer Full Text
Abstract
The Lampion malware is being distributed in greater volumes lately, with threat actors abusing WeTransfer as part of their phishing campaigns.BleepingComputer
September 9, 2022 – Vulnerabilities
Report identified key vulnerabilities two years before cyberattack on L.A. Unified Full Text
Abstract
The report indicated that district staff agreed with its findings and committed to addressing them, but district officials did not clarify Wednesday which of the recommended actions were carried out.LA Times
September 9, 2022 – Vulnerabilities
ManageEngine vulnerability posed code injection risk for password management software Full Text
Abstract
A researcher has discovered a vulnerability in ManageEngine that could allow an attacker to execute arbitrary code on affected installations of some of its password and access management tools.The Daily Swig
September 9, 2022 – Government
Traffic Safety Agency Issues Final Guidelines for Vehicle Cybersecurity Full Text
Abstract
The National Highway Traffic Safety Administration will announce its final cybersecurity guidelines draft Friday as modern vehicles become more technologically integrated.Nextgov
September 9, 2022 – Ransomware
Ransomware Developers Turn to Intermittent Encryption to Evade Detection Full Text
Abstract
In contrast to full encryption, intermittent encryption helps to evade analysis by exhibiting a significantly lower intensity of file IO operations and much higher similarity between non-encrypted and encrypted versions of a given file.Sentinel One
September 9, 2022 – Business
Huntress Scores $40M Funding, Plans International Expansion Full Text
Abstract
Huntress, based in Ellicott City, said the new financing will be used to shop for acquisition opportunities and to speed up expansion into international markets across Canada, the U.K., Europe, Australia, and New Zealand.Security Week
September 08, 2022 – Malware
Bumblebee malware adds post-exploitation tool for stealthy infections Full Text
Abstract
A new version of the Bumblebee malware loader has been spotted in the wild, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory.BleepingComputer
September 8, 2022 – Business
Data Security Company Open Raven Raises $20 Million Full Text
Abstract
The cloud-native data security company plans to use the new funding to expand its engineering, sales, and marketing operations, to accelerate its roadmap and support for large enterprises.Security Week
September 08, 2022 – Vulnerabilities
New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps Full Text
Abstract
Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a coordinated advisory. Infusion pumps are internet-enabled devices used by hospitals to deliver medication and nutrition directly into a patient's circulatory system. The four vulnerabilities in question, discovered by cybersecurity firm Rapid7 and reported to Baxter in April 2022, affect the following Sigma Spectrum Infusion systems - Sigma Spectrum v6.x model 35700BAX Sigma Spectrum v8.x model 35700BAX2 Baxter Spectrum IQ (v9.x) model 35700BAX3 Sigma Spectrum LVP v6.x Wireless Battery Modules v16, v16D38, v17, v17D19, v20D29 to v20D32, and v22D24 to v22D28 SigThe Hacker News
September 8, 2022 – Cryptocurrency
Rethinking Responsible Disclosure for Cryptocurrency Security Full Text
Abstract
Cryptocurrency security really is worse than other digital technologies, and there’s a good chance it always will be.Lawfare
September 8, 2022 – Government
CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 12 new vulnerabilities to its Known Exploited Vulnerabilities...Security Affairs
September 08, 2022 – Attack
GIFShell attack creates reverse shell using Microsoft Teams GIFs Full Text
Abstract
A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs.BleepingComputer
September 8, 2022 – Government
India: SEBI rejigs panel on cyber security, expands to six members Full Text
Abstract
Notably, the high-powered steering committee has been entrusted with the task of overseeing and providing overall guidance on cyber security initiatives for SEBI as well as for the entire capital market.Live Mint
September 08, 2022 – Hacker
North Korean Lazarus Hackers Targeting Energy Providers Around the World Full Text
Abstract
A malicious campaign mounted by the North Korea-linked Lazarus Group targeted energy providers around the world, including those based in the United States, Canada, and Japan, between February and July 2022. "The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary's nation-state," Cisco Talos said in a report shared with The Hacker News. Some elements of the espionage attacks have already entered public domain, courtesy of prior reports from Broadcom-owned Symantec and AhnLab earlier this April and May. Symantec attributed the operation to a group referred to as Stonefly, a Lazarus subgroup which is better known as Andariel, Guardian of Peace, OperationTroy, and Silent Chollima. While these attacks previously led to the instrumentation of Preft (aka Dtrack) and NukeSped (aka Manuscrypt) implants, the latest attack wave is notable for employing two other pieces of malThe Hacker News
September 8, 2022 – Breach
Classified NATO documents sold on darkweb after they were stolen from Portugal Full Text
Abstract
Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA). After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA)...Security Affairs
September 08, 2022 – Government
CISA orders agencies to patch Chrome, D-Link flaws used in attacks Full Text
Abstract
CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two (now-patched) zero-days in Google Chrome and the Photo Station QNAP software.BleepingComputer
September 8, 2022 – General
Most IT pros think a company breach could threaten national security Full Text
Abstract
When asked, "Do you believe a breach of your organization could potentially constitute a threat to U.S. national security?", a hearty 69.4% insisted they thought this was possible in a new survey.ZDNet
September 08, 2022 – Government
Chinese Hackers Target Government Officials in Europe, South America, and Middle East Full Text
Abstract
A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is modular malware that contacts a command and control (C2) server for tasking and can download additional plugins to enhance its capability beyond basic information gathering," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. Bronze President is a China-based threat actor active since at least July 2018 and is likely estimated to be a state-sponsored group that leverages a mix of proprietary and publicly available tools to compromise and collect data from its targets. It's also publicly documented under other names such as HoneyMyte, Mustang PThe Hacker News
September 8, 2022 – APT
North Korea-linked Lazarus APT targets energy providers around the world Full Text
Abstract
North Korea-linked Lazarus APT group is targeting energy providers around the world, including organizations in the US, Canada, and Japan. Talos researchers tracked a campaign, orchestrated by North Korea-linked Lazarus APT group, aimed...Security Affairs
September 08, 2022 – Policy and Law
US recovers $30 million stolen from Axie Infinity by Lazarus hackers Full Text
Abstract
With the help of blockchain analysts and FBI agents, the U.S. government seized $30 million worth of cryptocurrency stolen by the North Korean threat group 'Lazarus' from the token-based 'play-to-earn' game Axie Infinity earlier in the year.BleepingComputer
September 8, 2022 – Vulnerabilities
Vendor disputes seriousness of firewall plugin RCE flaw Full Text
Abstract
Security researchers from IHTeam have uncovered a serious vulnerability in a plugin to the pfSense firewall technology. The pfSense pfBlockerNG vulnerability is tracked as CVE-2022-31814.The Daily Swig
September 08, 2022 – Breach
Shopify Fails to Prevent Known Breached Passwords Full Text
Abstract
A recent report revealed that ecommerce provider, Shopify uses particularly weak password policies on the customer-facing portion of its Website. According to the report, Shopify's requires its customers to use a password that is at least five characters in length and that does not begin or end with a space. According to the report, Specops researchers analyzed a list of a billion passwords that were known to have been breached and found that 99.7% of those passwords adhere to Shopify's requirements. While this is not meant to suggest that Shopify customers' passwords have been breached, the fact that so many known breached passwords adhere to Shopify's minimum password requirements does underscore the dangers associated with using weak passwords. The danger of weak passwords in your Active Directory A recent study by Hive Systems echoes the dangers of using weak passwords. The study examines the amount of time that would be required to brute force crack passwoThe Hacker News
September 8, 2022 – Vulnerabilities
Cisco will not fix the authentication bypass flaw in EoL routers Full Text
Abstract
Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability...Security Affairs
September 08, 2022 – Hacker
Microsoft: Iranian hackers encrypt Windows systems using BitLocker Full Text
Abstract
Microsoft says an Iranian state-sponsored threat group it tracks as DEV-0270 (aka Nemesis Kitten) has been abusing the BitLocker Windows feature in attacks to encrypt victims' systems.BleepingComputer
September 8, 2022 – General
The Advantages of Threat Intelligence for Combating Fraud Full Text
Abstract
While solutions exist for prevention, most solutions focus on one or a few types of fraud. Fraud happens at such an unprecedented scale that utilizing law enforcement to disrupt bad actors is a hard value proposition.Security Week
September 08, 2022 – Attack
Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries Full Text
Abstract
Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna . Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point said in a Tuesday report. Infection chains entail targeting employees of financial institutions with social engineering messages containing malicious attachments as a means of initial access, ultimately leading to the deployment of off-the-shelf malware such as Metasploit , PoshC2 , DWservice , and AsyncRAT . "The threat actors' creativity is on display in the initial infection stage, as they persistently pursue the employees of the targeted companies, constantly changing infection chains that utilize a wide range of malicious file types, from self-written executable loaderThe Hacker News
September 8, 2022 – Criminals
Ex-members of the Conti ransomware gang target Ukraine Full Text
Abstract
Some members of the Conti ransomware gang were involved in financially motivated attacks targeting Ukraine from April to August 2022. Researchers from Google's Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group...Security Affairs
September 08, 2022 – General
Over 80% of the top websites leak user searches to advertisers Full Text
Abstract
Security researchers at Norton Labs have found that roughly eight out of ten websites featuring a search bar will leak their visitor's search terms to online advertisers like Google.BleepingComputer
September 8, 2022 – Denial Of Service
Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues Full Text
Abstract
Since August 20, Cisco Talos has been monitoring suspected DDoS attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.Cisco Talos
September 08, 2022 – Ransomware
Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group Full Text
Abstract
Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker DEV-0270 (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd and Lifeweb, citing infrastructure overlaps between the group and the two organizations. "DEV-0270 leverages exploits for high-severity vulnerabilities to gain access to devices and is known for the early adoption of newly disclosed vulnerabilities," Microsoft said . "DEV-0270 also extensively uses living-off-the-land binaries (LOLBINs) throughout the attack chain for discovery and credential access. This extends to its abuse of the built-in BitLocker tool to encrypt files on compromised devices." The use of BitLocker and DiskCryptor by Iranian actorThe Hacker News
September 8, 2022 – Government
Albania interrupted diplomatic ties with Iran over the mid-July attack Full Text
Abstract
Albania interrupted diplomatic ties with Iran and expelled the country’s embassy staff over the mid-July attack. Albanian Prime Minister Edi Rama announced that Albania interrupted diplomatic ties with Iran and expelled the country’s embassy staff...Security Affairs
September 08, 2022 – Breach
Classified NATO documents stolen from Portugal, now sold on darkweb Full Text
Abstract
The Armed Forces General Staff agency of Portugal (EMGFA) has suffered a cyberattack that allegedly allowed the theft of classified NATO documents, which are now sold on the dark web.BleepingComputer
September 8, 2022 – General
Cyberattacks against U.S. hospitals mean higher mortality rates, study finds Full Text
Abstract
Two-thirds of respondents in the Ponemon study who had experienced ransomware attacks said they disrupted patient care, and 59% of them found they increased the length of patients’ stays, straining resources.NBC News
September 08, 2022 – Vulnerabilities
Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products Full Text
Abstract
Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service (DoS) condition and cause an impact on data integrity and confidentiality. "If an error condition is observed on the device interface, the device may either reload or fail to receive traffic, resulting in a denial-of-service (DoS) condition," Cisco said in a notice published on September 7. DPDK refers to a set of libraries and optimized network interface card (NIC) drivers for fast packet processing, offering a framework and common API for high-speed networking applications. Cisco said it investigated its product lineup and determined the following services to be affecteThe Hacker News
September 08, 2022 – Hacker
North Korean Lazarus hackers take aim at U.S. energy providers Full Text
Abstract
The North Korean APT group 'Lazarus' (APT38) is exploiting VMWare Horizon servers to access the corporate networks of energy providers in the United States, Canada, and Japan.BleepingComputer
September 07, 2022 – Vulnerabilities
HP fixes severe bug in pre-installed Support Assistant tool Full Text
Abstract
HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand.BleepingComputer
September 7, 2022 – APT
New Iran-linked APT42 group deploys Android spyware for cyberespionage Full Text
Abstract
Mandiant has collected enough evidence to determine that APT42 is a state-sponsored threat actor who engages in cyberespionage against individuals and organizations of particular interest to the Iranian government.Mandiant
September 07, 2022 – Criminals
Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks Full Text
Abstract
Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google's Threat Analysis Group (TAG), builds upon a prior report published in July 2022, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian war. "UAC-0098 is a threat actor that historically delivered the IcedID banking trojan , leading to human-operated ransomware attacks," TAG researcher Pierre-Marc Bureau said in a report shared with The Hacker News. "The attacker has recently shifted their focus to targeting Ukrainian organizations, the Ukrainian government, and European humanitarian and non-profit organizations." UAC-0098 is believed to have functioned as an initial access broker for ransomware groups such as Quantum and Conti (aka FIN12, Gold Ulrick, or Wizard Spiker), the former of which was subsumed by Conti in ApriThe Hacker News
September 7, 2022 – Malware
Experts spotted a new stealthy Linux malware dubbed Shikitega Full Text
Abstract
A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices....Security Affairs
September 07, 2022 – Vulnerabilities
Cisco won’t fix authentication bypass zero-day in EoL routers Full Text
Abstract
Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL).BleepingComputer
September 7, 2022 – Attack
Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin Full Text
Abstract
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations.Wordfence
September 07, 2022 – Policy and Law
Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards Full Text
Abstract
An international law enforcement operation has resulted in the dismantling of WT1SHOP , an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking control of four domains used by the website: "wt1shop[.]net," "wt1store[.]cc," "wt1store[.]com," and "wt1store[.]net." The website peddled over 5.85 million records of personally identifying information (PII), including approximately 25,000 scanned driver's licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards, the U.S. Justice Department (DoJ) said . The DoJ also unveiled a criminal complaint against Nicolai Colesnicov, accusing the 36-year-old individual from the Republic of Moldova of running the marketplace. Colesnicov has been charged with conspiracy and with trafficking in unThe Hacker News
September 7, 2022 – General
Challenges of User Authentication: What You Need to Know Full Text
Abstract
In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. As virtually every aspect of day-to-day...Security Affairs
September 07, 2022 – Botnet
Ukraine dismantles more bot farms spreading Russian disinformation Full Text
Abstract
The Cyber Department of the Ukrainian Security Service (SSU) dismantled two more bot farms that spread Russian disinformation on social networks and messaging platforms via thousands of fake accounts.BleepingComputer
September 7, 2022 – Malware
Malware in House of the Dragon downloads Full Text
Abstract
Cybercriminals abuse popular TV shows for their reach. The criminals load illegal downloads with malware and upload them to torrent and file-sharing websites. House of the Dragon is the latest such show to be targeted.Cyberwarzone
September 07, 2022 – Malware
New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices Full Text
Abstract
A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. "An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist," AT&T Alien Labs said in a new report published Tuesday. The findings add to a growing list of Linux malware that has been found in the wild in recent months, including BPFDoor , Symbiote , Syslogk , OrBit , and Lightning Framework . Once deployed on a targeted host, the attack chain downloads and executes the Metasploit's " Mettle " meterpreter to maximize control, exploits vulnerabilities to elevate its privileges, adds persistence on the host via crontab, and ultimately launches a cryptocurrency miner on infected devices. The exact method by which the initial compromise is achieved remains unknown as yet, but what makes ShikitegaThe Hacker News
September 7, 2022 – Vulnerabilities
Zyxel addressed a critical RCE flaw in its NAS devices Full Text
Abstract
Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. The...Security Affairs
September 07, 2022 – Attack
200,000 North Face accounts hacked in credential stuffing attack Full Text
Abstract
Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website.BleepingComputer
September 7, 2022 – General
The Cost of a Data Breach for Government Agencies Full Text
Abstract
Research shows that there is a knowledge and awareness gap in the public sector when it comes to security measures. This makes government offices attractive targets for cyber gangs.Security Intelligence
September 07, 2022 – Hacker
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns Full Text
Abstract
The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT . The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. "While being a relatively simple RAT capability-wise, it was built with recourse to the Qt Framework , with the sole intent of making human analysis harder, and automated detection through machine learning and heuristics less likely," Talos researchers Jung soo An, Asheer Malhotra, and Vitor Ventura said . Lazarus Group , also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers to a cluster of financial motivated and espionage-driven cyber activities undertaken by the North Korean government as a means to sidestep sanctions imposed on the country and meet its strategic objectivesThe Hacker News
September 7, 2022 – Botnet
Moobot botnet is back and targets vulnerable D-Link routers Full Text
Abstract
The Moobot botnet is behind a new wave of attacks that started in early August and that target vulnerable D-Link routers. Palo Alto Network’s Unit 42 researchers reported a new wave of attacks launched by the Moobot botnet that target vulnerable...Security Affairs
September 07, 2022 – APT
New Iranian hacking group APT42 deploys custom Android spyware Full Text
Abstract
A new Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest.BleepingComputer
September 7, 2022 – Policy and Law
Instagram faces $402 million fine for alleged mishandling of children’s data Full Text
Abstract
Instagram's parent company Meta said that it plans to appeal the decision by the Irish Data Protection Commissioner, which is the second-largest, privacy-based fine on record.CSO Online
September 07, 2022 – Education
4 Key Takeaways from “XDR is the Perfect Solution for SMEs” webinar Full Text
Abstract
Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand. In a recent survey , 58% of CISOs of SMEs said that their risk of attack was higher compared to enterprises. Yet, they don't have the same resources as enterprises – making it nearly impossible to protect their organizations from widespread and increasingly more sophisticated attacks that don't discriminate based on company size. What's their solution? Extended detection and response (XDR). During a recent webinar, Cynet's Director of Product Strategy, George Tubin , and guest speaker Senior Analyst at Forrester,Allie Mellen, discussed the most serious cybersecurity challenges for SMEs and how they can benefit from XDR platforms. Here are the four key takeaways from the conversation . The Biggest Cybersecurity Challenges for SMEThe Hacker News
September 07, 2022 – General
Are Default Passwords Hiding in Your Active Directory? Here’s how to check Full Text
Abstract
One of the biggest cybersecurity mistakes that an organization can make is failing to change a default password. The question is, how can you track down default passwords in your Windows Active Directory once they're no longer useful?BleepingComputer
September 7, 2022 – General
AMTSO Publishes Guidance for Testing IoT Security Products Full Text
Abstract
The Guidelines for Testing of IoT Security Products cover the principles for testing security products for IoT, recommendations on setting up testing environments, the testing for specific security functionality, and performance benchmarking.Security Week
September 07, 2022 – Botnet
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities Full Text
Abstract
A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks," Palo Alto Networks Unit 42 said in a Tuesday report. MooBot, first disclosed by Qihoo 360's Netlab team in September 2019, has previously targeted LILIN digital video recorders and Hikvision video surveillance products to expand its network. In the latest wave of attacks discovered by Unit 42 in early August 2022, as many as four different flaws in D-Link devices, both old and new, have paved the way for the deployment of MooBot samples. These include - CVE-2015-2051 (CVSS score: 10.0) - D-Link HNAP SOAPAction Header Command Execution Vulnerability CVE-2018-6530 (CVSS score: 9.8) - D-Link SOAP Interface ReThe Hacker News
September 07, 2022 – Denial Of Service
Ransomware gang’s Cobalt Strike servers DDoSed with anti-Russia messages Full Text
Abstract
Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity.BleepingComputer
September 07, 2022 – Vulnerabilities
Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released Full Text
Abstract
Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," the company said in an advisory released on September 6. The flaw affects the following versions - NAS326 (V5.21(AAZF.11)C0 and earlier) NAS540 (V5.21(AATB.8)C0 and earlier), and NAS542 (V5.21(ABAG.8)C0 and earlier) The disclosure comes as Zyxel previously addressed local privilege escalation and authenticated directory traversal vulnerabilities ( CVE-2022-30526 and CVE-2022-2030 ) affecting its firewall products in July. HackiThe Hacker News
September 07, 2022 – Attack
Albania blames Iran for July cyberattack, severs diplomatic ties Full Text
Abstract
Albanian Prime Minister Edi Rama announced on Wednesday that the entire staff of the Embassy of the Islamic Republic of Iran was asked to leave within 24 hours.BleepingComputer
September 07, 2022 – Attack
Google says former Conti ransomware members now attack Ukraine Full Text
Abstract
Google says some former Conti cybercrime gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations (NGOs).BleepingComputer
September 06, 2022 – Criminals
US seizes WT1SHOP market selling credit cards, credentials, and IDs Full Text
Abstract
An international law enforcement operation has seized the website and domains for WT1SHOP, a criminal marketplace that sold stolen credit cards, I.D. cards, and millions of login credentials.BleepingComputer
September 6, 2022 – General
What’s polluting your data lake? Full Text
Abstract
With digital transformations having occurred over the past couple of years, cloud data storage has significantly increased. As enterprise data lakes and cloud storage environments expand, cybersecurity will become a greater challenge.Help Net Security
September 06, 2022 – Hacker
Worok Hackers Target High-Profile Asian Companies and Governments Full Text
Abstract
High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020. "Worok's toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files," ESET researcher Thibaut Passilly said in a new report published today. Worok is said to share overlaps in tools and interests with another adversarial collective tracked as TA428 , with the group linked to attacks against entities spanning energy, financial, maritime, and telecom sectors in Asia as well as a government agency in the Middle East and a private firm in southern Africa. Malicious activities undertaken by the group experienced a noticeable break from May 2021 to January 2022, before resuming the next month. The Slovak cybersecurity firm assessed the group's goalsThe Hacker News
September 6, 2022 – Attack
The Los Angeles Unified School District hit by a ransomware attack Full Text
Abstract
One of the US largest School districts, the Los Angeles Unified School District, suffered a ransomware attack during the weekend. The Los Angeles Unified School District is one of the largest school distinct in the US, it was hit by a ransomware attack...Security Affairs
September 06, 2022 – Botnet
Moobot botnet is coming for your unpatched D-Link router Full Text
Abstract
The Mirai malware botnet variant known as 'MooBot' has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits.BleepingComputer
September 6, 2022 – Ransomware
Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa Full Text
Abstract
Victims of this ransomware first surfaced in Bleeping Computer forums in June 2022. A month later, more details about Play ransomware were published on the “No-logs No breach” website.Trend Micro
September 06, 2022 – Hacker
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks Full Text
Abstract
Cybersecurity researchers have offered fresh insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on." Also tracked under the names Evil Corp, Gold Drake, Dudear, Indrik Spider, and SectorJ04, TA505 is an aggressive Russian cybercrime syndicate behind the infamous Dridex banking trojan and which has been linked to a number of ransomware campaigns in recent years. It's also said to be connected to the Raspberry Robin attacks that emerged in September 2021, with similarities uncovered between the malware and Dridex. Other notable malware families associated with the groupThe Hacker News
September 6, 2022 – Malware
A new Android malware used to spy on the Uyghur Community Full Text
Abstract
Experts spotted new Android spyware that was used by China-linked threat actors to spy on the Uyghur community in China. Researchers from Cyble Research & Intelligence Labs (CRIL) started their investigation after MalwareHunterTeam experts shared...Security Affairs
September 06, 2022 – Malware
Minecraft is hackers’ favorite game title for hiding malware Full Text
Abstract
Security researchers have discovered that Minecraft is the most heavily abused game title by cybercriminals, who use it to lure unsuspecting players into installing malware.BleepingComputer
September 6, 2022 – Criminals
Russian-speaking cyber criminals feel economic pinch Full Text
Abstract
Russian-speaking cybercriminals face falling financial returns following Russia’s invasion of Ukraine, with many scams becoming redundant almost overnight due to sanctions and increased scrutiny of Russian entities, say Digital Shadows researchers.Computer Weekly
September 06, 2022 – General
Integrating Live Patching in SecDevOps Workflows Full Text
Abstract
SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to organizations that the existing development framework doesn't work and that something new is needed. But what exactly is SecDevOps, why should you embrace it – and how can you do it more easily in practice? The fundamentals of SecDevOps By itself, SecDevOps is not just one single improvement. You may see it as a new tool, or set of tools, or perhaps a different mindset. Some might see SecDevOps as a culture. In reality, it's all of those factors wrapped into a new approach to development that's intended to put security first. SecDevOps rely on highly reproducible scenarios, touching on topics such as systemThe Hacker News
September 6, 2022 – Hacker
Experts discovered TeslaGun Panel used by TA505 to manage its ServHelper Backdoor Full Text
Abstract
Researchers discovered a previously undocumented software control panel, named TeslaGun, used by a cybercrime gang known as TA505. Researchers from cybersecurity firm PRODAFT have discovered a previously undocumented software control panel, tracked...Security Affairs
September 06, 2022 – Government
FBI warns of Vice Society ransomware attacks on school districts Full Text
Abstract
FBI, CISA, and MS-ISAC warned today of U.S. school districts being increasingly targeted by the Vice Society ransomware group, with more attacks expected after the new school year start.BleepingComputer
September 6, 2022 – Vulnerabilities
Mirai Variant MooBot Targeting D-Link Devices Full Text
Abstract
In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products.Palo Alto Networks
September 06, 2022 – Phishing
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security Full Text
Abstract
A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers said in a Monday write-up. The platform generates phishing links that are nothing but cloned pages designed to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others. EvilProxy is similar to adversary-in-the-middle ( AiTM ) attacks in that users interact with a malicious proxy server that acts as a go-between for the target website, covertly harvesting the credentials and 2FA passcodes entered in the login pages. It's offered on a subscription basis per serviceThe Hacker News
September 6, 2022 – Government
China accuses the US of cyberattacks Full Text
Abstract
China accuses the United States of conducting tens of thousands of cyberattacks on its country, including cyberespionage campaigns. The Government of Beijing accused the United States of launching tens of thousands of cyberattacks on China. The attacks...Security Affairs
September 06, 2022 – Vulnerabilities
Zyxel releases new NAS firmware to fix critical RCE vulnerability Full Text
Abstract
Zyxel Corporation, the Taiwanese networking and data storage device maker, has issued a security advisory to warn clients of a critical remote code execution (RCE) vulnerability impacting three models of its NAS products.BleepingComputer
September 6, 2022 – General
The rise of ransomware and what can be done about it Full Text
Abstract
Ransomware cybercriminal gangs and markets have made adjustments to their original ransom demands and found a near limitless demand for targeted ransomware, enabling them to up their extortion demands.Avast
September 06, 2022 – Privacy
Researchers Find New Android Spyware Campaign Targeting Uyghur Community Full Text
Abstract
A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China. The malware comes under the guise of a book titled " The China Freedom Trap ," a biography written by the exiled Uyghur leader Dolkun Isa. "In light of the ongoing conflict between the Government of the People's Republic of China and the Uyghur community, the malware disguised as the book is a lucrative bait employed by threat actors (TAs) to spread malicious infection in the targeted community," cybersecurity firm Cyble said in a report published Monday. The existence of the malware samples, which come with the package name " com.emc.pdf ," was first disclosed by researchers from the MalwareHunterTeam late last month. Distributed outside of the official Google Play Store, the app, once installed and opened, displays a few pages of the book, includiThe Hacker News
September 6, 2022 – Criminals
Interpol dismantled sextortion ring in Asia Full Text
Abstract
Interpol arrested 12 individuals which are suspected to be core members of a transnational sextortion ring. Interpol announced the arrest of 12 individuals suspected to be core members of a transnational sextortion ring. The arrests took place in July...Security Affairs
September 06, 2022 – Outage
InterContinental Hotels Group cyberattack disrupts booking systems Full Text
Abstract
Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted since yesterday after its network was breached.BleepingComputer
September 6, 2022 – Malware
New Stealthy Malware Dubbed Shikitega Targeting Linux Systems Full Text
Abstract
The malware downloads and executes Metasploit’s “Mettle” meterpreter to maximize its control of infected machines. Shikitega exploits system vulnerabilities to gain high privileges, persist and execute cryptominer.AT&T Cybersecurity
September 06, 2022 – Ransomware
QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw Full Text
Abstract
QNAP has issued a new advisory urging users of its network-attached storage (NAS) devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software. The Taiwanese company said it detected the attacks on September 3 and that "the campaign appears to target QNAP NAS devices running Photo Station with internet exposure." The issue has been addressed in the following versions - QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Details of the flaw have been kept under wraps for now, but the company is advising users to disable port forwarding on the routers, prevent NAS devices from being accessible on the Internet, upgrade NAS firmware, apply strong passwords for user accounts, and take regulaThe Hacker News
September 06, 2022 – Malware
New Linux malware evades detection using multi-stage deployment Full Text
Abstract
A new stealthy Linux malware known as Shikitega has been discovered infecting computers and IoT devices with additional payloads.BleepingComputer
September 6, 2022 – Business
New strategic growth investment in Hornetsecurity Full Text
Abstract
Hornetsecurity announced that TA Associates has signed a definitive agreement to make a strategic growth investment in the Company. TA will join existing investors PSG Equity and Verdane, as well as the Company’s management team.Help Net Security
September 06, 2022 – Hacker
New Worok cyber-espionage group targets governments, high-profile firms Full Text
Abstract
A newly discovered cyber-espionage group has been hacking governments and high-profile companies in Asia since at least 2020 using a combination of custom and existing malicious tools.BleepingComputer
September 06, 2022 – Ransomware
Second largest U.S. school district LAUSD hit by ransomware Full Text
Abstract
Los Angeles Unified (LAUSD), the second largest school district in the U.S., disclosed that a ransomware attack hit its Information Technology (IT) systems over the weekend.BleepingComputer
September 05, 2022 – Phishing
New EvilProxy service lets all hackers use advanced phishing tactics Full Text
Abstract
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI.BleepingComputer
September 5, 2022 – Vulnerabilities
Critical Flaw in TikTok Allows Account Hijacking Full Text
Abstract
A now-patched, high-severity flaw in the Android version of TikTok could have resulted in attackers hijacking user accounts with a single click - disclosed Microsoft. Attackers can use that access to modify users' TikTok profiles and sensitive information, such as sending messages, posting private ... Read MoreCyware Alerts - Hacker News
September 05, 2022 – Disinformation
TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users’ Information Full Text
Abstract
Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our security team investigated these claims and found no evidence of a security breach." The denial follows alleged reports of a hack that surfaced on the Breach Forums message board on September 3, with the threat actor noting that the server holds 2.05 billion records in a humongous 790GB database. "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?," the hacking group known as BlueHornet (aka AgainstTheWest ) tweeted over the weekend. Bob Diachenko, threat intelligence researcher at Security Discovery, said the breach is "real" and that the data iThe Hacker News
September 5, 2022 – Ransomware
QNAP warns new Deadbolt ransomware attacks exploiting zero-day Full Text
Abstract
QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability...Security Affairs
September 05, 2022 – Criminals
Interpol dismantles sextortion ring, warns of increased attacks Full Text
Abstract
A transnational sextortion ring was uncovered and dismantled following a joint investigation between Interpol's cybercrime division and police in Singapore and Hong Kong.BleepingComputer
September 5, 2022 – Government
Election Officials Have Been Largely Successful in Deterring Cyber Threats, CISA Official Says Full Text
Abstract
The head of CISA’s National Risk Management Center pointed to public-private partnerships and enhanced resource-sharing activities as key to defending against outside threats to voting systems.Nextgov
September 05, 2022 – Education
What Is Your Security Team Profile? Prevention, Detection, or Risk Management Full Text
Abstract
Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist! Most attacks succeed by taking advantage of common failures in their target's systems. Whether new or not, known, unknown, or even unknown, attacks leverage security gaps such as unpatched or uncharted vulnerabilities, misconfigurations, out-of-date systems, expired certificates, human errors, etc. As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools toThe Hacker News
September 5, 2022 – Breach
TikTok denies data breach following leak of user data Full Text
Abstract
Threat actors published a sample of data allegedly stolen from TikTok, but the company denies it was breached. The hacking collective AgainstTheWest recently published a post on Breach Forums message board claiming to have hacked TikTok and stolen...Security Affairs
September 05, 2022 – Vulnerabilities
QNAP patches zero-day used in new Deadbolt ransomware attacks Full Text
Abstract
QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station.BleepingComputer
September 5, 2022 – Vulnerabilities
CSRF flaw in csurf NPM package aimed at protecting against the same flaws Full Text
Abstract
Researchers found that while the popular package was intended to defend against CSRF, a CSRF bug has lain dormant within the code since the last version release, impacting any application using the open source package.The Daily Swig
September 05, 2022 – Criminals
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus Full Text
Abstract
A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.sys") is signed with a valid certificate, thereby making it possible to circumvent privileges and terminate services associated with endpoint protection applications. Genshin Impact is a popular action role-playing game that was developed and published by Shanghai-based developer miHoYo in September 2020. The driver used in the attack chain is said to have been built in August 2020, with the existence of the flaw in the module discussed after the release of the game, and leading to exploits demonstrating the ability to kill any arbitrary process and escalate to kernel mode. The idea, in a nutshell, is to use the legThe Hacker News
September 5, 2022 – Vulnerabilities
Windows Defender identified Chromium, Electron apps as Hive Ransomware Full Text
Abstract
Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify...Security Affairs
September 05, 2022 – Attack
TikTok denies security breach after hackers leak user data, source code Full Text
Abstract
TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "completely unrelated" to the company.BleepingComputer
September 5, 2022 – Business
Titan Security Group acquires Prudential Security to expand its service footprint Full Text
Abstract
Titan Security Group has completed the acquisition of the security staffing operation of Prudential Security, a security solutions provider based in Taylor, Michigan. Titan is a portfolio company of Quad C Management.Help Net Security
September 05, 2022 – Malware
Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan Full Text
Abstract
The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT said in a report. "Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats." The apps in question, Mister Phone Cleaner and Kylhavy Mobile Security, have over 60,000 installations between them and are designed to target users in Spain, Australia, Poland, Germany, the U.S., and Austria - Mister Phone Cleaner (com.mbkristine8.cleanmaster, 50,000+ downloads) Kylhavy Mobile Security (com.kylhavy.antivirus, 10,000+ downloads) The droppers are designed to drop a new version of SharkBot, dubbed V2 by Dutch security firm ThreatFabric, which features an updated coThe Hacker News
September 5, 2022 – Phishing
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web Full Text
Abstract
Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Original post: https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Following...Security Affairs
September 5, 2022 – Phishing
EvilProxy Phishing-as-a-Service with MFA Bypass Capability Emerged in the Dark Web Full Text
Abstract
Early occurrences of EvilProxy have been initially identified in connection to attacks against Google and MSFT customers who have MFA enabled on their accounts – either with SMS or Application Token.Resecurity
September 5, 2022 – Malware
A new SharkBot variant bypassed Google Play checks again Full Text
Abstract
Experts spotted an upgraded version of the SharkBot malware that was uploaded to the official Google Play Store. Fox IT researchers have spotted an upgraded version of a SharkBot dropper that was uploaded to the official Google Play Store. While...Security Affairs
September 5, 2022 – Breach
US Federal Tax Agency Inadvertently Exposed 120,000 Taxpayers’ Confidential Information Full Text
Abstract
The exposed data did not include Social Security numbers, full individual income information, detailed financial account data, or other information that could impact a taxpayer’s credit.Yahoo Finance
September 5, 2022 – Malware
New SharkBot Banking Trojan Variant Bypassed Google Play Store Checks Again Full Text
Abstract
The malware was observed targeting the mobile users of banks in Italy, the UK, and the US. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts.Security Affairs
September 5, 2022 – Skimming
Magecart’s New JavaScript Skimmer Targets Magento Websites Full Text
Abstract
Cyble researchers spotted and analyzed a new JavaScript skimmer used by the Magecart threat group to target Magento e-commerce sites and steal payment data. The malicious JS code is loaded with standard skimmer anti-detection features. Magento e-commerce site owners should deploy the right too ... Read MoreCyware Alerts - Hacker News
September 04, 2022 – Vulnerabilities
Microsoft Defender falsely detects Win32/Hive.ZY in Google Chrome, Electron apps Full Text
Abstract
A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as 'Win32/Hive.ZY' each time the apps are opened in Windows.BleepingComputer
September 4, 2022 – Phishing
A new phishing scam targets American Express cardholders Full Text
Abstract
Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The messages use a malicious...Security Affairs
September 04, 2022 – Malware
SharkBot malware sneaks back on Google Play to steal your logins Full Text
Abstract
A new and upgraded version of the SharkBot malware has returned to Google's Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations.BleepingComputer
September 4, 2022 – Attack
Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow Full Text
Abstract
The popular collective Anonymous and the IT Army of Ukraine hacked the Yandex Taxi app causing a massive traffic jam in Moscow. This week Anonymous announced to have hacked the Yandex Taxi app, the largest taxi service in Russia, and used it to cause...Security Affairs
September 4, 2022 – Breach
IRS mistakenly published confidential info for roughly 120K taxpayers Full Text
Abstract
The Internal Revenue Service (IRS) mistakenly leaked confidential information for approximately 120,000 taxpayers. Bad news for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns, the Internal Revenue Service has accidentally...Security Affairs
September 4, 2022 – Malware
Alleged Iranian threat actors leak the code of their CodeRAT malware Full Text
Abstract
The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the SafeBreach...Security Affairs
September 3, 2022 – Vulnerabilities
Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects Full Text
Abstract
A pair of security vulnerabilities discovered in the GitHub environments of two very popular open source projects from Apache and Google could be used to stealthily modify project source code, steal secrets, and move laterally inside an organization.Dark Reading
September 3, 2022 – Breach
Anonymous hacked Russian Yandex taxi app causing a massive traffic jam Full Text
Abstract
According to Forbes Russia, the cabs were directed to one of the main avenues in Moscow, Kutuzovsky Prospekt, which is widely known for the Stalinist-era building called Hotel Ukraina (Hotel Ukraine).Hackread
September 03, 2022 – Breach
IRS data leak exposes personal info of 120,000 taxpayers Full Text
Abstract
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns.BleepingComputer
September 03, 2022 – Malware
Malware dev open-sources CodeRAT after being exposed Full Text
Abstract
The source code of a remote access trojan (RAT) dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.BleepingComputer
September 3, 2022 – General
Security Affairs newsletter Round 382 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Google...Security Affairs
September 3, 2022 – Vulnerabilities
Google rolled out emergency fixes to address actively exploited Chrome zero-day Full Text
Abstract
Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in the wild. Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser...Security Affairs
September 03, 2022 – Breach
Samsung Admits Data Breach that Exposed Details of Some U.S. Customers Full Text
Abstract
South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice. "On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected." Samsung said the infiltration enabled hackers to access certain data such as names, contact and demographic information, dates of birth, and product registration details. It stressed that the incident did not affect users' Social Security numbers or credit and debit card numbers, but noted the information leaked for each relevant customer may vary. The collected information is necessary to help the company deliver the best experience with its products and services,The Hacker News
September 03, 2022 – Vulnerabilities
Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability Full Text
Abstract
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075 , concerns a case of insufficient data validating in Mojo , which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022. "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the internet giant said , without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw. The latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year - CVE-2022-0609 - Use-after-free in Animation CVE-2022-1096 - Type confusion in V8 CVE-2022-1364 -The Hacker News
September 02, 2022 – Vulnerabilities
Google Chrome emergency update fixes new zero-day used in attacks Full Text
Abstract
Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year.BleepingComputer
September 2, 2022 – Ransomware
Linux devices ‘increasingly’ under attack from hackers, warn security researchers Full Text
Abstract
There's been a big rise in ransomware attacks targeting Linux as cybercriminals look to expand their options and exploit an operating system that is often overlooked when businesses think about security.ZDNet
September 2, 2022 – Breach
Samsung discloses a second data breach this year Full Text
Abstract
Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that...Security Affairs
September 02, 2022 – Ransomware
BlackCat ransomware claims attack on Italian energy agency Full Text
Abstract
The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA (GSE) over the weekend.BleepingComputer
September 2, 2022 – General
Cybersecurity ranked most serious enterprise risk in 2022 Full Text
Abstract
Amid increasing geopolitical tensions and consumer privacy concerns, 40% of business leaders ranked cybersecurity as the number one serious risk facing their companies in a new survey by PwC.Security Magazine
September 2, 2022 – Malware
The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals Full Text
Abstract
The information-stealing malware Prynt Stealer contains a backdoor that allows stealing the data it has infiltrated from victims. Zscaler researchers discovered Telegram channel-based backdoor in the information stealing malware, Prynt Stealer, which...Security Affairs
September 02, 2022 – Malware
Dev backdoors own malware to steal data from other hackers Full Text
Abstract
Cybercriminals using Prynt Stealer to collect data from victims are being swindled by the malware developer, who also receives a copy of the info over Telegram messaging service.BleepingComputer
September 2, 2022 – Government
FBI: Crooks stole $1b+ in cryptocurrency already this year Full Text
Abstract
The FBI has urged people to be cautious and heavily research a DeFi – decentralized finance – provider before putting your money into it, after more than a billion dollars was stolen from these providers in three months.The Register
September 02, 2022 – Malware
Prynt Stealer Contains a Backdoor to Steal Victims’ Data Stolen by Other Cybercriminals Full Text
Abstract
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer , which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. "While this untrustworthy behavior is nothing new in the world of cybercrime, the victims' data end up in the hands of multiple threat actors, increasing the risks of one or more large scale attacks to follow," Zscaler ThreatLabz researchers Atinderpal Singh and Brett Stone-Gross said in a new report. Prynt Stealer, which came to light earlier this April, comes with capabilities to log keystrokes, steal credentials from web browsers, and siphon data from Discord and Telegram. It's sold for $100 for a one-month license and $900 for a lifetime subscription. The cybersecurity firm analysis of Prynt Stealer shows that its codebase is derived from two other open source malware families, AsyncRAT andThe Hacker News
September 2, 2022 – Ransomware
Another Ransomware For Linux Likely In Development Full Text
Abstract
Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems...Security Affairs
September 02, 2022 – Breach
Samsung discloses data breach after July hack Full Text
Abstract
Electronics giant Samsung has confirmed a new data breach today after some of its U.S. systems were hacked to steal customer data.BleepingComputer
September 2, 2022 – Solution
Apple overhauls built-in Mac anti-malware you probably don’t know about Full Text
Abstract
Called "XProtect," this system service downloads and installs new malware definitions in the background in between major macOS security updates, mostly to protect against the installation of known, in-the-wild malware.ARS Technica
September 02, 2022 – Phishing
JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users Full Text
Abstract
More details have emerged about the operators behind the first-known phishing campaign specifically aimed at the Python Package Index (PyPI), the official third-party software repository for the programming language. Connecting it to a threat actor tracked as JuiceLedger , cybersecurity firm SentinelOne, along with Checkmarx, described the group as a relatively new entity that surfaced in early 2022. Initial "low-key" campaigns are said to have involved the use of rogue Python installer applications to deliver a .NET-based malware called JuiceStealer that's engineered to siphon passwords and other sensitive data from victims' web browsers. The attacks received a significant facelift last month when the JuiceLedger actors targeted PyPi package contributors in a phishing campaign, resulting in the compromise of three packages with malware. "The supply chain attack on PyPI package contributors appears to be an escalation of a campaign begun earlier in thThe Hacker News
September 2, 2022 – Criminals
Experts link Raspberry Robin Malware to Evil Corp cybercrime gang Full Text
Abstract
Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader,...Security Affairs
September 02, 2022 – Attack
Damart clothing store hit by Hive ransomware, $2 million demanded Full Text
Abstract
Damart, a French clothing company with over 130 stores across the world, is being extorted for $2 million after a cyberattack from the Hive ransomware gang.BleepingComputer
September 2, 2022 – Criminals
Terrorists relying on cybercrime for funding since Covid-19: APG Report Full Text
Abstract
Terrorist groups are increasingly relying on criminal activities, including cybercrime and online frauds, scams to finance their illicit activities, according to the annual report of Asia Pacific Group on Money Laundering.The Times Of India
September 02, 2022 – General
The Ultimate Security Blind Spot You Don’t Know You Have Full Text
Abstract
How much time do developers spend actually writing code? According to recent studies , developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process, only to surface after an application has been deployed. The disappointing part is that many of these security flaws and bugs could have been resolved in an earlier stage and there are proper methods and tools to uncover them. How much time does a developer spend on learning to write a functioning code? And how much is spent on learning about code security? Or learning how not to code?" Wouldn't it be better to eradicate the problem from the system rather than having it there, and then trying to detect and stop an ongoing attack targeting it? You can test your secure coding skills with this short self-assessment. The true cost of bugs Everyone makes mistakes, even developers.The Hacker News
September 2, 2022 – Vulnerabilities
Google Chrome issue allows overwriting the clipboard content Full Text
Abstract
A security issue in the Google Chrome browser could allow malicious web pages to automatically overwrite clipboard content. A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically...Security Affairs
September 02, 2022 – Criminals
San Francisco 49ers: Blackbyte ransomware gang stole info of 20K people Full Text
Abstract
NFL's San Francisco 49ers are mailing notification letters confirming a data breach affecting more than 20,000 individuals following a ransomware attack that hit its network earlier this year.BleepingComputer
September 2, 2022 – Ransomware
Another Ransomware for Linux Likely in Development Full Text
Abstract
The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware that encrypts the files inside Linux systems based on the given folder path.Security Affairs
September 02, 2022 – Vulnerabilities
Warning: PyPI Feature Executes Code Automatically After Python Package Download Full Text
Abstract
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb said in a technical report published this week. "Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates." One of the ways by which packages can be installed for Python is by executing the " pip install " command, which, in turn, invokes a file called "setup.py" that comes bundled along with the module. "setup.py," as the name implies, is a setup script that's used to specify metadata associated witThe Hacker News
September 2, 2022 – Attack
Attack infrastructure used in Cisco hack linked to Evil Corp affiliate Full Text
Abstract
Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also...Security Affairs
September 2, 2022 – Hacker
Traffers threat: The invisible thieves Full Text
Abstract
Traffers — from the Russian word “???????,” also referred to as “worker” — are cybercriminals responsible for redirecting Internet users network traffic to malicious content that they operate, this content being malware most of the time.Tech Republic
September 02, 2022 – Malware
New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers Full Text
Abstract
Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson said in a Thursday analysis. Raspberry Robin (aka QNAP Worm), first discovered by cybersecurity company Red Canary in September 2021, has remained something of a mystery for nearly a year, partly owing to the noticeable lack of post-exploitation activities in the wild. That changed in July 2022 when Microsoft revealed that it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections, with potential connections identified between DEV-0206 and DEV-0243 (aka Evil Corp). The malware is known to be delivered from a compromisedThe Hacker News
September 01, 2022 – Attack
New ransomware hits Windows, Linux servers of Chile govt agency Full Text
Abstract
Chile's national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country.BleepingComputer
September 1, 2022 – Breach
Tulsa Tech Hit By Data Breach Full Text
Abstract
According to the school, an unknown actor accessed the district's systems in June and took files from the network, including the names and Social Security numbers of students.News9
September 01, 2022 – General
Stop Worrying About Passwords Forever Full Text
Abstract
So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Think about it, internal apps that you do not want to integrate with third-party identity providers, government services, legacy applications, and even SaaS providers may not want to invest in new integrations or restrict their existing authentication methods. After all, online businesses are interested in user traction, and security usually brings friction. For example, a few days ago, Kickstarter sent out millions of password reset emails "simplifying its login process," including for people that used social login without a password. Though you may be able to remove passwords from many enterprise components, a large portion of third-party providers, government portals, business suppliers, and SaaS services will stillThe Hacker News
September 1, 2022 – Skimming
Researchers analyzed a new JavaScript skimmer used by Magecart threat actors Full Text
Abstract
Researchers from Cyble analyzed a new, highly evasive JavaScript skimmer used by Magecart threat actors. Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter a new JavaScript skimmer developed by the Magecart...Security Affairs
September 01, 2022 – General
Microsoft will disable Exchange Online basic auth next month Full Text
Abstract
Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022.BleepingComputer
September 1, 2022 – Vulnerabilities
WatchGuard firewall exploit threatens appliance takeover Full Text
Abstract
WatchGuard has patched several vulnerabilities in two main firewall brands that have been rated between medium and critical severity. In combination, two of the flaws enable pre-authentication remote root on every WatchGuard Firebox or XTM appliance.The Daily Swig
September 01, 2022 – Ransomware
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks Full Text
Abstract
The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in a report shared with The Hacker News. It's worth noting that the double extortion ransomware family has no connection to an Android banking trojan of the same name, which targets mobile banking and cryptocurrency apps to siphon sensitive information. Initial access to victim networks is achieved via successful exploitation of the ProxyShell Microsoft Exchange Server flaws, leveraging it to either drop a web shell or an ngrok payload for follow-on activities. "BianLian has also targeted SonicWall VPN devices for exploitation, another common target for ransomware groups,&The Hacker News
September 1, 2022 – Criminals
Ragnar Locker ransomware gang claims to have stolen data from TAP Air Portugal Full Text
Abstract
The Ragnar Locker ransomware gang claims to have hacked the Portuguese state-owned flag carrier airline TAP Air Portugal and stolen customers' data. The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal...Security Affairs
September 01, 2022 – Attack
Montenegro hit by ransomware attack, hackers demand $10 million Full Text
Abstract
The government of Montenegro has admitted that its previous allegations about Russian threat actors attacking critical infrastructure in the country were false and now blames ransomware for the damage to its IT infrastructure that has caused extensive service disruptions.BleepingComputer
September 1, 2022 – Policy and Law
‘Extortionist’ cybersecurity firm headed back to court Full Text
Abstract
According to LabMD, it declined to hire Tiversa after it could find no evidence of a leak. And in response, the cybersecurity shop retaliated against LabMD, the medical company claimed.The Register
September 01, 2022 – Breach
Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials Full Text
Abstract
Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News. Interestingly, a little more than 50% of the apps were found using the same AWS tokens found in other apps maintained by other developers and companies, indicating a supply chain vulnerability. "The AWS access tokens could be traced to a shared library, third-party SDK, or other shared component used in developing the apps," the researchers said. These credentials are typically used for downloading appropriate resources necessary for the app's functions as well as accessing configuration files and authenticating to other cloud services. To make matters worse, 47% of the identiThe Hacker News
September 1, 2022 – Vulnerabilities
1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials Full Text
Abstract
Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec's Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services...Security Affairs
September 01, 2022 – Government
NSA and CISA share tips to secure the software supply chain Full Text
Abstract
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance today with tips on how to secure the software supply chain.BleepingComputer
September 1, 2022 – Attack
Migration Policy Organization Confirms Cyberattack After Extortion Group Touts Data Theft Full Text
Abstract
The organization is in the process of investigating what information was compromised, according to Bernhard Schragl, communication coordinator for ICMPD, who added that they have reported the incident to law enforcement agencies.The Record
September 01, 2022 – Attack
Infra Used in Cisco Hack Also Targeted Workforce Management Solution Full Text
Abstract
The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm Sentire, which disclosed the findings, raised the possibility that the intrusions could be the work of a criminal actor known as mx1r, who is said to be a member of the Evil Corp affiliate cluster dubbed UNC2165 . Evil Corp, the progenitors of the infamous Dridex banking trojan, have, over the years, refined their modus operandi to run a series of ransomware operations to sidestep sanctions imposed by the U.S. Treasury in December 2019. Initial access to the company's IT network was made possible by using stolen Virtual Private Network (VPN) credentials, followed by leveraging off-the-shelf tools for lateral movement and gaining deeper access into the victim's environment. "Using Cobalt Strike, the attackers were able to gain an initThe Hacker News
September 1, 2022 – Government
FBI is helping Montenegro in investigating the ongoing cyberattack Full Text
Abstract
A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive cyberattack. A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating...Security Affairs
September 01, 2022 – Phishing
Thousands lured with blue badges in Instagram phishing attack Full Text
Abstract
A new Instagram phishing campaign is underway, attempting to scam users of the popular social media platform by luring them with a blue-badge offer.BleepingComputer
September 1, 2022 – Education
Security Culture: An OT Survival Story Full Text
Abstract
A risk-based approach will help IT and OT professionals by standardizing key metrics like life, health, safety, not to mention the impact on production capacity and efficiency.Dark Reading
September 01, 2022 – Vulnerabilities
Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App Full Text
Abstract
Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft 365 Defender Research Team said in a write-up. Successful exploitation of the flaw could have permitted malicious actors to access and modify users' TikTok profiles and sensitive information, leading to the unauthorized exposure of private videos. Attackers could also have abused the bug to send messages and upload videos on behalf of users. The issue, addressed in version 23.7.3, impacts two flavors of its Android app com.ss.android.ugc.trill (for East and Southeast Asian users) and com.zhiliaoapp.musically (for users in other countries except for India, wherThe Hacker News
September 1, 2022 – Vulnerabilities
Apple released patches for recently disclosed WebKit zero-day in older iPhones and iPads Full Text
Abstract
Apple released new security updates for older iPhone and iPad devices addressing recently fixed WebKit zero-day. Apple has released new updates to backport patches released this month to older iPhone and iPad devices addressing the...Security Affairs
September 01, 2022 – Breach
Neopets says hackers had access to its systems for 18 months Full Text
Abstract
Neopets has released details about the recently disclosed data breach incident that exposed personal information of more than 69 million members.BleepingComputer
September 1, 2022 – Attack
Ransomware Attacks Target Chilean Government Agencies Through Windows and VMware ESXi Servers Full Text
Abstract
Chile’s Ministry of Interior reported last week that a government agency had its systems and online services disrupted by a piece of ransomware that targeted Windows and VMware ESXi servers.Security Week
September 01, 2022 – Insider Threat
Over 1,000 iOS apps found exposing hardcoded AWS credentials Full Text
Abstract
Security researchers are raising the alarm about mobile app developers relying on insecure practices that expose Amazon Web Services (AWS) credentials, making the supply chain vulnerable.BleepingComputer
September 1, 2022 – Government
US Army to create new offensive cyber and space program office Full Text
Abstract
The new colonel-led, or O-6 level, program office will be under Program Executive Office Intelligence Electronic Warfare and Sensors and will be aptly called Program Manager Cyber and Space, officials told reporters on Tuesday.Fed Scoop
September 01, 2022 – Vulnerabilities
Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability Full Text
Abstract
Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. The tech giant said it fixed the bug with improved bounds checking. An anonymous researcher has been credited for reporting the vulnerability. The iOS 12.5.6 update is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). "iOS 12 is not impacted by CVE-2022-32894," Apple noted in its advisory. The latest set of patches arrived weeks after the iPhone maker remediated the two flaws in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 as part of updates shipped on August 18, 2022. "Apple is aware of a report that thiThe Hacker News