February, 2022
February 28, 2022 – Attack
Axis Communications shares details on disruptive cyberattack Full Text
Abstract
Axis Communications has published a post mortem about a cyberattack that caused severe disruption in their systems, with some systems still partially offline.BleepingComputer
February 28, 2022 – Ransomware
DeadBolt Ransomware Eyeing ASUSTOR Devices Full Text
Abstract
Deadbolt ransomware hackers crippled the networks of Asustor NAS drives users and attempted to extort 0.03 BTC for the release of a decryption key. Multiple reports indicate that the AS6102T, AS6602T, AS5304T, AS5304T, and AS-6210T-4K models are unaffected. Meanwhile, ASUSTOR is planning to release ... Read MoreCyware Alerts - Hacker News
February 28, 2022 – General
Hillicon Valley — Presented by Ericsson — Facebook removes Russian misinformation campaign Full Text
Abstract
Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 28, 2022 – Vulnerabilities
100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature Full Text
Abstract
A group of academics from Tel Aviv University have disclosed details of now-patched "severe" design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android's hardware-backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 flagship devices, researchers Alon Shakevsky, Eyal Ronen, and Avishai Wool said . Trusted Execution Environments ( TEEs ) are a secure zone that provide an isolated environment for the execution of Trusted Applications (TAs) to carry out security critical tasks to ensure confidentiality and integrity. On Android, the hardware-backed Keystore is a system that facilitates the creation and storage of cryptographic keys within the TEE, making them more difficult to be extracted from the device in a manner that prevents the underlying operating system frThe Hacker News
February 28, 2022 – Attack
Microsoft: Ukraine hit with new FoxBlade malware hours before invasion Full Text
Abstract
Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia's invasion of Ukraine on February 24th.BleepingComputer
February 28, 2022 – Attack
UNC2596 Deploys Cuba Ransomware via Microsoft Exchange Server Vulnerabilities Full Text
Abstract
According to Mandiant, UNC2596 has been launching such campaigns since August 2021. It has targeted utility providers, government agencies, and organizations that support non-profits and healthcare entities.Cyware Alerts - Hacker News
February 28, 2022 – Outage
Toyota suspends production in Japan following possible cyberattack Full Text
Abstract
Toyota Motor Corporation, the Japanese multinational automotive manufacturer, said on Monday that it's suspending domestic factory operations starting Tuesday following a cyberattack that hit one of its suppliers, according to a Reuters report.The Hill
February 28, 2022 – Government
CISA Warns of High-Severity Flaws in Schneider and GE Digital’s SCADA Software Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system ( ICS ) advisory related to multiple vulnerabilities impacting Schneider Electric's Easergy medium voltage protection relays. "Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to gain full control of the relay," the agency said in a bulletin on February 24, 2022. "This could result in loss of protection to your electrical network." The two high-severity weaknesses impact Easergy P3 versions prior to v30.205 and Easergy P5 versions before v01.401.101. Details of the flaws are as follows – CVE-2022-22722 (CVSS score: 7.5) – Use of hardcoded credentials that could be abused to observe and manipulate traffic associated with the device. CVE-2022-22723 and CVE-2022-22725 (CVSS score: 8.8) – A buffer overflow vulnerability that could resuThe Hacker News
February 28, 2022 – Breach
Anonymous hit Russian Nuclear Institute and leak stolen data Full Text
Abstract
Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses. Anonymous and numerous hacker groups linked to the popular collective continue to launch cyber...Security Affairs
February 28, 2022 – Attack
Microsoft: Ukraine hit with new FoxBlade malware hours before invasion Full Text
Abstract
Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia's invasion of Ukraine on February 24th.BleepingComputer
February 28, 2022 – Botnet
Electron Bot Leverages Microsoft App Store to Pierce Social Media Accounts Full Text
Abstract
An SEO poisoning bot has been taking over social media accounts and masquerading as the Temple Run game. The bot targets multiple social media accounts such as Facebook, Google, and SoundCloud.Cyware Alerts - Hacker News
February 28, 2022 – Botnet
Reborn of Emotet: New Features of the Botnet and How to Detect it Full Text
Abstract
One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues in the industry were among the first to notice the emergence of Emotet's malicious documents. First Emotet malicious documents And this February, we can see a very active wave with crooks running numerous attacks, hitting the top in the rankings. If you are interested in this topic or researching malware, you can make use of the special help of ANY.RUN , the interactive sandbox for the detection and analysis of cyber threats. Let's look at the new version's changes that this disruptive malware brought this time. Emotet history Emotet is a sophisticated, constantlyThe Hacker News
February 28, 2022 – Outage
Toyota Motors halted production due to a cyber attack on a supplier Full Text
Abstract
Japanese carmaker Toyota Motors was forced to stop car production due to a cyberattack against one of its suppliers. Japanese carmaker Toyota Motors was forced to halt its production due to a cyber attack that suffered by one of its suppliers, Kojima...Security Affairs
February 28, 2022 – Government
CISA and FBI warn of potential data wiping attacks spillover Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations that data wiping attacks targeting Ukraine could spill over to targets from other countries.BleepingComputer
February 28, 2022 – Attack
Defense Contractors Under Attack Using New SockDetour Backdoor Full Text
Abstract
The backdoor is associated with an APT campaign named TiltedTemple (aka DEV-0322). Recently, four defense contractors were targeted and one was compromised.Cyware Alerts - Hacker News
February 28, 2022 – Vulnerabilities
Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures Full Text
Abstract
Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security's co-founder Fabian Bräunlein said in a deep-dive published last week. Find My is Apple's asset tracking app that allows users to track the GPS location of iOS, iPadOS, macOS, watchOS devices, AirPods, AirTags as well as other supported third-party accessories through a connected iCloud account. It also enables users to view the location of others who have opted to share their location. This is far from the first time weaknesses have been uncovered in Apple's Find My system. In March 2021, the Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany (SEEMO) disclosed design and implementation flaws in the prThe Hacker News
February 28, 2022 – Criminals
Researcher leaked Conti’s internal chat messages in response to its support to Russia Full Text
Abstract
A Ukrainian researcher leaked tens of thousands of internal chat messages belonging to the Conti ransomware operation. A Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement...Security Affairs
February 28, 2022 – Malware
Chinese cyberspies target govts with their ‘most advanced’ backdoor Full Text
Abstract
Security researchers have discovered Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks that feature advanced threat detection capabilities.BleepingComputer
February 28, 2022 – Vulnerabilities
Vulnerabilities spotted in Gerbv could lead to code execution, information disclosure Full Text
Abstract
Cisco Talos recently discovered multiple vulnerabilities in the Gerbv file viewing software that could allow an attacker to execute arbitrary remote code or disclose sensitive information.Cisco Talos
February 28, 2022 – General
Security Affairs newsletter Round 355 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
February 28, 2022 – Criminals
Hackers to NVIDIA: Remove mining cap or we leak hardware data Full Text
Abstract
The Lapsus$ data extortion group has released what they claim to be data stolen from the Nvidia GPU designer. The cache is an archive that is almost 20GB large.BleepingComputer
February 28, 2022 – Outage
Camera Maker Axis Suffers Service Outage Following Cyberattack Full Text
Abstract
The Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday before it shut down all public-facing services globally to limit the impact of the attack.ZDNet
February 28, 2022 – APT
Iran-linked UNC3313 APT employed two custom backdoors against a Middle East gov entity Full Text
Abstract
An Iran-linked threat actor, tracked as UNC3313, was observed using two custom backdoor against an unnamed Middle East government entity. UNC3313 is an Iran-linked threat actor that was linked with "moderate confidence" to the MuddyWater nation-state...Security Affairs
February 28, 2022 – Attack
Ukraine says its ‘IT Army’ has taken down key Russian sites Full Text
Abstract
Key Russian websites and state online portals have been taken offline by attacks claimed by the Ukrainian cyber police force, which now openly engages in cyber-warfare.BleepingComputer
February 28, 2022 – Malware
Malicious Package Imitates Python Server Library to Spy on Users and Maintain Remote System Control Full Text
Abstract
The legitimate AIOHTTP library is a popular asynchronous HTTP Client/Server for the asyncio library and Python-based applications. The component receives over 9 million weekly downloads on average.Sonatype
February 28, 2022 – Attack
Insurance giant AON hit by a cyberattack over the weekend Full Text
Abstract
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.BleepingComputer
February 28, 2022 – APT
Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.Security Affairs
February 28, 2022 – Outage
Toyota halts production after reported cyberattack on supplier Full Text
Abstract
Giant Japanese automaker Toyota Motors has announced that it stopped car production operations. The outage was forced by a system failure at one of its suppliers of vital parts, Kojima Industries, which reportedly suffered a cyberattack.BleepingComputer
February 28, 2022 – Hacker
Meta: Ukrainian officials, military targeted by Ghostwriter hackers Full Text
Abstract
Facebook (now known as Meta) says it took down accounts used by a Belarusian-linked hacking group (UNC1151 or Ghostwriter) to target Ukrainian officials and military personnel on its platform.BleepingComputer
February 27, 2022 – Malware
Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API Full Text
Abstract
An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an uncategorized cluster it's tracking under the moniker UNC3313 , which it assesses with "moderate confidence" as associated with the MuddyWater state-sponsored group. "UNC3313 conducts surveillance and collects strategic information to support Iranian interests and decision-making," researchers Ryan Tomcik, Emiel Haeghebaert, and Tufail Ahmed said . "Targeting patterns and related lures demonstrate a strong focus on targets with a geopolitical nexus." In mid-January 2022, U.S. intelligence agencies characterized MuddyWater (aka Static Kitten, Seedworm, TEMP.Zagros, or Mercury) as a subordinate element of the Iranian Ministry of Intelligence andThe Hacker News
February 27, 2022 – Breach
Conti ransomware’s internal chats leaked after siding with Russia Full Text
Abstract
An angry member of the Conti ransomware operation has leaked over 60,000 private messages after the gang sided with Russia over the invasion of Ukraine.BleepingComputer
February 27, 2022 – General
2022 may be the year cybercrime returns its focus to consumers Full Text
Abstract
Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.BleepingComputer
February 27, 2022 – Ransomware
Researchers Find Similarities Between Dridex Trojan and Entropy Ransomware Full Text
Abstract
A pair of recent cyberattacks targeting a North American media organization and a regional government entity, had deployed the Dridex trojan on targeted systems before launching the Entropy ransomware.Cyware Alerts - Hacker News
February 27, 2022 – Breach
Anonymous breached the internal network of Belarusian railways Full Text
Abstract
The Anonymous hacker collective claims to have breached the Belarusian Railway's data-processing network. The Anonymous collective announced that the internal network of Belarusian railways has been compromised, the group claims to have blocked all services...Security Affairs
February 27, 2022 – Breach
Nvidia Breach Seen as Ransomware Attack Unconnected to Ukraine Full Text
Abstract
A cyber breach suffered by Nvidia Corp. in recent days appears to have been a ransomware attack that’s not connected to the crisis in Ukraine, according to a person familiar with the incident.Hindustan Times
February 27, 2022 – Government
Feb 7- Feb 27 Ukraine – Russia the silent cyber conflict Full Text
Abstract
This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of Russia - Ukraine cyber dispute February 27 - Ukraine: Volunteer IT Army is going to hit tens of Russian...Security Affairs
February 27, 2022 – Solution
New Chip Can Prevent Hackers From Extracting Hidden Information From Smart Devices Full Text
Abstract
MIT researchers developed an application-specific integrated circuit (ASIC) chip that can be implemented on an Internet-of-Things (IOT) device to defend against power-based side-channel attacks.scitechdaily
February 27, 2022 – Government
Ukraine: Volunteer IT Army is going to hit tens of Russian targets from this list Full Text
Abstract
Ukraine is recruiting a volunteer IT army composed of white hat hackers to launch attacks on a list of Russian entities. Ukraine is recruiting a volunteer IT army of cyber security experts and white hat hackers to launch cyberattacks on a list of Russian...Security Affairs
February 27, 2022 – Attack
Chipmaker giant Nvidia hit by a ransomware attack Full Text
Abstract
The chipmaker giant Nvidia was the victim of a ransomware attack that took down some of its systems for two days. The chipmaker giant Nvidia was victim of a ransomware attack that impacted some of its systems for teo days. The security breach is not connected...Security Affairs
February 26, 2022 – Government
Cyber officials urge agencies to armor up for potential Russian attacks Full Text
Abstract
U.S. cybersecurity officials are urging federal agencies and large organizations to remain vigilant against the threat of Russian cyberattacks amid the country’s ongoing invasion of Ukraine.The Hill
February 26, 2022 – Malware
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store Full Text
Abstract
A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent campaigns. The identity of the attackers is not known, but evidence suggests that they could be based out of Bulgaria. "Electron Bot is a modular SEO poisoning malware, which is used for social media promotion and click fraud," Check Point's Moshe Marelus said in a report published this week. "It is mainly distributed via the Microsoft store platform and dropped from dozens of infected applications, mostly games, which are constantly uploaded by the attackers." The first sign of malicious activity commenced as an ad clicker campaign that was discovered in OThe Hacker News
February 26, 2022 – Government
Ukraine recruits “IT Army” to hack Russian entities, lists 31 targets Full Text
Abstract
Ukraine is recruiting a volunteer "IT army" of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks.BleepingComputer
February 26, 2022 – Solution
Free Android app lets users detect Apple AirTag tracking Full Text
Abstract
A small team of researchers at the Darmstadt University in Germany have published a report illustrating how their AirGuard app for Android provides better protection from stealthy AirTag stalking than other apps.BleepingComputer
February 26, 2022 – Malware
Fileless SockDetour backdoor targets U.S.-based defense contractors Full Text
Abstract
Researchers provided details about a stealthy custom malware dubbed SockDetour that targeted U.S.-based defense contractors. Cybersecurity researchers from Palo Alto Networks' Unit 42 have analyzed a previously undocumented and custom backdoor tracked...Security Affairs
February 26, 2022 – Government
Russia restricts Twitter in the country amid conflict with Ukraine Full Text
Abstract
Global internet monitor working group NetBlocks reported that Twitter has been restricted in Russia amid conflict with Ukraine. Global internet monitor working organization NetBlocks shared its metrics confirming the restriction of Twitter in Russia...Security Affairs
February 26, 2022 – Attack
Anonymous hacked the Russian Defense Ministry and is targeting Russian companies Full Text
Abstract
Anonymous collective has hacked the Russian Defense Ministry and leaked the data of its employees in response to the Ukraine invasion. A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion...Security Affairs
February 26, 2022 – Government
UK’s NHS Digital warns of an RCE in Okta Advanced Server Access client Full Text
Abstract
The UK's NHS Digital agency warns of an RCE in the Windows client for the Okta Advanced Server Access authentication management platform. The UK's NHS Digital agency published a security advisory to warn organizations of a remote code execution flaw,...Security Affairs
February 26, 2022 – Attack
Nvidia confirms it’s investigating an ‘incident,’ reportedly a cyberattack Full Text
Abstract
Nvidia confirmed that it was investigating an “incident” — hours after media reported that the graphics chipmaking giant had experienced a devastating cyberattack that “completely compromised” the company’s internal systems over the past two days.The Verge
February 25, 2022 – Criminals
TrickBot malware operation shuts down, devs move to BazarBackdoor Full Text
Abstract
The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.BleepingComputer
February 25, 2022 – Malware
New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors Full Text
Abstract
Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the primary one fails," Palo Alto Networks' Unit 41 threat intelligence said in a report published Thursday. "It is difficult to detect, since it operates filelessly and socketlessly on compromised Windows servers." Even more concerningly, SockDetour is believed to have been used in attacks since at least July 2019, based on a compilation timestamp on the sample, implying that the backdoor successfully managed to slip past detection for over two-and-a-half years. The attacks have been attributed to a threat cluster it tracks as TiltedTemple (aka DEV-0322 by MicrosofThe Hacker News
February 25, 2022 – Government
Ukraine calls on independent hackers to defend against Russia, Russian underground responds Full Text
Abstract
While Ukraine calls for hacker underground to defend against Russia, ransomware gangs make their moves. Ukraine's government is asking for volunteers from the hacker underground to provide their support in protecting critical infrastructure and carry...Security Affairs
February 25, 2022 – Criminals
TrickBot Takes a Break, Leaving Researchers Scratching Their Heads Full Text
Abstract
The infamous trojan is likely making some major operational changes, researchers believe.Threatpost
February 25, 2022 – Attack
GPU giant Nvidia is investigating a potential cyberattack Full Text
Abstract
US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days.BleepingComputer
February 25, 2022 – Hacker
Multiple Hacking Groups Targeting ICS/OT Systems Full Text
Abstract
A new report on industrial cybersecurity has revealed three new threat groups, besides LockBit 2.0 and Conti, that have been targeting the industrial sector. Experts spotted three new groups Petrovite, Kostovite, and Erythrite, that have been targeting ICS/OT systems. To protect from threats, ... Read MoreCyware Alerts - Hacker News
February 25, 2022 – Attack
Iran’s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks Full Text
Abstract
Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies said . The joint advisory comes courtesy of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the U.K.'s National Cyber Security Centre (NCSC). The cyberespionage actor was outed this year as conducting malicious operations as part of Iran's Ministry of Intelligence and Security (MOIS) targeting a wide range of government and private-sector organizations, including telecommunications, defense, local government, and oil and natural gas sectors, in Asia, AfricThe Hacker News
February 25, 2022 – APT
Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing Full Text
Abstract
The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts...Security Affairs
February 25, 2022 – Criminals
Ransomware gangs, hackers pick sides over Russia invading Ukraine Full Text
Abstract
Hacker crews are picking sides as the Russian invasion into Ukraine continues, issuing bans and threats for supporters of the opposite side.BleepingComputer
February 25, 2022 – Attack
Russian Sandworm Distributes New Cyclops Blink Malware Full Text
Abstract
The U.S. and U.K released a joint security advisory warning that Russian-backed Sandworm has started using a new malware, dubbed Cyclops Blink. The group has mostly deployed the Cyclops Blink to WatchGuard devices. The joint advisory recommends referring to indicators of compromise and provides gui ... Read MoreCyware Alerts - Hacker News
February 25, 2022 – Government
Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks Full Text
Abstract
The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National Computer Incident Response and Coordination Center said that the "attacks can be aimed at disrupting the functioning of important information resources and services, causing reputational damage, including for political purposes." "Any failure in the operation of [critical information infrastructure] objects due to a reason that is not reliably established, first of all, should be considered as the result of a computer attack," the agency added. Furthermore, it notified of possible influence operations undertaken to "form a negative image of the Russian Federation in the eyes of the world community," echoing a similar alert released by the UThe Hacker News
February 25, 2022 – Attack
Anonymous launched its offensive on Russia in response to the invasion of Ukraine Full Text
Abstract
The popular collective Anonymous declared war on Russia for the illegitimate invasion of Ukraine and announced a series of cyber attacks calling to action its members The Anonymous collective is calling to action against Russia following the illegitimate...Security Affairs
February 25, 2022 – Government
NHS urges orgs to apply security update for Okta Client RCE bug Full Text
Abstract
The UK's NHS Digital agency is warning organizations to apply new security updates for a remote code execution vulnerability in the Windows client for the Okta Advanced Server Access authentication management platform.BleepingComputer
February 25, 2022 – Business
Email Security and Brand Protection Firm Red Sift Raises $54 Million Full Text
Abstract
The latest funding round was led by Highland Europe, with participation from new and existing investors, including Sands Capital, MMC Ventures, and Oxford Capital Partners.Security Week
February 25, 2022 – Malware
US and UK details a new Python backdoor used by MuddyWater APT group Full Text
Abstract
US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT. CISA, the FBI, the US Cyber Command's Cyber National Mission Force (CNMF), UK's National Cyber Security Centre (NCSC-UK), and the NSA, and law enforcement...Security Affairs
February 25, 2022 – Privacy
Visual Voice Mail on Android may be vulnerable to eavesdropping Full Text
Abstract
A security analyst has devised a way to capture Visual Voice Mail (VVM) credentials on Android devices and then remotely listen to voicemail messages without the victim's knowledge.BleepingComputer
February 25, 2022 – Outage
Official website of Russian Parliament, MoD and Kremlin go offline Full Text
Abstract
The affected websites include the Kremlin (kremlin.ru) which is the official website of President Vladimir Putin, the Russian Ministry of Defense, and the official website of the Russian parliament.Hackread
February 25, 2022 – Malware
Jester Stealer malware adds more capabilities to entice hackers Full Text
Abstract
An infostealing piece of malware called Jester Stealer has been gaining popularity in the underground cybercrime community for its functionality and affordable prices.BleepingComputer
February 25, 2022 – Business
Integrity360 acquires Caretower to strengthen its cybersecurity services Full Text
Abstract
Ireland-based Integrity360 and Caretower announced that they have joined forces with Caretower becoming an Integrity360 company. The terms of the transaction were not disclosed.Help Net Security
February 25, 2022 – Phishing
Ukraine links phishing targeting military to Belarusian hackers Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.BleepingComputer
February 25, 2022 – Breach
Data Breach Impacts DNA Data of Sexual Assault Victims Reported to Oklahoma City Police Department Full Text
Abstract
The laboratory processed the DNA evidence from rape victims, known as ‘rape kits’, for the Oklahoma City Police Department (OKCPD), amongst other clients, over a two-year period.The Daily Swig
February 25, 2022 – Government
CISA warns of actively exploited vulnerabilities in Zabbix servers Full Text
Abstract
A notification from the U.S. Cybersecurity Infrastructure and Security Agency (CISA) warns that threat actors are exploiting vulnerabilities in the Zabbix open-source tool for monitoring networks, servers, virtual machines, and cloud services.BleepingComputer
February 25, 2022 – Vulnerabilities
GE SCADA Product Vulnerabilities Show Importance of Secure Configurations Full Text
Abstract
GE Digital has released patches for two high-severity vulnerabilities affecting its Proficy CIMPLICITY HMI/SCADA software, which is used by plants globally to monitor and control operations.Security Week
February 24, 2022 – Malware
Microsoft App Store Sizzling with New ‘Electron Bot’ Malware Full Text
Abstract
The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run.Threatpost
February 24, 2022 – Attack
Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins Full Text
Abstract
A targeted phishing attack takes aim at a major U.S. payments company.Threatpost
February 24, 2022 – Botnet
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure Full Text
Abstract
The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot is gone... It is official now as of Thursday, February 24, 2022. See you soon... or not," AdvIntel's CEO Vitali Kremez tweeted . "TrickBot is gone as it has become inefficient for targeted intrusions." Attributed to a Russia-based criminal enterprise called Wizard Spider , TrickBot started out as a financial trojan in late 2016 and is a derivative of another banking malware called Dyre that was dismantled in November 2015. Over the years, it morphed into a veritable Swiss Army knife of malicious capabilities, enabling threat actors to steal information via web injects and drop additional payloads. TrickBot's activities took a noticeable hit in October 20The Hacker News
February 24, 2022 – Vulnerabilities
New Flaws Discovered in Cisco’s Network Operating System for Switches Full Text
Abstract
Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data. "An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device," Cisco said. "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system." The flaw impacts Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, and Nexus 9000 Series Switches in standalone NX-OS mode running Cisco NX-OS Software that have the NX-API feature enabled. Also patched are two high-severity denThe Hacker News
February 24, 2022 – Attack
US defense contractors hit by stealthy SockDetour Windows backdoor Full Text
Abstract
A new custom malware dubbed SockDetour found on systems belonging to US defense contractors has been used as a backup backdoor to maintain access to compromised networks.BleepingComputer
February 24, 2022 – Malware
US and UK expose new malware used by MuddyWater hackers Full Text
Abstract
US and UK cybersecurity and law enforcement agencies today shared info on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide.BleepingComputer
February 24, 2022 – Business
eSentire Raises US$325M in Funding Full Text
Abstract
The MDR provider eSentire raised US$325M in private equity funding. The round was led by Georgian, with participation from Caisse de dépot et placement du Québec (CDPQ) and Warburg Pincus.FinSMEs
February 24, 2022 – General
Hillicon Valley — Social media platforms take action on Ukraine Full Text
Abstract
Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 24, 2022 – Criminals
TrickBot Gang Likely Shifting Operations to Switch to New Malware Full Text
Abstract
TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that's used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaigns is "partially due to a big shift from Trickbot's operators, including working with the operators of Emotet," researchers from Intel 471 said in a report shared with The Hacker News. The last set of attacks involving TrickBot were registered on December 28, 2021, even as command-and-control (C2) infrastructure associated with the malware has continued to serve additional plugins and web injects to infected nodes in the botnet. Interestingly, the decrease in the volume of the campaigns has also been accompanied by the TrickBot gang working closely with the operators of Emotet , which witnessed a resurgence late last year after a 10-month-long break following law enThe Hacker News
February 24, 2022 – Government
CISA adds two Zabbix flaws to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
US CISA added two flaws impacting Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities impacting the Zabbix infrastructure...Security Affairs
February 24, 2022 – General
The Harsh Truths of Cybersecurity in 2022, Part II Full Text
Abstract
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.Threatpost
February 24, 2022 – Attack
Microsoft Exchange servers hacked to deploy Cuba ransomware Full Text
Abstract
The Cuba ransomware operation is exploiting Microsoft Exchange vulnerabilities to gain initial access to corporate networks and encrypt devices.BleepingComputer
February 24, 2022 – Business
Cloudflare acquires Area 1 Security for $162 million Full Text
Abstract
Cloudflare announced that it is acquiring Area 1 Security for approximately $162 million. Area 1 Security has a cloud-native platform built to work alongside email programs to stop phishing attacks.ZDNet
February 24, 2022 – General
From Pet Systems to Cattle Farm — What Happened to the Data Center? Full Text
Abstract
There's something about craftsmanship. It's personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings. The story of data centers is one of going from craftsmanship – where every individual machine is a pet project, maintained with great care – to mass production with big server farms where individual units are completely disposable. In this article, we take a look at how data centers have changed shape over the decades. We examine the implications for data center workloads, and for the people that run them – who have now lost their pet systems. We'll also review the cybersecurity implications of the new data center landscape. Pet system with a big purpose For any sysadmin who started their career before the advent of virtualization and other cloud and automation technologies, systems were finely crafted pieces of hardware – andThe Hacker News
February 24, 2022 – Attack
Data wiper attacks on Ukraine were planned at least in November and used ransomware as decoy Full Text
Abstract
Experts reported that the wiper attacks that yesterday hit hundreds of systems in Ukraine used a GoLang-based ransomware decoy. Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data...Security Affairs
February 24, 2022 – Education
Web Filtering and Compliances for Wi-Fi Providers Full Text
Abstract
Demand for public Wi-Fi is on the rise. Usually free of charge, but there is a risk of expensive losses. Learn ways to protect yourself from cyber-threats.Threatpost
February 24, 2022 – Attack
Defense contractors hit by stealthy SockDetour Windows backdoor Full Text
Abstract
A new custom malware dubbed SockDetour found on systems belonging to US defense contractors has been used as a backup backdoor to maintain access to compromised networks.BleepingComputer
February 24, 2022 – Business
anecdotes Raises $25 Million for Its Compliance OS Platform Full Text
Abstract
The new funding round was led by Red Dot Capital Partners and received participation from Aleph, Glilot Capital Partners, Shasta Ventures, and Vintage Investment Partners.Security Week
February 24, 2022 – Ransomware
Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices Full Text
Abstract
ASUSTOR network-attached storage (NAS) devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances . In response to the infections, the company has released firmware updates ( ADM 4.0.4.RQO2 ) to "fix related security issues." The company is also urging users to take the following actions to keep data secure – Change your password Use a strong password Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively Change web server ports (Default ports are 80 and 443) Turn off Terminal/SSH and SFTP services and other services you do not use, and Make regular backups and ensure backups are up to date The attacks primarily affect internet-exposed ASUSTOR NAS models running ADM operating systems including, but not limited to, AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T. Much like the intrusions targeting QNAP NAS devices, the threat actors claim tThe Hacker News
February 24, 2022 – Vulnerabilities
Deadbolt Ransomware targets Asustor and QNap NAS Devices Full Text
Abstract
Deadbolt ransomware operators are targeting Asustor NAS (network-attached storage) appliances. Storage solutions provider Asustor is warning its customers of a wave of Deadbolt ransomware attacks targeting its NAS devices. Since January, DeadBolt...Security Affairs
February 24, 2022 – Education
The Art of Non-boring Cybersec Training–Podcast Full Text
Abstract
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.Threatpost
February 24, 2022 – Attack
Ransomware used as decoy in data-wiping attacks on Ukraine Full Text
Abstract
The new data wiper malware deployed on Ukrainian networks in destructive attacks on Wednesday right before Russia invaded Ukraine earlier today was, in some cases, accompanied by a GoLang-based ransomware decoy.BleepingComputer
February 24, 2022 – Government
Top US senator warns Putin cyberattacks could trigger bigger war Full Text
Abstract
The recent DDoS attacks in Ukraine were significant, but nowhere near the scale of the massive Russian cyberattacks U.S. officials fear could stop communications and shut down critical infrastructure.Axios
February 24, 2022 – Government
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog . On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8, 2022 to reduce their exposure to potential cyberattacks. Tracked as CVE-2022-23131 (CVSS score: 9.8) and CVE-2022-23134 (CVSS score: 5.3), the shortcomings could lead to the compromise of complete networks, enabling a malicious unauthenticated actor to escalate privileges and gain admin access to the Zabbix Frontend as well as make configuration changes. Thomas Chauchefoin from SonarSource has been credited with discovering and reporting the two flaws, which affect Zabbix Web Frontend versions up to and including 5.4.8, 5.0.18 and 4.0.36. The issues have since been addressed in versThe Hacker News
February 24, 2022 – Malware
New Wiper Malware HermeticWiper targets Ukrainian systems Full Text
Abstract
Cybersecurity experts discovered a new data wiper malware that was used in attacks against hundreds of machines in Ukraine. The threat of hybrid warfare is reality, Russia-linked APT group have supported the operations of the Russian army while...Security Affairs
February 24, 2022 – Malware
Malware infiltrates Microsoft Store via clones of popular games Full Text
Abstract
A malware named Electron Bot has found its way into Microsoft's Official Store through clones of popular games such as Subway Surfer and Temple Run, leading to the infection of 5,000 computers in Sweden, Israel, Spain, and Bermuda.BleepingComputer
February 24, 2022 – Botnet
U.S., U.K. Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices Full Text
Abstract
Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices," the agencies said . "In common with VPNFilter, Cyclops Blink deployment also appears indiscriminate and widespread." The joint government advisory comes from the U.K. National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) in the U.S. Sandworm , aka Voodoo Bear, is the name assigned to a highly advanced adversary operating out of Russia that's known to be active since at least 2008.The Hacker News
February 24, 2022 – Hacker
US and UK link new Cyclops Blink malware to Russian state hackers Full Text
Abstract
UK and US cybersecurity agencies linked Cyclops Blink malware to Russia's Sandworm APT US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed...Security Affairs
February 24, 2022 – Phishing
Citibank phishing baits customers with fake suspension alerts Full Text
Abstract
An ongoing large-scale phishing campaign is targeting customers of Citibank, requesting recipients to disclose sensitive personal details to lift alleged account holds.BleepingComputer
February 23, 2022 – Encryption
Samsung Shattered Encryption on 100M Phones Full Text
Abstract
One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ’embarrassingly bad.’Threatpost
February 23, 2022 – Attack
Sextortion Rears Its Ugly Head Again Full Text
Abstract
Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence."Threatpost
February 23, 2022 – Malware
New Wiper Malware Targeting Ukraine Amid Russia’s Military Operation Full Text
Abstract
Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper " HermeticWiper " (aka KillDisk.NCV ), with one of the malware samples compiled on December 28, 2021, implying that preparations for the attacks may have been underway for nearly two months. "The wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd," ESET said in a series of tweets. "The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper reboots [the] computer." Specifically, HermeticWiper is delivered via the benign but signed EaseUS partition management driver that then proceeds to impair the first 512 bytes, the Master Boot Record ( MBR ) for every physThe Hacker News
February 23, 2022 – Vulnerabilities
NSA-linked Bvp47 Linux backdoor widely undetected for 10 years Full Text
Abstract
A report released today dives deep into technical aspects of a Linux backdoor now tracked as Bvp47 that is linked to the Equation Group, the advanced persistent threat actor tied to the U.S. National Security Agency.BleepingComputer
February 23, 2022 – Phishing
New Phishing Technique Uses Remote Access Software Full Text
Abstract
Security researchers discovered a new phishing technique wherein adversaries bypass MFA using the VNC screen sharing system without victims logging into their accounts. The demonstrated phishing technique has not been used in real-world attacks yet. However, the researcher suspects that it could be ... Read MoreCyware Alerts - Hacker News
February 23, 2022 – Outage
Ukraine government websites down in latest cyberattack Full Text
Abstract
Several Ukrainian government websites were down following a cyberattack on Wednesday, a Ukrainian official confirmed on Telegram, with banks' websites also affected.The Hill
February 23, 2022 – Vulnerabilities
Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor Full Text
Abstract
Pangu Lab researchers disclosed details of the Bvp47 backdoor that was used by the US NSA Equation Group. Researchers from The China's Pangu Lab have disclosed details of a Linux top-tier APT backdoor, tracked as Bvp47, which is associated with the U.S....Security Affairs
February 23, 2022 – Criminals
Network hackers focus on selling high-value targets in the U.S. Full Text
Abstract
A Crowdstrike report looking into access brokers' advertisements since 2019 has identified a preference in academic, government, and technology entities based in the United States.BleepingComputer
February 23, 2022 – APT
Operation Cache Panda - Chinese APT10 Targets Taiwan Full Text
Abstract
Taiwanese cybersecurity firm CyCraft attributed months-long attacks against Taiwan’s financial sector to the APT10 group (aka Stone Panda or Bronze Riverside), which is affiliated with the Chinese government.Cyware Alerts - Hacker News
February 23, 2022 – Ransomware
Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp? Full Text
Abstract
The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. Experts from Sophos analyzed the code...Security Affairs
February 23, 2022 – Attack
New data-wiping malware used in destructive attacks on Ukraine Full Text
Abstract
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.BleepingComputer
February 23, 2022 – General
Social Media Attacks Double, Financial Sector Suffers Most - Report Full Text
Abstract
As per the Quarterly Threat Trends & Intelligence Report by PhishLabs, social media threats increased by 103% from January to December 2021. In December, organizations witnessed an average of 68 attacks per month.Cyware Alerts - Hacker News
February 23, 2022 – Ransomware
Ransomware extortion doesn’t stop after paying the ransom Full Text
Abstract
A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.BleepingComputer
February 23, 2022 – Government
CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool Full Text
Abstract
Tracked as CVE-2022-23131 and CVE-2022-23134, the two flaws could be exploited to bypass authentication and gain admin privileges, which could then allow an attacker to execute arbitrary commands.Security Week
February 23, 2022 – Policy and Law
Nigerian hacker pleads guilty to stealing payroll deposits Full Text
Abstract
A Nigerian national named Charles Onus has pled guilty in the District Court of the Southern District of New York to hacking into a payroll company's user accounts and stealing payroll deposits.BleepingComputer
February 23, 2022 – Attack
Kostovite, Petrovite, and Erythrite Hacking Groups are Striking Industrial, Operational Technology Systems Full Text
Abstract
Three new threat groups targeting firms in the industrial sector have appeared but over half of all attacks are the work of only two known cybercriminal outfits, researchers say.ZDNet
February 23, 2022 – Attack
DeadBolt ransomware now targets ASUSTOR devices, asks 50 BTC for master key Full Text
Abstract
The DeadBolt ransomware is now targeting ASUSTOR NAS devices by encrypting files and demanding a $1,150 ransom in bitcoins.BleepingComputer
February 23, 2022 – Denial Of Service
Ukrainian government and banks once again hit by DDoS attacks Full Text
Abstract
The sites of several Ukrainian government agencies (including the Ministries of Foreign Affairs, Defense, and Internal Affairs, the Security Service, and the Cabinet of Ministers), and of the two largest state-owned banks are again targeted by Distributed Denial-of-Service (DDoS) attacks.BleepingComputer
February 23, 2022 – Hacker
US, UK link new Cyclops Blink malware to Russian state hackers Full Text
Abstract
New malware dubbed Cyclops Blink has been linked to the Russian-backed Sandworm hacking group in a joint security advisory published today by US and UK cybersecurity and law enforcement agencies.BleepingComputer
February 23, 2022 – Solution
Microsoft Defender for Cloud can now protect Google Cloud resources Full Text
Abstract
Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform (GCP) environments, providing security recommendations and threat detection across clouds.BleepingComputer
February 23, 2022 – General
FTC: Americans report losing over $5.8 billion to fraud in 2021 Full Text
Abstract
The US Federal Trade Commission (FTC) said today that Americans reported losses of more than $5.8 billion to fraud during last year, a massive total increase of over 70% compared to the losses reported in 2020.BleepingComputer
February 23, 2022 – Ransomware
Entropy ransomware linked to Evil Corp’s Dridex malware Full Text
Abstract
Analysis of the recently-emerged Entropy ransomware reveals code-level similarities with the general purpose Dridex malware that started as a banking trojan.BleepingComputer
February 23, 2022 – Ransomware
LockBit, Conti most active ransomware targeting industrial sector Full Text
Abstract
Ransomware attacks extended into the industrial sector last year to such a degree that this type of incident became the number one threat in the industrial sector.BleepingComputer
February 23, 2022 – Vulnerabilities
Flawed Encryption Could Enable Initialization Vector Reuse Attacks on Samsung Smartphones Full Text
Abstract
Samsung failed to implement Keymaster TA properly in Galaxy S series phones, meaning one could launch an Initialization Vector reuse attack to obtain the keys from the hardware-protected key blobs.The Register
February 23, 2022 – Malware
Dridex Malware Deploying Entropy Ransomware on Hacked Computers Full Text
Abstract
Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy , suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API calls), and in the subroutines used to decrypt encrypted text," cybersecurity firm Sophos said in a report shared with The Hacker News. The commonalities were uncovered following two unrelated incidents targeting an unnamed media company and a regional government agency. In both cases, the deployment of Entropy was preceded by infecting the target networks with Cobalt Strike Beacons and Dridex, granting the attackers remote access. Despite consistency in some aspects of the twin attacks, they also varied significantly with regards to the initial access vector used to worm their way insThe Hacker News
February 23, 2022 – Vulnerabilities
Horde Webmail Software is affected by a dangerous bug since 2012 Full Text
Abstract
Experts found a nine-year-old unpatched flaw in the Horde Webmail software that could allow access to email accounts. A feature in the Horde Webmail is affected by a nine-year-old unpatched security vulnerability that could be abused to gain complete...Security Affairs
February 23, 2022 – Malware
New Variant of CryptBot Targets All Chrome Versions Full Text
Abstract
Security experts spotted a new version of the CryptBot infostealer that is offering free download versions of cracked games and pro-grade software. Its operators are using search engine optimization to rank up the distribution sites to display them at top of Google search results, allowing increase ... Read MoreCyware Alerts - Hacker News
February 23, 2022 – Malware
Chinese Experts Uncover Details of Equation Group’s Bvp47 Covert Hacking Tool Full Text
Abstract
Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group , an advanced persistent threat (APT) with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency (NSA). Dubbed " Bvp47 " owing to numerous references to the string "Bvp" and the numerical value "0x47" used in the encryption algorithm, the backdoor was extracted from Linux systems "during an in-depth forensic investigation of a host in a key domestic department" in 2013. Pangu Lab codenamed the attacks involving the deployment of Bvp47 "Operation Telescreen," with the implant featuring an "advanced covert channel behavior based on TCP SYN packets, code obfuscation, system hiding, and self-destruction design." The Shadow Brokers leaks Equation Group , designated as the " crown creator of cyber espionage " by Russian security firm Kaspersky, iThe Hacker News
February 23, 2022 – Attack
Iranian Broadcaster IRIB hit by wiper malware Full Text
Abstract
Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed...Security Affairs
February 23, 2022 – Malware
Xenomorph Trojan Spreading via Play Store Full Text
Abstract
A new banking trojan called Xenomorph was found distributing via Google Play Store in the form of fake performance-boosting apps, targeting European banks. It comes with a modular engine that abuses accessibility services, which may allow advanced capabilities. Experts recommend using an anti-malwa ... Read MoreCyware Alerts - Hacker News
February 23, 2022 – Vulnerabilities
Researchers Bypass Stalking Protections on Apple Airtags Clones Using Find My Protocol Full Text
Abstract
Source code for an Airtag clone was published online by Positive Security, which said its tags "successfully tracked an iPhone user... for over five days without triggering a tracking notification."The Register
February 23, 2022 – Phishing
Hackers tried to shatter the spine of global supply chains in 2021 Full Text
Abstract
IBM researchers say that phishing remains the most common attack vector for cyberattacks but there has also been a 33% increase in the use of vulnerabilities against unpatched systems.ZDNet
February 23, 2022 – Government
USA to attack bad cyber actors if it protects victims Full Text
Abstract
The DoJ has revealed new policies that may see it undertake pre-emptive action against cyber threats. Such actions will be undertaken if the DoJ feels that action can reduce risks for victims.The Register
February 23, 2022 – Education
Why DevOps pipelines are under attack and how to fight back Full Text
Abstract
Software developers often have high permission levels and access privileges. If the software being produced is designed for external consumption, the impact of breaches can be dramatically greater.CSO Online
February 22, 2022 – Government
Cybersecurity Tools Lie Unused in Federal Agencies’ Toolboxes Full Text
Abstract
Many federal agencies have existing authority that could be leveraged to improve the cybersecurity of private actors under their jurisdiction.Lawfare
February 22, 2022 – General
Gaming, Banking Trojans Dominate Mobile Malware Scene Full Text
Abstract
The overall number of attacks on mobile users is down, but they’re getting slicker, both in terms of malware functionality and vectors, researchers say.Threatpost
February 22, 2022 – Phishing
Devious phishing method bypasses MFA using remote access software Full Text
Abstract
A devious new phishing technique allows attackers to bypass MFA by secretly having victims log in to their accounts directly on attacker-controlled servers using VNC.BleepingComputer
February 22, 2022 – Breach
Cyberattackers Cook Up Employee Personal Data Heist for Meyer Full Text
Abstract
The Conti gang breached the cookware giant’s network, prepping thousands of employees’ personal data for consumption by cybercrooks.Threatpost
February 22, 2022 – Solution
Google Chrome to allow users to add notes to saved passwords Full Text
Abstract
Google is testing a new Chrome feature that allows users to add notes on passwords saved in the web browser.BleepingComputer
February 22, 2022 – Vulnerabilities
9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software Full Text
Abstract
Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization," SonarSource vulnerability researcher, Simon Scannell, said in a report. An " all volunteer project ," the Horde Project is a free, browser-based communication suite that allows users to read, send, and organize email messages as well as manage and share calendars, contacts, tasks, notes, files, and bookmarks. The flaw, which was introduced as part of a code change pushed on November 30, 2012, relates to a case of an "unusual" stored cross-site scripting flaw (aka persistent XSS) that allows an adversary to cThe Hacker News
February 22, 2022 – Attack
Threat actors target poorly protected Microsoft SQL Servers Full Text
Abstract
Threat actors install Cobalt Strike beacons on vulnerable Microsoft SQL Servers to achieve a foothold in the target network. Researchers from Ahn Lab's ASEC spotted a new wave of attacks deploying Cobalt Strike beacons on vulnerable Microsoft SQL Servers...Security Affairs
February 22, 2022 – Attack
Vulnerable Microsoft SQL Servers targeted with Cobalt Strike Full Text
Abstract
Threat analysts have observed a new wave of attacks installing Cobalt Strike beacons on vulnerable Microsoft SQL Servers, leading to deeper infiltration and subsequent malware infections.BleepingComputer
February 22, 2022 – Malware
25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository Full Text
Abstract
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.js, crypto-js, discord.js, marked, and noblox.js , DevOps security firm JFrog said, attributing the packages as the work of "novice malware authors." The complete list of packages is below – node-colors-sync (Discord token stealer) color-self (Discord token stealer) color-self-2 (Discord token stealer) wafer-text (Environment variable stealer) wafer-countdown (Environment variable stealer) wafer-template (Environment variable stealer) wafer-darla (Environment variable stealer) lemaaa (Discord token stealer) adv-discord-utility (Discord token stealer) tools-for-discord (Discord tThe Hacker News
February 22, 2022 – Attack
Cookware giant Meyer Corporation discloses cyberattack Full Text
Abstract
US cookware distributor giant Meyer Corporation discloses a data breach that affected thousands of its employees. Meyer Corporation, the second-largest cookware distributor globally, has disclosed a data breach that affects thousands of its employees. The...Security Affairs
February 22, 2022 – Criminals
Police bust phishing group that used 40 sites to steal credit cards Full Text
Abstract
The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites.BleepingComputer
February 22, 2022 – Criminals
Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace Full Text
Abstract
Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. NFTs , short for non-fungible tokens, are digital tokens that act like certificates of authenticity for, and in some cases represent ownership of, assets that range from expensive illustrations to collectibles and physical goods. The opportunistic social engineering scam swindled the users by using the same email from OpenSea notifying users about the upgrade, with the copycat email redirecting the victims to a lookalike webpage, prompting them to sign a seemingly legitimate transaction, only to steal all the NFTs in one go. "By signing the transaction, an atomicMatch_ request would be sent to the attacker contract," Check Point researchers explained . "From there, the atomicMatch_ would be forwarded to the OpenSea contract," leading tThe Hacker News
February 22, 2022 – Criminals
Police dismantled a gang that used phishing sites to steal credit cards Full Text
Abstract
The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks. The cybercrime unit of the Ukrainian police has arrested a group of cybercriminals who managed to steal payment card data from at least...Security Affairs
February 22, 2022 – Attack
Chinese Hackers Target Taiwan’s Financial Trading Sector with Supply Chain Attack Full Text
Abstract
An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a threat actor tracked as APT10 , also known as Stone Panda, the MenuPass group, and Bronze Riverside, and known to be active since at least 2009. The second wave of attacks hit a peak between February 10 and 13, 2022, according to a new report published by Taiwanese cybersecurity firm CyCraft, which said the wide-ranging supply chain compromise specifically targeted the software systems of financial institutions, resulting in "abnormal cases of placing orders." The infiltration activity, codenamed " Operation Cache Panda ," exploited a vulnerability in the web management interface of the unnamed securities software that has a market share of over 80% in Taiwan, usiThe Hacker News
February 22, 2022 – APT
China-linked APT10 Target Taiwan’s financial trading industry Full Text
Abstract
China-linked APT group APT10 (aka Stone Panda, Bronze Riverside) targets Taiwan's financial trading sector with a supply chain attack. The campaign was launched by the APT10 group started in November 2021, but it hit a peak between 10 and 13 2022,...Security Affairs
February 22, 2022 – Attack
A cyber attack heavily impacted operations of Expeditors International Full Text
Abstract
American worldwide logistics and freight forwarding company Expeditors International shuts down global operations after cyber attack American logistics and freight forwarding company Expeditors International was hit by a cyberattack over the weekend...Security Affairs
February 21, 2022 – Attack
Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike Full Text
Abstract
Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers," South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published Monday. Cobalt Strike is a commercial, full-featured penetration testing framework that allows an attacker to deploy an agent named "Beacon" on the victim machine, granting the operator remote access to the system. Although billed as a red team threat simulation platform, cracked versions of the software have been actively used by a wide range of threat actors. Intrusions observed by ASEC involve the unidentified actor scanning port 1433 to check for exposed MS SQL sThe Hacker News
February 21, 2022 – Outage
Expeditors shuts down global operations after likely ransomware attack Full Text
Abstract
Seattle-based logistics and freight forwarding company Expeditors International has been targeted in a cyberattack over the weekend that forced the organization to shut down most of its operations worldwide.BleepingComputer
February 21, 2022 – Solution
Cracking the Code - Researchers Decrypt Hive Ransomware Full Text
Abstract
Researchers identified a bug in the encryption algorithm of Hive ransomware, allowing white hat researchers to decrypt data without the need for any private key. Researchers could weaponize the flaw to recover 92–98% of the master key used during encryption. The method can now be effectively used t ... Read MoreCyware Alerts - Hacker News
February 21, 2022 – Malware
New Android Banking Trojan Spreading via Google Play Store Targets Europeans Full Text
Abstract
A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the moniker Alien while also being "radically different" from its predecessor in terms of the functionalities offered. "Despite being a work-in-progress, Xenomorph is already sporting effective overlays and being actively distributed on official app stores," ThreatFabric's founder and CEO, Han Sahin, said. "In addition, it features a very detailed and modular engine to abuse accessibility services, which in the future could power very advanced capabilities, like ATS." Alien, a remote access trojan (RAT) with notification sniffing and authenticator-based 2FAThe Hacker News
February 21, 2022 – Malware
Xenomorph Android banking trojan distributed via Google Play Store Full Text
Abstract
Xenomorph Android trojan has been observed distributed via the official Google Play Store targeting 56 European banks. Researchers from ThreatFabric have spotted a new Android banking trojan, dubbed Xenomorph, distributed via the official Google...Security Affairs
February 21, 2022 – Malware
Revamped CryptBot malware spread by pirated software sites Full Text
Abstract
A new version of the CryptBot info stealer was seen in distribution via multiple websites that offer free downloads of cracks for games and pro-grade software.BleepingComputer
February 21, 2022 – Phishing
Attackers Target Top UK Bank With Phishing Campaigns Full Text
Abstract
Monzo, one of the UK's most popular online banking platforms, warned users against an ongoing phishing campaign that can acquire their personal data and eventually, let hackers take over their bank accounts. The phishing process starts with a SMSdisplaying Monzo as the sender's name. Users nee ... Read MoreCyware Alerts - Hacker News
February 21, 2022 – Attack
Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware Full Text
Abstract
An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), in late January 2022 resulted in the deployment of a wiper malware and other custom implants, as the country's national infrastructure continues to face a wave of attacks aimed at inflicting serious damage. "This indicates that the attackers' aim was also to disrupt the state's broadcasting networks, with the damage to the TV and radio networks possibly more serious than officially reported," Tel Aviv-based cybersecurity firm Check Point said in a report published last week. The 10-second attack, which took place on January 27, involved the breach of state broadcaster IRIB to air pictures of Mujahedin-e-Khalq Organization ( MKO ) leaders Maryam and Massoud Rajavi alongside a call for the assassination of the Supreme Leader Ayatollah Ali Khamenei. "This is an extremely complex attack and only the owners of this technologyThe Hacker News
February 21, 2022 – Vulnerabilities
How SMS PVA services could undermine SMS-based verification Full Text
Abstract
Crooks abuse some SMS PVA services that allow their customers to create disposable user accounts to conduct malicious activities. While investigating SMS PVA services (phone-verified account services), Trend Micro researchers discovered a rogue platform...Security Affairs
February 21, 2022 – Attack
Cookware giant Meyer discloses cyberattack that impacted employees Full Text
Abstract
Meyer Corporation, the largest cookware distributor in the U.S., and the second-largest globally, has informed U.S. Attorney General offices of a data breach affecting thousands of its employees.BleepingComputer
February 21, 2022 – Botnet
Is Conti Behind the TrickBot Operation? Full Text
Abstract
In new findings, the operators of the TrickBot trojan appear to have collaborated with the creators of the Conti ransomware. The reason behind this development could be the multiple takedown attempts on the TrickBot infrastructure. However, as per claims, the bot is dead; and moving forward they w ... Read MoreCyware Alerts - Hacker News
February 21, 2022 – Solution
A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022 Full Text
Abstract
For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses. And unfortunately — the bad guys have the upper hand at the moment. Part of the reason for that is the fallout from the rapid digitization made necessary by the COVID-19 pandemic. According to research on the subject, more than half of businesses have yet to mitigate the risks created by that digitization. And when you add a persistent shortage of cybersecurity workers to that fact, you have the makings of a scary situation. But businesses aren't helpless. There are plenty of things they can do to augment their defenses as they look to mitigate cyber risks. And best of all, some of those options won't cost them a thing. A great example of that is the open-source security platform Wazuh . It offers businesThe Hacker News
February 21, 2022 – Ransomware
A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files Full Text
Abstract
Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing...Security Affairs
February 21, 2022 – Attack
New Xenomorph Android malware targets customers of 56 banks Full Text
Abstract
A new malware called Xenomorph distributed through Google Play Store has infected more than 50,000 Android devices to steal banking information.BleepingComputer
February 21, 2022 – APT
TunnelVision APT Group Exploits Log4Shell Full Text
Abstract
SentinelOne allegedly stumbled across an Iranian threat actor, dubbed TunnelVision, exploiting the Log4j vulnerability on unpatched VMware Horizon servers with ransomware. The group exploited multiple one-day flaws, such as FortiOS (CVE-2018-13379) and Exchange (ProxyShell). The TTPs of TunnelVisio ... Read MoreCyware Alerts - Hacker News
February 21, 2022 – Hacker
Hackers Exploiting Infected Android Devices to Register Disposable Accounts Full Text
Abstract
An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation. SMS PVA services, since gaining prevalence in 2018, provide users with alternative mobile numbers that can be used to register for other online services and platforms, and help bypass SMS-based authentication and single sign-on (SSO) mechanisms put in place to verify new accounts. "This type of service can be used by malicious actors to register disposable accounts in bulk or create phone-verified accounts for conducting fraud and other criminal activities," Trend Micro researchers said in a report published last week. Telemetry data gathered by the company shows that most of the infections are located in Indonesia (47,357), followed by Russia (16,157), Thailand (11,196), India (8,109), and France (5,548), Peru (4,915), MorocThe Hacker News
February 21, 2022 – General
Threat Report Portugal: Q4 2021 Full Text
Abstract
The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from October to December, Q4, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect...Security Affairs
February 21, 2022 – Phishing
OpenSea users lose $2 million worth of NFTs in phishing attack Full Text
Abstract
The non-fungible token (NFT) marketplace OpenSea is investigating a phishing attack that left 17 of its users without more than 250 NFTs worth around $2 million.BleepingComputer
February 21, 2022 – Business
Radware buys Israeli cybersecurity co SecurityDAM Full Text
Abstract
Radware said that the $42.5 million acquisition of cloud security firm SecurityDAM is part of its strategic initiative to accelerate the growth of its cloud security service business.Globes
February 21, 2022 – Business
TitanHQ Announces Acquisition of Cyber Risk Aware Full Text
Abstract
The acquisition will further bolster TitanHQ's already extensive security offering. Cyber Risk Aware delivers cyber security awareness training to staff in response to actual staff network behavior.Yahoo! Finance
February 21, 2022 – Cryptocurrency
Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network Full Text
Abstract
The malicious actor can have a coinminer masquerade itself as a legitimate app, trick susceptible users into running it on their systems, and just wait for the profits to roll in.Trend Micro
February 21, 2022 – General
The agency that may be able to thwart ransomware Full Text
Abstract
Sanctions, indictments, and potential cyber counter-attacks aren’t President Joe Biden’s only options for denting the scourge of ransomware attacks plaguing schools, hospitals, and government offices.Politico
February 21, 2022 – General
At Olympics, cybersecurity worries linger in background Full Text
Abstract
Unfettered internet access is important for many amateur Olympic athletes who post photos and videos of their feats on Instagram and other social media sites. It can be critical for landing sponsors.ABC News
February 20, 2022 – Attack
New phishing campaign targets Monzo online-banking customers Full Text
Abstract
Users of Monzo, one of the UK's most popular digital-only banking platforms, are being targeted by phishing messages supported by a growing network of malicious websites.BleepingComputer
February 20, 2022 – Attack
Hackers Target Microsoft Teams Users in Chats Full Text
Abstract
Cybercriminals are planting maldocs in chat threads on Microsoft Teams. Users accessing it might end up giving control of their systems to hackers. Organizations are suggested to deploy email gateway security that secures communication applications, and employees should contact IT whenever a suspic ... Read MoreCyware Alerts - Hacker News
February 20, 2022 – Phishing
BEC scammers impersonate CEOs on virtual meeting platforms Full Text
Abstract
The FBI warned US organizations and individuals are being increasingly targeted in BECattacks on virtual meeting platforms The Federal Bureau of Investigation (FBI) warned this week that US organizations and individuals are being increasingly targeted...Security Affairs
February 20, 2022 – Vulnerabilities
Poisoned Pipeline Execution Attacks - A New Wave of Threats Full Text
Abstract
A security researcher demonstrated the possibility of poisoned pipeline attacks that can be triggered by abusing permissions in source code management (SCM) repositories. The pipelines that execute unreviewed code are more exposed to PPE attacks. Applications not developed with a security-first app ... Read MoreCyware Alerts - Hacker News
February 20, 2022 – Criminals
Threat actors stole at least $1.7M worth of NFTs from tens of OpenSea users Full Text
Abstract
Threat actors have stolen and flipped high-valued NFTs from the users of the world's largest NFT exchange, OpenSea. The world's largest NFT exchange, OpenSea on Sunday confirmed that tens of some of its users have been hit by a phishing attack and had lost...Security Affairs
February 20, 2022 – Hacker
ShadowPad Linked to Chinese MSS and PLA Full Text
Abstract
Hackers affiliated with the Chinese Ministry of State Security and the People's Liberation Army are increasingly deploying the ShadowPad advanced modular RAT against its targets. It can steal sensitive system information, interact with the file system and registry, and deploy new modules to propaga ... Read MoreCyware Alerts - Hacker News
February 20, 2022 – General
Security Affairs newsletter Round 354 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
February 20, 2022 – Botnet
Trickbot operation is now controlled by Conti ransomware Full Text
Abstract
The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. TrickBot operation has arrived at the end of the journey, according to AdvIntel some of its top members move under the Conti ransomware...Security Affairs
February 19, 2022 – Government
Russia denies accusations of false flag operation, cyber attacks on Ukraine Full Text
Abstract
Russia denied it was responsible for cyber attacks on Ukrainian banks and the country's Ministry of Defense and accusations that it is looking for a pretext to invade Ukraine.The Hill
February 19, 2022 – Ransomware
Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm Full Text
Abstract
Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's private key, by using a cryptographic vulnerability identified through analysis," a group of academics from South Korea's Kookmin University said in a new paper analyzing its encryption process. Hive, like other cybercriminals groups, operates a ransomware-as-a-service that uses different mechanisms to compromise business networks, exfiltrate data, and encrypt data on the networks, and attempt to collect a ransom in exchange for access to the decryption software. It was first observed in June 2021, when it struck a company called Altus Group. Hive leverages a variety of initial compromise methods, including vulnerable RDP servers, compromised VPN credentials,The Hacker News
February 19, 2022 – Government
CISA compiles list of free cybersecurity tools and services Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a list of free cybersecurity services and tools to help organizations increase their security capabilities and better defend against cyberattacks.BleepingComputer
February 19, 2022 – Government
Justice Department Appoints First Director of National Cryptocurrency Enforcement Team Full Text
Abstract
The U.S. Department of Justice (DoJ) earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team (NCET) it established last year. The NCET was created to tackle the criminal misuse of cryptocurrencies and digital assets," with a focus on illegal activities in virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors to fuel cyberattacks and ransomware and extortion schemes. "The NCET will serve as the focal point for the department's efforts to tackle the growth of crime involving [digital assets and distributed ledger] technologies," said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department's Criminal Division. Separately, the Federal Bureau of Investigation (FBI) said it's launching a new effort of its own called the Virtual Asset Exploitation Unit (VAXU) dedicated to tracking and seizing illicit cryptocurrencies as part oThe Hacker News
February 19, 2022 – Government
CISA warns of hybrid operations threat to US critical infrastructure Full Text
Abstract
CISA urged leaders of U.S. critical infrastructure organizations on Friday to increase their orgs' resilience against a growing risk of being targeted by foreign influence operations using misinformation, disinformation, and malformation (MDM) tactics.BleepingComputer
February 19, 2022 – Solution
CISA compiled a list of free cybersecurity tools and services Full Text
Abstract
The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free...Security Affairs
February 19, 2022 – Government
White House and UK Gov attribute DDoS attacks on Ukraine to Russia’s GRU Full Text
Abstract
The White House has linked the recent DDoS attacks against Ukraine 's banks and defense agencies to Russia's GRU. The White House has linked the recent DDoS attacks that took offline the sites of banks and defense agencies of Ukraine to Russia's Main...Security Affairs
February 19, 2022 – Vulnerabilities
UpdraftPlus WordPress plugin update forced for million sites Full Text
Abstract
WordPress forces the update of the UpdraftPlus plugin patch on 3 million sites to fix a high-severity vulnerability. WordPress has forced the update of the UpdraftPlus plugin around three million sites to address a high-severity vulnerability,...Security Affairs
February 19, 2022 – Attack
Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign Full Text
Abstract
One of the more common infections that seen is the site-wide redirects to spam and scam sites, achieved by attackers exploiting newly found vulnerabilities in popular WordPress plugins.Sucuri
February 19, 2022 – Vulnerabilities
Multiple Vulnerabilities in Adobe Commerce and Magento Could Allow for Remote Code Execution Full Text
Abstract
Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights in Adobe Commerce and Magento Open Source.CIS
February 19, 2022 – Government
US, Britain Accuse Russia of Cyberattacks Targeting Ukraine Full Text
Abstract
The White House blamed Russia for this week’s cyberattacks targeting Ukraine’s defense ministry and major banks and warned of the potential for more significant disruptions in the days ahead.Security Week
February 19, 2022 – Vulnerabilities
New WordPress Plugin Leaks Millions of Personal Information; Immediate Update is Suggested Full Text
Abstract
A new WordPress plugin vulnerability is now putting millions of WordPress users at risk. This security issue is specifically found on UpdraftPlus, a cloning plugin for WordPress.Tech Times
February 18, 2022 – Malware
The Week in Ransomware - February 18th 2022 - Mergers & Acquisitions Full Text
Abstract
The big news this week is that the Conti ransomware gang has recruited the core developers and managers of the TrickBot group, the developers of the notorious TrickBot malware.BleepingComputer
February 18, 2022 – Government
White House says Russia behind cyberattack on banks, ministry in Ukraine Full Text
Abstract
The Biden administration believes Russian government hackers were behind cyberattacks targeting Ukraine’s Ministry of Defense and banks in Ukraine earlier this week, a top White House official said Friday.The Hill
February 18, 2022 – Government
U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The " Free Cybersecurity Services and Tools " resource hub comprises a mix of services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community. "Many organizations, both public and private, are target rich and resource poor," CISA Director, Jen Easterly, said in a statement. "The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment." The tools catalog is the latest in a string of initiatives launched by CISA to combat cyber threats and help organizations adopt foundational measures to maximize resiliThe Hacker News
February 18, 2022 – Education
What To Expect With Cyber Surprise Full Text
Abstract
The possibilities of surprise in cyberspace are almost limitless.Lawfare
February 18, 2022 – Privacy
Google Privacy Sandbox promises to protect user privacy online Full Text
Abstract
Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy Sandbox on Android to limit user data sharing and prevent the use of cross-app identifiers. The company...Security Affairs
February 18, 2022 – Denial Of Service
White House pins Ukraine DDoS attacks on Russian GRU hackers Full Text
Abstract
Today, the White House has linked the recent DDoS attacks that knocked down the sites of Ukrainian banks and defense agencies to Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU).BleepingComputer
February 18, 2022 – Vulnerabilities
Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites Full Text
Abstract
Patches have been issued to contain a "severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, allowing untrusted users access to backups," the maintainers of the plugin said in an advisory published this week. Security researcher Marc-Alexandre Montpas of Automattic has been credited with discovering and reporting the vulnerability on February 14 that's been assigned the identifier CVE-2022-0633 (CVSS score: 8.5). The issue impacts UpdraftPlus versions from 1.16.7 to 1.22.2. UpdraftPlus is a backup and restoration solution that's capable of performing full, manual, or scheduled backups of WordPress files, databases, plugins and themes, which can then be reinstated via thThe Hacker News
February 18, 2022 – APT
Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability Full Text
Abstract
Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision...Security Affairs
February 18, 2022 – Botnet
New Golang botnet empties Windows users’ cryptocurrency wallets Full Text
Abstract
A new Golang-based botnet under active development has been ensnaring hundreds of Windows devices each time its operators deploy a new command and control (C2) server.BleepingComputer
February 18, 2022 – Phishing
Microsoft Warns of ‘Ice Phishing’ Threat on Web3 and Decentralized Networks Full Text
Abstract
Microsoft has warned of emerging threats in the Web3 landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick cryptocurrency users into giving up their private cryptographic keys and carry out unauthorized fund transfers. "One aspect that the immutable and public blockchain enables is complete transparency, so an attack can be observed and studied after it occurred," Christian Seifert, principal research manager at Microsoft's Security and Compliance group, said . "It also allows assessment of the financial impact of attacks, which is challenging in traditional web2 phishing attacks." The theft of the keys could be carried out in several ways, including imThe Hacker News
February 18, 2022 – Vulnerabilities
CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager Full Text
Abstract
Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical's Snap Package Manager. Canonical's Snap software packaging and deployment system are affected by multiple vulnerabilities, including...Security Affairs
February 18, 2022 – Attack
Iranian hackers target VMware Horizon servers with Log4j exploits Full Text
Abstract
An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States.BleepingComputer
February 18, 2022 – Malware
PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans Full Text
Abstract
Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot . "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot , and is being distributed," South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published today. "Not only is its file form similar to CryptBot, but it is also distributed via malicious sites exposed on the top search page when users search commercial software-related illegal programs such as Crack and Keygen," it added. According to ASEC, around 30 computers in the country are being consistently infected on a daily basis on average. PseudoManuscrypt was first documented by Russian cybersecurity firm Kaspersky in December 2021, when it disclosed details of a "mass-scale spyware attack campaign" infecting morThe Hacker News
February 18, 2022 – Vulnerabilities
Researchers created a PoC exploit for recently disclosed critical Magento CVE-2022-24086 bug Full Text
Abstract
Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe Commerce and Magento Open Source. Positive Technologies researchers have created a working PoC exploit for the recently patched CVE-2022-24086 vulnerability...Security Affairs
February 18, 2022 – Policy and Law
FCC proposes $45 million fine for health insurance robocaller Full Text
Abstract
The US Federal Communications Commission (FCC) today proposed the largest-ever fine against a robocaller for Telephone Consumer Protection Act violations.BleepingComputer
February 18, 2022 – Ransomware
Master Decryption Keys Released for Multiple Ransomware Full Text
Abstract
The master decryption keys for Maze, Egregor, and Sekhmet ransomware victims were released, as claimed, by one of the developers of the three ransomware. The poster on the forum said that this was a planned leak and did not have any relation to law enforcement operations. Though, experts suspect th ... Read MoreCyware Alerts - Hacker News
February 18, 2022 – Vulnerabilities
New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager Full Text
Abstract
Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd. Tracked as CVE-2021-44731 , the issue concerns a privilege escalation flaw in the snap-confine function, a program used internally by snapd to construct the execution environment for snap applications. The shortcoming is rated 7.8 on the CVSS scoring system. "Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host," Bharat Jogi, director of vulnerability and threat research at Qualys, said , adding the weakness could be abused to "obtain full root privileges on default installations of Ubuntu." Red Hat, in an independThe Hacker News
February 18, 2022 – Vulnerabilities
WordPress force installs UpdraftPlus patch on 3 million sites Full Text
Abstract
WordPress has taken the rare step of force-updating the UpdraftPlus plugin on all sites to fix a high-severity vulnerability allowing website subscribers to download the latest database backups, which often contain credentials and PII.BleepingComputer
February 18, 2022 – Botnet
Updated Trickbot Now Targets Technology and Financial Firms Full Text
Abstract
Check Point disclosed that an updated version of the TrickBot malware is targeting customers of 60 financial and technology firms primarily located in the U.S. Researchers believe that the actual victims are not the brands themselves but their customers. The malware stands as a priority threat ... Read MoreCyware Alerts - Hacker News
February 18, 2022 – Criminals
Conti ransomware gang takes over TrickBot malware operation Full Text
Abstract
After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware.BleepingComputer
February 18, 2022 – APT
Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability Full Text
Abstract
SentinelOne observed the potentially destructive Iran-linked APT group TunnelVision actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers.Security Affairs
February 18, 2022 – Breach
Warning: Popular e-cigarette store hacked to steal credit cards Full Text
Abstract
BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits is serving a credit card skimmer on its live site, likely after getting hacked. Element Vape has a presence across the U.S. and Canada and sells products in both retail outlets and on their online store.BleepingComputer
February 18, 2022 – General
Google Drive flags macOS ‘.DS_Store’ files for copyright violation Full Text
Abstract
Google Drive was seen flagging '.DS_Store' files generated by macOS file systems as a violation of its copyright infringement policy. '.DS_Store' is a metadata file commonly seen by Apple users when they transfer their folders and archives from a macOS to a non-Apple operating system, like Windows.BleepingComputer
February 17, 2022 – Botnet
Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators Full Text
Abstract
Newborn as it is, the Kraken botnet has already spread like wildfire, thanks to the malware’s author tinkering away over the past few months, adding more infostealers and backdoors.Threatpost
February 17, 2022 – Denial Of Service
Ukrainian DDoS Attacks Should Put US on Notice–Researchers Full Text
Abstract
On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not.Threatpost
February 17, 2022 – Education
Kill Cloud Risk: Get Everybody to Stop Fighting Over App Security – Podcast Full Text
Abstract
When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling.Threatpost
February 17, 2022 – Attack
Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware Full Text
Abstract
A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group " TunnelVision " owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus as well as Charming Kitten and Nemesis Kitten. "TunnelVision activities are characterized by wide-exploitation of 1-day vulnerabilities in target regions," SentinelOne researchers Amitai Ben Shushan Ehrlich and Yair Rigevsky said in a report, with the intrusions detected in the Middle East and the U.S. Also observed alongside Log4Shell is the exploitation of Fortinet FortiOS path traversal flaw ( CVE-2018-13379 ) and the Microsoft Exchange ProxyShell vulnerability to gain initial access into the target networks for post-exploitation. "TunnelVisThe Hacker News
February 17, 2022 – Education
4 Cloud Data Security Best Practices All Businesses Should Follow Today Full Text
Abstract
These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're trusting the bulk of their privileged business data to those cloud providers, too. And while most major cloud providers do a decent job of keeping data secure, the majority of business users take an upload-it-and-forget-it approach to their data security needs. And that — needless to say — is dangerous. In reality, cloud providers can only protect a business's data if the business does its part by adhering to some cloud security best practices. And fortunately, they're not that complicated. Here are the four most important cloud security best practices businesses should build into their cloud operations right away. Never Skip Selection Due Diligence The first cloud security best pThe Hacker News
February 17, 2022 – Vulnerabilities
Hackers can crash Cisco Secure Email gateways using malicious emails Full Text
Abstract
Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages.BleepingComputer
February 17, 2022 – Vulnerabilities
Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails Full Text
Abstract
Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could result in a denial-of-service (DoS) condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 (CVSS score: 7.5), stems from a case of insufficient error handling in DNS name resolution that could be abused by an unauthenticated, remote attacker to send a specially crafted email message and cause a DoS. "A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition," the company said in an advisory. "Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition." The flaw impacts Cisco ESA devices running Cisco AsyncOS Software running versThe Hacker News
February 17, 2022 – Vulnerabilities
Another Critical RCE Discovered in Adobe Commerce and Magento Platforms Full Text
Abstract
Adobe on Thursday updated its advisory for an actively exploited zero-day affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. Tracked as CVE-2022-24087 , the issue – like CVE-2022-24086 – is rated 9.8 on the CVSS vulnerability scoring system and relates to an " Improper Input Validation " bug that could result in the execution of malicious code. "We have discovered additional security protections necessary for CVE-2022-24086 and have released an update to address them (CVE-2022-24087)," the company said in a revised bulletin. "Adobe is not aware of any exploits in the wild for the issue addressed in this update (CVE-2022-24087)." As before, Adobe Commerce and Magento Open Source versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are impacted by CVE-2022-24087, but it's worth noting that versions 2.3.0 to 2.3.3 are not vulnerable. "A new patcThe Hacker News
February 17, 2022 – Vulnerabilities
Researchers create exploit for critical Magento bug, Adobe updates advisory Full Text
Abstract
Offensive security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday.BleepingComputer
February 17, 2022 – Hacker
TA2541: A Tale of New Mysterious Hackers Full Text
Abstract
Proofpoint discovered a new threat group, dubbed TA2541, targeting entities in the aviation, aerospace, transportation, defense, and manufacturing sectors, since at least 2017. The most delivered RAT in TA2541 campaigns include AsyncRAT, followed by Parallax, NetWire, and WSH RAT. The campaigns are ... Read MoreCyware Alerts - Hacker News
February 17, 2022 – Government
Hillicon Valley — FBI forms crypto unit Full Text
Abstract
Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 17, 2022 – Privacy
Google Bringing Privacy Sandbox to Android to Limit Sharing of User Data Full Text
Abstract
Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. To that end, the internet giant said it will work towards building solutions that prevent cross-app tracking à la Apple's App Tracking Transparency ( ATT ) framework, effectively limiting sharing of user data with third-parties as well as eliminating identifiers such as advertising IDs on mobile devices. "The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk," Anthony Chavez, vice president of product management for Android security and privacy, said . Privacy Sandbox , launched in 2019, is Google's umbrella term for a set of technologies that will phase out third-party cookies and curb covert tracking, like fingerprinting , by reduThe Hacker News
February 17, 2022 – General
Cyber Reporting Proposals: Assessing Liability Protections and Legal Privileges Full Text
Abstract
Where is Congress on cyber reporting requirements?Lawfare
February 17, 2022 – Attack
Threat actors leverage Microsoft Teams to spread malware Full Text
Abstract
Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users, threat...Security Affairs
February 17, 2022 – Vulnerabilities
GitHub code scanning now finds more security vulnerabilities Full Text
Abstract
Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in production.BleepingComputer
February 17, 2022 – Vulnerabilities
Poisoned pipelines: Security researcher explores attack methods in CI environments Full Text
Abstract
A security researcher has described how abusing permissions in source code management (SCM) repositories can lead to CI poisoning, also known as ‘poisoned pipeline attacks’.The Daily Swig
February 17, 2022 – General
Getting Your SOC 2 Compliance as a SaaS Company Full Text
Abstract
If you haven't heard of the term , you will soon enough. SOC 2, meaning System and Organization Controls 2 , is an auditing procedure developed by the American Institute of CPAs (AICPA). Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance for the safeguarding and security of client data. In other words, you have to show (e.g., document and demonstrate) that you are acting in good faith with other people's information. In its simplest definition, it's a report card from an auditor. At Rewind, before SOC 2, we had some processes in place, such as change management procedures for when emergency fixes need to be released to production quickly. But after beginning our SOC 2 journey we realized that we did not have a great way to track the reasoning behind a required emergency change, and this was required for our SOC 2 audit. So we worked with our auditor to set up a continuous auditing system for these requests, pThe Hacker News
February 17, 2022 – Vulnerabilities
Specially crafted emails could crash Cisco ESA devices Full Text
Abstract
Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653, that resides in the DNS-based...Security Affairs
February 17, 2022 – Vulnerabilities
Cisco bug can let hackers crash Cisco Secure Email gateways Full Text
Abstract
Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages.BleepingComputer
February 17, 2022 – Solution
New quantum key distribution network resistant to quantum attacks Full Text
Abstract
A QKD channel was multiplexed on the same fiber as ultra-high bandwidth 800 Gbps optical channels for the first time and used to provide keys for encryption of the data stream.CSO Online
February 17, 2022 – Solution
This New Tool Can Retrieve Pixelated Text from Redacted Documents Full Text
Abstract
The practice of blurring out text using a method called pixelation may not be as secure as previously thought. While the most foolproof way of concealing sensitive textual information is to use opaque black bars, other redaction methods like pixelation can achieve the opposite effect, enabling the reversal of pixelized text back into its original form. Dan Petro, a lead researcher at offensive security firm Bishop Fox, has demonstrated a new open-source tool called Unredacter to reconstruct text from the pixelated images, effectively leaking the very information that was meant to be protected. The tool is also seen as an improvement over an existing utility named Depix , which works by looking up what permutations of pixels could have resulted in certain pixelated blocks to recover the text. The threat model works on the underlying hypothesis that given a piece of text containing both redacted and un-redacted information, the attacker uses the information about the font siThe Hacker News
February 17, 2022 – Privacy
European Data Protection Supervisor call for bans on surveillance spyware like Pegasus Full Text
Abstract
The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware. The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance...Security Affairs
February 17, 2022 – Breach
Hackers slip into Microsoft Teams chats to distribute malware Full Text
Abstract
Security researchers warn that some attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation.BleepingComputer
February 17, 2022 – Business
Snyk Buys Cloud Security Vendor Fugue To Protect Developers Full Text
Abstract
Snyk has purchased Cloud Security Posture Management (CSPM) vendor Fugue to help organizations manage compliance and security throughout the software development lifecycle.CRN
February 17, 2022 – Botnet
Researchers Warn of a New Golang-based Botnet Under Continuous Development Full Text
Abstract
Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. "Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim's system," threat intelligence firm ZeroFox said in a report published Wednesday. Discovered first in October 2021, early variants of Kraken have been found to be based on source code uploaded to GitHub, although it's unclear if the repository in question belongs to the malware's operators or if they simply chose to start their development using the code as a foundation. The botnet – not to be confused with a 2008 botnet of the same name – is perpetuated using SmokeLoader , which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network. KrakenThe Hacker News
February 17, 2022 – Botnet
New Kraken botnet is allowing operators to earn USD 3,000 every month Full Text
Abstract
Researchers spotted a new Golang-based botnet called Kraken that is under active development and supports a lot of backdoor capabilities. Kraken is a new Golang-based botnet discovered in late October 2021 by researchers from threat intelligence...Security Affairs
February 17, 2022 – Outage
Canada’s major banks go offline in mysterious hours-long outage Full Text
Abstract
Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers. The banks hit by the outage include Royal Bank of Canada (RBC), BMO (Bank of Montreal), Scotiabank, and the Canadian Imperial Bank of Commerce (CIBC).BleepingComputer
February 17, 2022 – APT
Deciphering Moses Staff APT’s Persistent Attacks Against Israeli Organizations Full Text
Abstract
As per a new update shared by Cybereason Nocturnus Team, the APT group has made improvements in tactics and techniques to target several organizations located across Italy, India, Germany, China, Turkey, the UAE, and the U.S.Cyware Alerts - Hacker News
February 17, 2022 – Attack
Nation-state actors hacked Red Cross exploiting a Zoho bug Full Text
Abstract
The International Committee of the Red Cross (ICRC) said attackers that breached its network last month exploited a Zoho bug. The International Committee of the Red Cross (ICRC) revealed that the attack that breached its network in January was conducted...Security Affairs
February 17, 2022 – Government
FBI Warns of Increase in Fraudulent Payments Due to BEC Scams Full Text
Abstract
The FBI said it had seen an increase in the use of virtual meeting platforms as a way to trick organizations into sending payments to the wrong accounts as part of a type of attack known as BEC scams.The Record
February 16, 2022 – Attack
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry Full Text
Abstract
The phishing attacks are spoofing LinkedIn to target ‘Great Resignation’ job hunters, who are also being preyed on by huge data-scraping bot attacks.Threatpost
February 16, 2022 – Vulnerabilities
High-Severity RCE Bug Found in Popular Apache Cassandra Database Full Text
Abstract
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren’t easy to track down, and it’s easy as pie to exploit.Threatpost
February 16, 2022 – Vulnerabilities
Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers Full Text
Abstract
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.Threatpost
February 16, 2022 – Attack
Emotet Now Spreading Through Malicious Excel Files Full Text
Abstract
An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.Threatpost
February 16, 2022 – Attack
Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage Full Text
Abstract
The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S. Earlier this month, the hacker collective was observed incorporating a previously undocumented remote access trojan (RAT) called " StrifeWater " that masquerades as the Windows Calculator app to evade detection. "Close examination reveals that the group has been active for over a year, much earlier than the group's first official public exposure, managing to stay under the radar with an extremely low detection rate," findings from FortiGuard Labs reveal . The latest threat activity involves an aThe Hacker News
February 16, 2022 – Government
U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors Full Text
Abstract
State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors (CDCs) to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. The sustained espionage campaign is said to have commenced at least two years ago from January 2020, according to a joint advisory published by the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA). "These continued intrusions have enabled the actors to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology," the agencies said . "The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology."The Hacker News
February 16, 2022 – Phishing
FBI warns of BEC attackers impersonating CEOs in virtual meetings Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned today that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms.BleepingComputer
February 16, 2022 – Government
CISA Identifies Next Set of Actively Exploited Vulnerabilities Full Text
Abstract
The CISA has added more flaws in its catalog of known exploited vulnerabilities. They were found in products of top tech giants, such as Microsoft, Oracle, Apache, and Apple. Also, there are some priority ones, for which the CISA has asked FCEB agencies to patch the vulnerabilities within February. ... Read MoreCyware Alerts - Hacker News
February 16, 2022 – Government
Hillicon Valley — Senators introduce online kids’ safety bill Full Text
Abstract
Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 16, 2022 – Education
[Webinar] When More Is Not Better: Solving Alert Overload Full Text
Abstract
The increasing volume and sophistication of cyberattacks have naturally led many companies to invest in additional cybersecurity technologies. We know that expanded threat detection capabilities are necessary for protection, but they have also led to several unintended consequences. The "more is not always better" adage fits this situation perfectly. An upcoming webinar by cybersecurity company Cynet ( register here ) sheds light on alert overload, the result of too many alerts. Beyond discussing the stress and strain placed on cybersecurity teams trying to sift through an ongoing barrage of threat alerts, Cynet shows how this situation actually degrades cybersecurity effectiveness. Then Cynet will talk about the way out – something important to almost every company suffering from alert overload. The Real Impact of Alert Overload It's interesting that threat alerts, which are so vital to protection have also become an obstacle. Cynet lays out two key reasons why this has come aboutThe Hacker News
February 16, 2022 – Government
Cybersecurity Advisory on Russian Cyber Actors Targeting U.S. Contractors Full Text
Abstract
Over the past two years, Russian state-sponsored cyber actors have been targeting U.S. cleared defense contractors.Lawfare
February 16, 2022 – Breach
Russia-linked threat actors breached US cleared defense contractors (CDCs) Full Text
Abstract
Russia-linked threat actors have breached the network of U.S. cleared defense contractors (CDCs) since at least January 2020. According to a joint alert published by the FBI, NSA, and CISA, Russia-linked threat actors conducted a cyber espionage campaign...Security Affairs
February 16, 2022 – Botnet
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands Full Text
Abstract
The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks.Threatpost
February 16, 2022 – Breach
US says Russian state hackers breached defense contractors Full Text
Abstract
Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities.BleepingComputer
February 16, 2022 – General
Google Drive Now Accounts for 50% of Malicious Document Downloads Full Text
Abstract
According to Atlas VPN, nearly 50% of malicious Office documents were downloaded from Google Drive in 2021. Until 2020, Microsoft OneDrive was the major source of malicious office documents at 34% share. Cybercriminals spread these by creating free accounts on cloud apps hosting services, upload ma ... Read MoreCyware Alerts - Hacker News
February 16, 2022 – Attack
US says Russian hackers targeted defense contractors Full Text
Abstract
The U.S. intelligence community says that Russian-sponsored actors have been targeting defense contractors for at least the past two years and in some cases have gained access to sensitive information.The Hill
February 16, 2022 – Malware
Trickbot Malware Targeted Customers of 60 High-Profile Companies Since 2020 Full Text
Abstract
The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand," Check Point researchers Aliaksandr Trafimchuk and Raman Ladutska said in a report published today. In addition to being both prevalent and persistent, TrickBot has continually evolved its tactics to go past security and detection layers. To that end, the malware's "injectDll" web-injects module, which is responsible for stealing banking and credential data, leverages anti-deobfuscation techniques to crash the web page and thwart attempts to scrutinize the source code. Also put in place are anti-analysis guardrails to prevent security researchers from sending automated requests to command-and-conThe Hacker News
February 16, 2022 – Botnet
Trickbot targets customers of 60 High-Profile companies Full Text
Abstract
TrickBot malware is targeting customers of 60 financial and technology companies with new anti-analysis features. The infamous TrickBot malware was employed in attacks against customers of 60 financial and technology companies with new anti-analysis...Security Affairs
February 16, 2022 – Breach
Red Cross: State hackers breached our network using Zoho bug Full Text
Abstract
The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group.BleepingComputer
February 16, 2022 – General
Log4Shell: A retrospective Full Text
Abstract
An attacker could use this notorious vulnerability (dubbed Log4Shell) to force a victim to download, install and execute externally hosted malicious payloads with relative ease.Help Net Security
February 16, 2022 – Government
Ukraine says Russia likely to blame for cyberattack Full Text
Abstract
Ukrainian officials blamed Russia for the Tuesday cyberattack that hit the country's defense ministry and at least two banks.The Hill
February 16, 2022 – Vulnerabilities
VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products Full Text
Abstract
VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition. As of writing, there's no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is as follows – CVE-2021-22040 (CVSS score: 8.4) - Use-after-free vulnerability in XHCI USB controller CVE-2021-22041 (CVSS score: 8.4) - Double-fetch vulnerability in UHCI USB controller CVE-2021-22042 (CVSS score: 8.2) - ESXi settingsd unauthorized access vulnerability CVE-2021-22043 (CVSS score: 8.2) - ESXi settingsd TOCTOU vulnerability CVE-2021-22050 (CVSS score: 5.3) - ESXi slow HTTP POST denial-of-service vulnerability CVE-2022-22945 (CVSS score: 8.8) - CLI shell injection vulnerability in the NSX Edge appliance component Successful exploitation of the flaws could allow a malicious actor with local adThe Hacker News
February 16, 2022 – Vulnerabilities
Experts disclose details of Apache Cassandra DB RCE Full Text
Abstract
Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software. JFrog researchers publicly disclosed details of a now-patched high-severity security vulnerability (CVE-2021-44521) in Apache Cassandra...Security Affairs
February 16, 2022 – General
Researcher ‘reverses’ redaction, extracts words from pixelated image Full Text
Abstract
A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique. Further, the researcher has released a GitHub tool that can be used by anyone to reconstruct text from obscure, pixelated images.BleepingComputer
February 16, 2022 – Policy and Law
Missouri prosecutor declines to file charges over ‘hacker’ allegation against reporter Full Text
Abstract
Missouri’s public prosecutor has decided not to file charges against a journalist accused of illegal hacking over his disclosure of security vulnerabilities in a state government-run website.The Daily Swig
February 16, 2022 – Privacy
EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware Full Text
Abstract
The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology's "unprecedented level of intrusiveness" that could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy," the European Data Protection Supervisor (EDPS) said in its preliminary remarks. "This fact makes its use incompatible with our democratic values." Pegasus is a piece of highly advanced military-grade intrusion software developed by Israeli company NSO Group that's capable of breaking into smartphones running Android and iOS, turning the devices into a remote monitoring tool capable of extracting sensitive information, recording conversations, and tracking users' movemeThe Hacker News
February 16, 2022 – Government
CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs Full Text
Abstract
The U.S. CISA added to the Known Exploited Vulnerabilities Catalog another 9 security flaws actively exploited in the wild. US Cybersecurity and Infrastructure Security Agency (CISA) added nine new vulnerabilities to its Known Exploited Vulnerabilities...Security Affairs
February 16, 2022 – Phishing
Singapore introduces strong measures to stop online scams Full Text
Abstract
Singapore will step up up efforts to stamp out phishing and spoofing, ministers told the parliament on Tuesday. The topic gained attention after instances of attacks and scams soared recently.The Register
February 16, 2022 – Vulnerabilities
VMware fixes flaws demonstrated at Chinese Tianfu Cup hacking contest Full Text
Abstract
VMware addressed several high-severity flaws that were disclosed during China’s Tianfu Cup hacking contest. VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking...Security Affairs
February 16, 2022 – General
Supply chain shortages create a cybersecurity nightmare Full Text
Abstract
Supply chain issues are already one of the weakest links for an organization, even in the best of times. Challenges are not just in production capabilities, but also in security of the final product.Help Net Security
February 16, 2022 – Malware
Emotet Malware Spreads by Hijacking Email Threats and Luring Users with Malicious Attachments Full Text
Abstract
As early as December 21, 2021, researchers from Palo Alto Networks' Unit 42 observed a new infection method for the highly prevalent malware family Emotet involving thread hijacking.Palo Alto Networks
February 16, 2022 – Business
WhiteSource acquires DefenseCode and Xanitizer to enter into the SAST market Full Text
Abstract
WhiteSource announced the company’s expansion into custom code security following two recent acquisitions and the availability of its static application security testing (SAST) solution.Help Net Security
February 16, 2022 – Government
New Zealand government mandates bug reporting process for federal agencies Full Text
Abstract
In its latest security manual, the GCSB said agencies should establish a process that would allow members of the public to report potential software vulnerabilities or other security problems.The Daily Swig
February 16, 2022 – Botnet
Trickbot has infected 140,000-plus machines since late 2020 Full Text
Abstract
In October 2020, Microsoft reported that more than 90% of Trickbot's infrastructure had been disabled. However, the threat actor bounced back and began thriving soon after.Tech Target
February 15, 2022 – Attack
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming Full Text
Abstract
SquirrelWaffle attackers now use typosquatting to keep sending spam, even after Exchange servers are patched for ProxyLogon/ProxyShell.Threatpost
February 15, 2022 – Vulnerabilities
Chrome Zero-Day Under Active Attack: Patch ASAP Full Text
Abstract
The year’s 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.Threatpost
February 15, 2022 – APT
TA2541: APT Has Been Shooting RATs at Aviation for Years Full Text
Abstract
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.Threatpost
February 15, 2022 – Government
CISA tells federal agencies to patch actively exploited Chrome, Magento bugs Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.BleepingComputer
February 15, 2022 – Vulnerabilities
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software Full Text
Abstract
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution (RCE) on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday. Apache Cassandra is an open-source, distributed, NoSQL database management system for managing very large amounts of structured data across commodity servers. Tracked as CVE-2021-44521 (CVSS score: 8.4), the vulnerability concerns a specific scenario where the configuration for user-defined functions ( UDFs ) are enabled, effectively allowing an attacker to leverage the Nashorn JavaScript engine, escape the sandbox, and achieve execution of untrusted code. Specifically, it was fouThe Hacker News
February 15, 2022 – Denial Of Service
Ukrainian military agencies, state-owned banks hit by DDoS attacks Full Text
Abstract
The Ministry of Defense and the Armed Forces of Ukraine and two of the country's state-owned banks, Privatbank (Ukraine's largest bank) and Oschadbank (the State Savings Bank), are being hammered by Distributed Denial-of-Service (DDoS) attacks.BleepingComputer
February 15, 2022 – Business
Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case Full Text
Abstract
Meta Platforms has agreed to pay $90 million to settle a lawsuit over the company's use of cookies to allegedly track Facebook users' internet activity even after they had logged off from the platform. In addition, the social media company will be required to delete all of the data it illegally collected from those users. The development was first reported by Variety . The decade-old case, filed in 2012, centered around Facebook's use of the proprietary "Like" button to track users as they visited third-party websites – regardless of whether they actually used the button – in violation of the federal wiretapping laws, and then allegedly compiling those browsing histories into profiles for selling the information to advertisers. Based on the terms of the proposed settlement, users who browsed non-Facebook websites that included the "Like" button between April 22, 2010, and September 26, 2011, will be covered. "Reaching a settlement in this casThe Hacker News
February 15, 2022 – Government
CISA tells agencies to patch actively exploited Chrome, Magento bugs Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.BleepingComputer
February 15, 2022 – Botnet
Watch Out! FritzFrog Botnet Has Gone Aggressively Wild Full Text
Abstract
The operators of the FritzFrog botnet have returned with a new P2P campaign, registering a 10x growth in the infection rate within only a month. The new variant seems to possess additional capabilities to target WordPress servers. Researchers have spotted 24,000 attacks so far. However, the b ... Read MoreCyware Alerts - Hacker News
February 15, 2022 – Attack
Hillicon Valley — Cyberattack hits Ukrainian defense Full Text
Abstract
Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 15, 2022 – Attack
Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA Full Text
Abstract
Cybersecurity researchers have detailed the inner workings of ShadowPad , a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is decrypted in memory using a custom decryption algorithm," researchers from Secureworks said in a report shared with The Hacker News. "ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality." ShadowPad is a modular malware platform sharing noticeable overlaps to the PlugX malware and which has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures. While initial campaigns that delivered ShadowPad were attributed to a threat cluster tracked as Bronze Atlas aka BariumThe Hacker News
February 15, 2022 – Attack
Ukraine: Military defense agencies and banks hit by cyberattacks Full Text
Abstract
Ukraine 's defense agencies and two state-owned banks were hit by Distributed Denial-of-Service (DDoS) attacks. The Ministry of Defense and the Armed Forces of Ukraine and state-owned banks, Privatbank (Ukraine's largest bank) and Oschadbank...Security Affairs
February 15, 2022 – Vulnerabilities
Google almost doubles Linux Kernel, Kubernetes zero-day rewards Full Text
Abstract
Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.BleepingComputer
February 15, 2022 – Vulnerabilities
VMware Patches Vulnerabilities Reported by Researchers to Chinese Government Full Text
Abstract
The security vulnerabilities impact VMware ESXi, Workstation, and Fusion, and they were used at the 2021 Tianfu Cup hacking contest by Kunlun Lab, the team that won the event.Security Week
February 15, 2022 – Attack
Ukraine Defense Ministry, banks hit by cyberattack amid tensions with Russia Full Text
Abstract
Ukraine’s Ministry of Defense on Tuesday said it had been hit with a cyberattack amid heightened tensions with Russia and concerns Moscow could launch aggressive actions against the country, including a potential ground invasion.The Hill
February 15, 2022 – Solution
SafeDNS: Cloud-based Internet Security and Web Filtering Solution for MSPs Full Text
Abstract
Remote workplace trend is getting the upper hand in 2022. A recent survey by IWG (the International Workplace Group) determined that 70% of the world's professionals work remotely at least one day a week, with 53% based outside their workplace at least half of the week. Taking this into consideration, organizations have started looking for reliable partners that can deliver services and support consistently, for example, to install new hybrid infrastructure solutions while trusting them with the everyday functioning of their IT. So far, MSPs have been meeting this demand by offering multiple solutions that help employees work remotely without any problems. What are the main cybersecurity solutions remote workers need? Multi-Factor Authentication Virtual Private Network DNS Filtering to secure DNS traffic Why is a web filtering important and what are the main features necessary for MSPs? Managed service providers have been struggling with finding the right web filteringThe Hacker News
February 15, 2022 – Vulnerabilities
QNAP extends security Updates for some EOL devices Full Text
Abstract
Taiwanese vendor QNAP extended the security update window for some devices that have reached end-of-life (EOL). Taiwanese vendor QNAP extended the security update for some devices that have reached end-of-life (EOL) years ago. The company decided...Security Affairs
February 15, 2022 – Denial Of Service
Ukrainian military agencies, banks hit by DDoS attacks, defacements Full Text
Abstract
The Ministry of Defense and the Armed Forces of Ukraine and two of the country's state-owned banks, Privatbank (Ukraine's largest bank) and Oschadbank (the State Savings Bank), are being hammered by Distributed Denial-of-Service (DDoS) attacks.BleepingComputer
February 15, 2022 – Vulnerabilities
Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraud Full Text
Abstract
Researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities disclosed last year.ZDNet
February 15, 2022 – Government
Experts Warn of Hacking Group Targeting Aviation and Defense Sectors Full Text
Abstract
Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems. The use of commodity malware such as AsyncRAT and NetWire, among others, has led enterprise security firm Proofpoint to a "cybercriminal threat actor" codenamed TA2541 that employs "broad targeting with high volume messages." The ultimate objective of the intrusions is unknown as yet. Social engineering lures used by the group does not rely on topical themes but rather leverages decoy messages related to aviation , logistics, transportation, and travel. That said, TA2541 did briefly pivot to COVID-19-themed lures in the spring of 2020, distributing emails concerning cargo shipments of personal protective equipment (PPE) or testing kits. "While TA2541 is consistent iThe Hacker News
February 15, 2022 – Attack
BlackCat gang claimed responsibility for Swissport ransomware attack Full Text
Abstract
The BlackCat ransomware group (aka ALPHV), claimed responsibility for the attack on Swissport that interfered with its operations. The BlackCat ransomware group (aka ALPHV), has claimed responsibility for the cyberattack on Swissport...Security Affairs
February 15, 2022 – Hacker
Unskilled hacker linked to years of attacks on aviation, transport sectors Full Text
Abstract
For years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries.BleepingComputer
February 15, 2022 – Attack
SSU: Russia-linked actors are targeting Ukraine with ‘massive wave of hybrid warfare’ Full Text
Abstract
The Security Service of Ukraine (SSU) today revealed that the country is the target of an ongoing “wave of hybrid warfare” conducted by Russia-linked malicious cyber actors.Security Affairs
February 15, 2022 – Malware
New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin Full Text
Abstract
A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot , first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other competing malware from the systems. Chief among its methods to evade detection and stay under the radar included a delay of 14 days before accessing its command-and-control servers and the facility to execute malicious binaries directly from memory. MyloBot also leverages a technique called process hollowing , wherein the attack code is injected into a suspended and hollowed process in order to circumvent process-based defenses. This is achieved by unmapping the memory allocated to the live process and replacing it with the arbitrary code to be executed, in this case a decoded resource fiThe Hacker News
February 15, 2022 – Vulnerabilities
Google fixes a Chrome zero-day flaw actively exploited in attacks Full Text
Abstract
Google fixed a high-severity zero-day flaw actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome...Security Affairs
February 15, 2022 – Criminals
BlackCat (ALPHV) claims Swissport ransomware attack, leaks data Full Text
Abstract
The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyber attack on cargo and hospitality services giant Swissport that caused flight delays and service disruptions.BleepingComputer
February 15, 2022 – Vulnerabilities
SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification Full Text
Abstract
The core security issue is that an enterprise has the ability to monitor and intercept SMSes from tons of devices globally, and then profit from it by offering the service to whoever can pay for it.Trend Micro
February 15, 2022 – Privacy
Remote sex toys might spice up your love life – but crooks could also get a kick out of them Full Text
Abstract
A CyberNews investigation has revealed that Lovense remote sex toy users might be at risk from threat actors, due to poor security features. Original post: https://cybernews.com/privacy/remote-sex-toys-might-spice-up-your-love-life-but-crooks-could-also-get-a-kick-out-of-them/ Lovense...Security Affairs
February 15, 2022 – Breach
Internet Society Discloses Third-party Data Leak Exposed 80,000 Members’ Login Credentials Full Text
Abstract
The Internet Society (ISOC), a non-profit dedicated to keeping the internet open and secure, has blamed the inadvertent exposure of its 80,000-plus members’ personal data on a third-party vendor.The Daily Swig
February 15, 2022 – Hacker
Mysterious Hackers Targeting Aerospace and Defence Industries for Years Full Text
Abstract
Dubbed TA2541 and detailed by researchers at Proofpoint, the persistent hacker group has been active since 2017 and has compromised hundreds of firms across North America, Europe, and the Middle East.ZDNet
February 15, 2022 – Education
The importance of implementing a zero trust strategy Full Text
Abstract
Optiv has published a report based on a recent survey of cybersecurity leaders that highlights the critical importance of implementing zero trust as an effective way to reduce cyber risk.Help Net Security
February 14, 2022 – Attack
BlackByte Tackles the SF 49ers & US Critical Infrastructure Full Text
Abstract
Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team’s files.Threatpost
February 14, 2022 – Malware
‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware Full Text
Abstract
35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees.Threatpost
February 14, 2022 – Attack
New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP! Full Text
Abstract
Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609 , is described as a use-after-free vulnerability in the Animation component that, if successfully exploited, could lead to corruption of valid data and the execution of arbitrary code on affected systems. "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild," the company said in a characteristically brief statement acknowledging active exploitation of the flaw. Credited with discovering and reporting the flaw are Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group (TAG). Also addressed by Google four other use-after-free flaws impacting File Manager, File Manager, ANGLE , and GPU, a heap buffer overflow bug in Tab Groups, an inteThe Hacker News
February 14, 2022 – Solution
Kali Linux 2022.1 released with 6 new tools, SSH wide compat, and more Full Text
Abstract
Offensive Security has released Kali Linux 2022.1, the first version of 2022, with improved accessibility features, a visual refresh, SSH wide compatibility, and of course, new toys to play with!BleepingComputer
February 14, 2022 – Vulnerabilities
Google Chrome emergency update fixes zero-day exploited in attacks Full Text
Abstract
Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks.BleepingComputer
February 14, 2022 – Cryptocurrency
Asian Cloud Service Providers Face Threats from CoinStomp Cryptominer Full Text
Abstract
Researchers have uncovered a cryptojacking malware named CoinStomp that is targeting Asian cloud service providers. To prevent forensic actions against itself, the malware tries to tamper with Linux server cryptographic policies. The use of such techniques indicates that attackers a ... Read MoreCyware Alerts - Hacker News
February 14, 2022 – Outage
Website that raised millions for ‘Freedom Convoy’ protests goes offline after possible hack Full Text
Abstract
The Christian crowdfunding website used to gather funds for the “Freedom Convoy” trucker-led demonstration against COVID-19 restrictions in Canada has been taken down after information about donors was leaked.The Hill
February 14, 2022 – Criminals
Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts Full Text
Abstract
Spain's National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring masqueraded as trustworthy representatives of banks and other organizations and used traditional phishing and smishing techniques to obtain personal information and bank data of victims before draining money from their accounts. "They usurped the identity of their victims through the falsification of official documents and tricked employees of telephone stores into getting the duplicate of SIM cards, cards where they received security confirmation messages from banks that allowed them to empty their victims' accounts," the authorities said . Seven of the arrests were made in Barcelona and one in Seville. As many as 12 bank accounts were frozen as part of the illicit operation.The Hacker News
February 14, 2022 – Attack
SSU: Russia-linked actors are targeting Ukraine with ‘massive wave of hybrid warfare’ Full Text
Abstract
The Security Service of Ukraine (SSU) said the country is the target of an ongoing "wave of hybrid warfare." The Security Service of Ukraine (SSU) today revealed the country is the target of an ongoing "wave of hybrid warfare" conducted by Russia-linked...Security Affairs
February 14, 2022 – Attack
Ukraine says it’s targeted by ‘massive wave of hybrid warfare’ Full Text
Abstract
The Security Service of Ukraine (SSU) today said the country is the target of an ongoing "wave of hybrid warfare," aiming to instill anxiety and undermine Ukrainian society's confidence in the state's ability to defend its citizens.BleepingComputer
February 14, 2022 – Botnet
TrickBot Uses Metaprogramming in BazarBackdoor Malware Full Text
Abstract
In a new twist, authors of BazarLoader and BazarBackdoor malware were spotted utilizing template-based metaprogramming to obfuscate important data. Researchers found similar code patterns in malware samples as is found when samples are built using ADVobfuscator, an obfuscation library based on C++1 ... Read MoreCyware Alerts - Hacker News
February 14, 2022 – Vulnerabilities
Critical Security Flaws Reported in Moxa MXview Network Management Software Full Text
Abstract
Technical details have been disclosed regarding a number of security vulnerabilities affecting Moxa's MXview web-based network management system, some of which could be chained by an unauthenticated adversary to achieve remote code execution on unpatched servers. The five security weaknesses "could allow a remote, unauthenticated attacker to execute code on the hosting machine with the highest privileges available: NT AUTHORITY\SYSTEM," Claroty security researcher Noam Moshe said in a report published this week. Moxa MXview is designed for configuring, monitoring, and diagnosing networking devices in industrial networks. The flaws, which affect versions 3.x to 3.2.2 of the network management software, were rectified in version 3.2.4 or higher following a coordinated disclosure process in October 2021. "Successful exploitation of these vulnerabilities may allow an attacker to create or overwrite critical files to execute code, gain access to the program, obThe Hacker News
February 14, 2022 – Breach
BlackByte ransomware breached at least 3 US critical infrastructure organizations Full Text
Abstract
The US Federal Bureau of Investigation (FBI) said that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors. The US Federal Bureau of Investigation (FBI) published a joint cybersecurity...Security Affairs
February 14, 2022 – Attack
Sports brand Mizuno hit with ransomware attack delaying orders Full Text
Abstract
Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware, BleepingComputer has learned from sources familiar with the attack.BleepingComputer
February 14, 2022 – Criminals
Ransomware Becomes Deadlier, Conti Makes the Most Money Full Text
Abstract
Ransomware actors are constantly upgrading their TTPs and finding new ways to make profits. A new report by Chainalysis states that ransomware victims spent almost $700 million in ransom in 2020.Cyware Alerts - Hacker News
February 14, 2022 – Government
European Central Bank tells banks to step up defences against nation-state attacks Full Text
Abstract
The European Central Bank is warning banks of possible Russia-linked cyber attack amid the rising crisis with Ukraine. The European Central Bank is warning banks of possible Russia-linked cyber attack amid the rising crisis with Ukraine and is inviting...Security Affairs
February 14, 2022 – Government
FTC warns VoIP providers: Share your robocall info or get sued Full Text
Abstract
The US Federal Trade Commission (FTC) said today that it will take legal action against Voice-over-Internet Protocol (VoIP) service providers who do not hand over information requested during robocall investigations.BleepingComputer
February 14, 2022 – Breach
More Than 500,000 Addresses Leaked from NSW Government Database Full Text
Abstract
The hundreds of thousands of locations were collected by the NSW Customer Services Department through its QR code registration system and made public through a government website.9News
February 14, 2022 – Vulnerabilities
Critical Magento zero-day flaw CVE-2022-24086 actively exploited Full Text
Abstract
Adobe addressed a critical vulnerability (CVE-2022-24086) impacting Magento Open Source products that is being actively exploited in the wild. Adobe rolled out security updates to address a critical security vulnerability, tracked as CVE-2022-24086,...Security Affairs
February 14, 2022 – Vulnerabilities
QNAP extends critical updates for some unsupported NAS devices Full Text
Abstract
QNAP has extended support and will keep issuing security updates for some end-of-life (EOL) network-attached storage (NAS) devices until October 2022.BleepingComputer
February 14, 2022 – Breach
Data of 1.2 Million Guests of Harbour Plaza Hotels in Hong Kong Impacted by Cyberattack Full Text
Abstract
Hong Kong's privacy watchdog said on Friday that it had received reports from the firm two days ago about a cybersecurity incident involving several databases for room reservations.South China Morning Post
February 14, 2022 – Outage
Alleged ransomware attack disrupted operations at Slovenia’s Pop TV station Full Text
Abstract
Last week, a cyberattack hit Pop TV, Slovenia’s most popular TV channel, disrupting the operations. Last week, a cyber-attack has disrupted the operations of Pop TV, the Slovenian most popular TV channel. The attack, which likely was a ransomware...Security Affairs
February 14, 2022 – Government
FBI: BlackByte ransomware breached US critical infrastructure Full Text
Abstract
The US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.BleepingComputer
February 14, 2022 – Solution
Tool trio released to protect JavaScript applications from malicious NPM packages Full Text
Abstract
The tools – npm-secure-install, package-checker, and npm_issues_statistic – are designed to address some of the thorniest security problems of using open-source software packages.The Daily Swig
February 14, 2022 – Vulnerabilities
Emergency Magento update fixes zero-day bug exploited in attacks Full Text
Abstract
Adobe rolled out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild.BleepingComputer
February 14, 2022 – Attack
Europe’s Largest Car Dealer Faces Hive Ransomware Attack Full Text
Abstract
Emil Frey was hit with a ransomware attack last month, according to a statement from the company. It showed up on the list of victims for the Hive ransomware on February 1.ZDNet
February 14, 2022 – Attack
San Francisco 49ers Confirm Ransomware Attack on its Corporate IT Network Full Text
Abstract
The San Francisco 49ers NFL team has fallen victim to a ransomware attack that encrypted files on its corporate IT network, a spokesperson for the team has told The Record.The Record
February 13, 2022 – Vulnerabilities
Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released Full Text
Abstract
Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. Tracked as CVE-2022-24086 , the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring system and has been characterized as an " improper input validation " issue that could be weaponized to achieve arbitrary code execution. It's also a pre-authenticated flaw, meaning it could be exploited without requiring any credentials. But the California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges. The flaw affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions. Adobe Commerce 2.3.3 and lower are not vulnerable. "Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe CoThe Hacker News
February 13, 2022 – Solution
Microsoft Defender will soon block Windows password theft Full Text
Abstract
Microsoft is enabling an 'Attack Surface Reduction' security feature rule by default to block hackers' attempts to steal Windows credentials from the LSASS process.BleepingComputer
February 13, 2022 – Solution
Microsoft is making it harder to steal Windows passwords from memory Full Text
Abstract
Microsoft is enabling an 'Attack Surface Reduction' security feature rule by default to block hackers' attempts to steal Windows credentials from the LSASS process.BleepingComputer
February 13, 2022 – General
Organizations paid at least $602 million to ransomware gangs in 2021 Full Text
Abstract
Organizations have paid more than $600 million in cryptocurrency during 2021, nearly one-third to the Conti ransomware gang. Last week, cybersecurity agencies from the U.K., the U.S. and Australia have published a joint advisory warning of an increased...Security Affairs
February 13, 2022 – Attack
NFL’s San Francisco 49ers hit by Blackbyte ransomware attack Full Text
Abstract
The NFL's San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the American football organization.BleepingComputer
February 13, 2022 – Attack
San Francisco 49ers NFL team discloses BlackByte ransomware attack Full Text
Abstract
A ransomware attack hit the corporate IT network of the San Francisco 49ers NFL team, The Record reported. The San Francisco 49ers NFL team has fallen victim to a ransomware attack, the news was reported by The Record. The team disclosed the attack...Security Affairs
February 13, 2022 – Phishing
Analyzing Phishing attacks that use malicious PDFs Full Text
Abstract
Cybersecurity researchers Zoziel Pinto Freire analyzed the use of weaponized PDFs in phishing attacks Every day everybody receives many phishing attacks with malicious docs or PDFs. I decided to take a look at one of these files. I did a static analysis...Security Affairs
February 13, 2022 – General
Security Affairs newsletter Round 353 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
February 12, 2022 – Government
US cyber defense agency warns of possible Russian cyberattacks amid tensions Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a "Shields Up" alert for American organizations saying that U.S. systems could face Russian cyberattacks amid warnings from Biden administration officials that a Russian invasion of Ukraine could be imminent.The Hill
February 12, 2022 – General
Organizations are addressing zero-day vulnerabilities more quickly, says Google Full Text
Abstract
Organizations are addressing zero-day vulnerabilities more quickly, compared to last year, Google’s Project Zero reported. According to Google’s Project Zero researchers, organizations are addressing zero-day vulnerabilities more quickly, compared...Security Affairs
February 12, 2022 – Government
CISA, FBI, NSA warn of the increased globalized threat of ransomware Full Text
Abstract
CISA, FBI and NSA published a joint advisory warning of ransomware attacks targeting critical infrastructure organizations. Cybersecurity agencies from the U.K., the U.S. and Australia have published a joint advisory warning of an increased globalised...Security Affairs
February 12, 2022 – Breach
Croatian phone carrier A1 Hrvatska discloses data breach Full Text
Abstract
Croatian phone carrier A1 Hrvatska has disclosed a data breach that has impacted roughly 200,000 customers. Croatian phone carrier A1 Hrvatska has disclosed a data breach that has impacted 10% of its customers, roughly 200,000 people. Threat actors...Security Affairs
February 12, 2022 – Vulnerabilities
Facebook exposes ‘god mode’ token miscreants could use Full Text
Abstract
According to a security researcher, a malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token described as "god mode."The Register
February 12, 2022 – Vulnerabilities
Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620) Full Text
Abstract
CVE-2022-22620 is a use after free issue in WebKit, the browser engine used in Safari and all iOS web browsers. Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.Help Net Security
February 11, 2022 – Ransomware
The Week in Ransomware - February 11th 2022 - Maze, Egregor decryptors Full Text
Abstract
We saw the Maze ransomware developers reemerge briefly this week as they shared the master decryption keys for the Egregor, Maze, and Sekhmet ransomware operations.BleepingComputer
February 11, 2022 – Attack
Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers Full Text
Abstract
A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as " ModifiedElephant ," an elusive threat actor that's been operational since at least 2012, whose activity aligns sharply with Indian state interests. "ModifiedElephant operates through the use of commercially available remote access trojans (RATs) and has potential ties to the commercial surveillance industry," the researchers said . "The threat actor uses spear-phishing with malicious documents to deliver malware, such as NetWire , DarkComet , and simple keyloggers." The primary goal of ModifiedElephant is to facilitate long-term surveillance of targeted individuals, ultimately leading to the delivery of "evidence" on the victimThe Hacker News
February 11, 2022 – Botnet
FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors Full Text
Abstract
FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. FritzFrog is a sophisticated botnet that was involved in attacks against SSH servers worldwide since January 2020. The...Security Affairs
February 11, 2022 – Breach
Croatian phone carrier data breach impacts 200,000 clients Full Text
Abstract
Croatian phone carrier 'A1 Hrvatska' has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people.BleepingComputer
February 11, 2022 – Government
CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited...Security Affairs
February 11, 2022 – Government
CISA orders federal agencies to update iPhones until Feb 25th Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs.BleepingComputer
February 11, 2022 – APT
Molerats APT Strikes Again with New NimbleMamba Malware Full Text
Abstract
Researchers from Proofpoint spotted a new phishing campaign that targeted multiple Middle Eastern governments, foreign-policy think tanks, and a state-affiliated airline, with the new NimbleMamba trojan. NimbleMamba is believed to share some similarities with Molerats’ previous executable LastConn ... Read MoreCyware Alerts - Hacker News
February 11, 2022 – Vulnerabilities
Apple addressed a third zero-day in 2022, which is actively exploited Full Text
Abstract
Apple addressed a new WebKit zero-day affecting iOS, iPadOS, macOS, and Safari that may have been actively exploited in the wild. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22620, in the WebKit affecting iOS, iPadOS, macOS,...Security Affairs
February 11, 2022 – General
Google Project Zero: Vendors are now quicker at fixing zero-days Full Text
Abstract
Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.BleepingComputer
February 11, 2022 – Attack
Series of Magecart Attacks Against Outdated Magento Sites Full Text
Abstract
Another massive wave of Magecart attacks was detected by Sansec last week. This attack, once again, highlights the vulnerability of e-commerce sites running outdated software.Cyware Alerts - Hacker News
February 11, 2022 – Criminals
Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts Full Text
Abstract
Spanish National Police arrested eight alleged members of a crime ring specialized in SIM swapping attacks. Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims...Security Affairs
February 11, 2022 – Government
CISA urges orgs to patch actively exploited Windows SeriousSAM bug Full Text
Abstract
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks.BleepingComputer
February 11, 2022 – Attack
The Pirate Bay Clones Target Millions of Users Every Month Full Text
Abstract
CyberNews discovered five malicious domains parading around as The Pirate Bay. These domains served malicious ads to more than seven million users every month by using free content to lure targets.Cyware Alerts - Hacker News
February 11, 2022 – General
50% of malicious office documents were downloaded via Google Drive in 2021 Full Text
Abstract
According to a recently released Netskope report, Google Drive overtook the top spot from Microsoft OneDrive, which led malicious office document download apps in 2020 with 34%.atlasvpn
February 11, 2022 – Breach
Vice Society Ransomware Gang Leaks Stolen Customer Files from Optionis Group Full Text
Abstract
What appears to be stolen data belonging to customers of accounting conglomerate Optionis Group has surfaced on the dark web weeks after the firm confirmed intruders had broken into its systems.The Register
February 10, 2022 – Vulnerabilities
SAP Patches Severe ‘ICMAD’ Bugs Full Text
Abstract
SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.Threatpost
February 10, 2022 – Policy and Law
France Rules That Using Google Analytics Violates GDPR Data Protection Law Full Text
Abstract
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not "sufficiently regulated" citing a violation of Articles 44 et seq. of the data protection decree, which govern the transfers of personal data to third countries or international entities. Specifically the independent administrative regulatory body highlighted the lack of equivalent privacy protections and the risk that "American intelligence services would access personal data transferred to the United States if the transfers were not properly regulated." "[A]lthough Google has adopted additional measures to regulate data transfers in the context of the Google AnThe Hacker News
February 10, 2022 – Vulnerabilities
Microsoft fixes Defender flaw letting hackers bypass antivirus scans Full Text
Abstract
Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine.BleepingComputer
February 10, 2022 – Breach
Charity Site for Ottawa Truckers’ ‘Freedom Convoy’ Protest Exposes Donors’ Passports and Driver Licenses Full Text
Abstract
The donation site used by truckers in Ottawa who are currently protesting against national vaccine mandates has fixed a security lapse that exposed the passports and driver licenses of donors.TechCrunch
February 10, 2022 – Vulnerabilities
Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw Full Text
Abstract
Apple on Thursday released security updates for iOS, iPadOS , macOS , and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution. "Apple is aware of a report that this issue may have been actively exploited," the company said in a terse statement acknowledging in-the-wild attacks leveraging the flaw. The iPhone maker credited an anonymous researcher for discovering and reporting the flaw, adding it remediated the issue with improved memory management. The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7thThe Hacker News
February 10, 2022 – Skimming
Threat actors compromised +500 Magento-based e-stores with e-skimmers Full Text
Abstract
Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online...Security Affairs
February 10, 2022 – Ransomware
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares Full Text
Abstract
The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.Threatpost
February 10, 2022 – Vulnerabilities
Microsoft starts killing off WMIC in Windows, will thwart attacks Full Text
Abstract
Microsoft is moving forward with removing the Windows Management Instrumentation Command-line (WMIC) tool, wmic.exe, starting with the latest Windows 11 preview builds in the Dev channel.BleepingComputer
February 10, 2022 – Breach
Georgia Voter Information Leaked Online After EasyVote Solutions Security Breach Full Text
Abstract
Public information about voters was posted to an online forum, but the breach didn’t involve Social Security numbers or driver’s license numbers, said Charles Davis, CFO for EasyVote.Government Technology
February 10, 2022 – Botnet
FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors Full Text
Abstract
A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts. Dubbed FritzFrog , "the decentralized botnet targets any device that exposes an SSH server — cloud instances, data center servers, routers, etc. — and is capable of running any malicious payload on infected nodes," Akamai researchers said in a report shared with The Hacker News. The new wave of attacks commenced in early December 2021, only to pick up pace and register a 10x growth in its infection rate in a month's time, while peaking at 500 incidents per day in January 2022. The cybersecurity firm said it detected infected machines in a European television channel network, a Russian manufacturer of healthcare equipment, and multiple universities in East Asia. FritzFrog was first documented by Guardicore in August 2020, elaborating the botnet&The Hacker News
February 10, 2022 – Attack
Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents Full Text
Abstract
The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft Office documents. The full report that includes Indicators of Compromise (IOCs) is available here: https://www.uptycs.com/blog/attackers-increasingly-adopting-regsvr32-utility-execution-via-office-documents During...Security Affairs
February 10, 2022 – Attack
Sharp SIM-Swapping Spike Causes $68M in Losses Full Text
Abstract
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.Threatpost
February 10, 2022 – Hacker
Hacking group ‘ModifiedElephant’ evaded discovery for a decade Full Text
Abstract
Threat analysts have linked a decade of activity to an APT (advanced persistent threat) actor called 'ModifiedElephant', who has managed to remain elusive to all threat intelligence firms since 2012.BleepingComputer
February 10, 2022 – Business
Legit Security Launches Out of Stealth with Series A Investment to Secure Software Supply Chains Full Text
Abstract
Legit Security announced its launch out of stealth mode with a Series A $30 million funding announcement with leading venture capital firms Bessemer Venture Partners and TCV.Yahoo! Finance
February 10, 2022 – Covid-19
COVID Does Not Spread to Computers Full Text
Abstract
"…well, of course!" is what you might think. It's a biological threat, so how could it affect digital assets? But hang on. Among other effects, this pandemic has brought about a massive shift in several technological areas. Not only did it force numerous organizations - that up to now were reluctant - to gear up in cyber to go digital, all at once, oftentimes with hastily pieced together strategies. It also made remote working (and the involved tools) grow in double-digits, causing the good old perimeter (which was already in a questionable state due to cloud adaption) to be basically shattered. The office is now anywhere. And that means access to data needs to be everywhere too. Keeping all of this in mind, the general assumption was that in the wake of the pandemic we would face a virtual nightmare with vulnerable users, compromised corporate networks en masse and the end of the (digital) world. But let's look at some interesting numbers of what actually happThe Hacker News
February 10, 2022 – Education
How Does An IPv6 Proxy Work & How Enterprises Can Get Benefit? Full Text
Abstract
IPv6 became imperative after developers discovered that IPv4 had a finite number and addresses. How does an IPv6 Proxy work? Technological advancements have come a long way – from when internet utility was very limited to when internet connection...Security Affairs
February 10, 2022 – Vulnerabilities
Apple patches new zero-day exploited to hack iPhones, iPads, Macs Full Text
Abstract
Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs.BleepingComputer
February 10, 2022 – Business
NightDragon Leads New Growth Round in ThriveDX alongside Prytek Full Text
Abstract
A dedicated cybersecurity and privacy investment firm, NightDragon joins early strategic partner Prytek (who invested $110 million to date) as the co-lead investor in ThriveDX's current funding round.Yahoo! Finance
February 10, 2022 – Government
CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks Full Text
Abstract
Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services. "Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors' growing technological sophistication and an increased ransomware threat to organizations globally," the agencies said in the joint bulletin . Spear-phishing, stolen or brute-forced Remote Desktop Protocol (RDP) credentials, and exploitation of software flaws emerged as the top three initial infection vectors that were used to deploy ransomware on compromised networks, even as the criminalThe Hacker News
February 10, 2022 – General
Spyware, ransomware and Nation-state hacking: Q&A from a recent interview Full Text
Abstract
I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy" How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those...Security Affairs
February 10, 2022 – Malware
Qbot, Lokibot malware switch back to Windows Regsvr32 delivery Full Text
Abstract
Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32.exe.BleepingComputer
February 10, 2022 – Breach
Information for over 6,000 Memorial Hermann patients accessed in security breach Full Text
Abstract
One of its contracted vendors, Advent Health Partners, announced a cybersecurity issue Tuesday. According to the health system, the protected health information of 6,260 patients has been breached.KHOU
February 10, 2022 – Vulnerabilities
Critical RCE flaws in PHP Everywhere WordPress plugin affect thousands of sites Full Text
Abstract
WordPress plugin PHP Everywhere is affected by three critical issues that can be exploited to execute arbitrary code on affected systems. Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress...Security Affairs
February 10, 2022 – General
FTC says Americans lost $547 million to romance scams in 2021 Full Text
Abstract
The US Federal Trade Commission (FTC) said that Americans reported record high losses of $547 million to romance scams in 2021, up almost 80% compared to 2020 and over six times compared to losses reported in 2017.BleepingComputer
February 10, 2022 – Phishing
Be Careful! Phishing Kits Bypassing MFA are Growing in Popularity Full Text
Abstract
In one recent discovery, a team of academics highlighted that there are more than 1200 phishing toolkits deployed in the wild that are capable of intercepting 2FA security codes. Proofpoint researchers also flagged three phishing kits in particular—Modlishka, Muraena/Necrobrowser, and Evilginx2—tha ... Read MoreCyware Alerts - Hacker News
February 10, 2022 – Government
US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns of an escalation in SIM swap attacks that caused millions of losses. The Federal Bureau of Investigation (FBI) observed an escalation in SIM swap attacks aimed at stealing millions from the victims by hijacking...Security Affairs
February 10, 2022 – Botnet
FritzFrog botnet grows 10x, hits healthcare, edu, and govt systems Full Text
Abstract
The FritzFrog botnet that's been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server.BleepingComputer
February 10, 2022 – Government
US Federal Agencies Warn of Severe Increase in Ransomware Attacks Against Critical Infrastructure Full Text
Abstract
In 2021, cybersecurity authorities in the U.S., Australia, and the U.K observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.US CERT
February 10, 2022 – Criminals
Spain dismantles SIM swapping group who emptied bank accounts Full Text
Abstract
Spanish National Police has arrested eight suspects allegedly part of a crime ring who drained bank accounts in a series of SIM swapping attacks.BleepingComputer
February 10, 2022 – Hacker
Charming Kitten Adds New Malware To Its Arsenal Full Text
Abstract
Charming Kitten, aka Phosphorous, has reportedly added a novel PowerShell-based implant called PowerLess Backdoor with fortifies the group's ability to bypass security products. The attacker's toolset comes with extremely modular, multi-staged malware that decrypts and deploys additional payloads. ... Read MoreCyware Alerts - Hacker News
February 10, 2022 – General
Linux malware attacks are on the rise, and businesses aren’t ready for it Full Text
Abstract
Analysis from VMware experts warns that malware targeting Linux-based systems is increasing in volume and complexity, while there's also a lack of focus on managing and detecting threats against them.ZDNet
February 9, 2022 – Criminals
Ex-Gumshoe Nabs Cybercrooks with FBI Tactics Full Text
Abstract
Crane Hassold, former FBI analyst turned director of threat intel at Abnormal Security, shares stories from his covert work tracking cyberattackers.Threatpost
February 09, 2022 – Criminals
Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards Full Text
Abstract
A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump's Dumps, and UAS, were confiscated and plastered with a banner that warned "theft of funds from bank cards is illegal." Also embedded into the HTML source code was a message asking, "Which one of you is next?" The seizures were orchestrated by the Department "K," a division of the Ministry of Internal Affairs of the Russian Federation that focuses primarily on information technology-related crimes, according to Flashpoint . In a related development, state-owned news agency TASS said that six Russian individuals were being charged with "the illegal circulation oThe Hacker News
February 09, 2022 – Vulnerabilities
Critical RCE Flaws in ‘PHP Everywhere’ Plugin Affect Thousands of WordPress Sites Full Text
Abstract
Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that's used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems. PHP Everywhere is used to flip the switch on PHP code across WordPress installations, enabling users to insert and execute PHP-based code in the content management system's Pages, Posts, and Sidebar. The three issues, all rated 9.9 out of a maximum of 10 on the CVSS rating system, impact versions 2.0.3 and below, and are as follows - CVE-2022-24663 - Remote Code Execution by Subscriber+ users via shortcode CVE-2022-24664 - Remote Code Execution by Contributor+ users via metabox, and CVE-2022-24665 - Remote Code Execution by Contributor+ users via gutenberg block Successful exploitation of the three vulnerabilities could result in the execution of malicious PHP code that could be leveraged to achieve a complete site takeover. WordPresThe Hacker News
February 09, 2022 – Vulnerabilities
PHP Everywhere RCE flaws threaten thousands of WordPress sites Full Text
Abstract
Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide.BleepingComputer
February 9, 2022 – Malware
StellarParticle Campaign - New Undetected Malware Revealed After Two Years Full Text
Abstract
Hackers associated with SolarWind attacks have been using two new threats, the GoldMax backdoor and the TrailBlazer malware family, in StellarParticle campaigns for over two years. Researchers have provided detailed information regarding the latest TTPs observed in cyberattacks and sugge ... Read MoreCyware Alerts - Hacker News
February 09, 2022 – Criminals
U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack Full Text
Abstract
The U.S. Justice Department (DoJ) on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "stolen funds through a labyrinth of cryptocurrency transactions," with the law enforcement getting hold of over $3.6 billion in cryptocurrency by following the money trails, resulting in the "largest financial seizure ever." "Bitfinex will work with the DoJ and follow appropriate legal processes to establish our rights to a return of the stolen bitcoin," the company said in a statement, adding "We have been cooperating extensively with the DoJ since its investigation began and will continue to do so." The laundering scheme involved moving proceeds of 119,754 bitcoin (BTC) from Bitfinex by initiatingThe Hacker News
February 9, 2022 – Government
CISA warns to address SAP ICMAD flaw immediately Full Text
Abstract
The US CISA warns to address a severe security vulnerability dubbed ICMAD impacting SAP business apps using ICM.. Internet Communication Manager Advanced Desync (ICMAD) is a memory pipes (MPI) desynchronization vulnerability tracked as CVE-2022-22536....Security Affairs
February 9, 2022 – Education
3 Tips for Facing the Harsh Truths of Cybersecurity in 2022, Part I Full Text
Abstract
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.Threatpost
February 09, 2022 – Attack
Wave of MageCart attacks target hundreds of outdated Magento sites Full Text
Abstract
Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them.BleepingComputer
February 9, 2022 – Vulnerabilities
Zerodium Offers Huge Money for Zero-day Exploits Full Text
Abstract
Premium exploits acquisition platform Zerodium rolled out an offer of $400,000 in bounty rewards to anyone who reports an RCE zero-day vulnerability in Outlook. It is reportedly a temporary offer. It is offering up to $200,000 for exploits leading to remote code execution in Mozilla Thunderbird.&nb ... Read MoreCyware Alerts - Hacker News
February 09, 2022 – Education
Guide: Alert Overload and Handling for Lean IT Security Teams Full Text
Abstract
Alarming research reveals the stress and strains the average cybersecurity team experiences on a daily basis. As many as 70% of teams report feeling emotionally overwhelmed by security alerts. Those alerts come at such high volume, high velocity, and high intensity that they become an extreme source of stress. So extreme, in fact, that people's home lives are negatively affected. Alert overload is bad for those who work in cybersecurity. But it's even worse for everyone who depends on cybersecurity. This is a gigantic issue in the industry, yet few people even acknowledge it, let alone deal with it. Cynet aims to correct that in this guide ( download here ), starting by shining a light on the cause of the problem and the full extent of its consequences and then offering a few ways lean security teams can pull their analysts out of the ocean of false positives and get them back to shore. It includes tips on how to reduce alerts using automation and shares guidance for organThe Hacker News
February 9, 2022 – Ransomware
Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online Full Text
Abstract
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums. The master decryption keys for the Maze, Egregor, and Sekhmet ransomware families were released on the BleepingComputer...Security Affairs
February 09, 2022 – Government
CISA warns admins to patch maximum severity SAP vulnerability Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM).BleepingComputer
February 9, 2022 – Vulnerabilities
Siemens, Schneider Electric Address Nearly 50 ICS Vulnerabilities Full Text
Abstract
Industrial equipment giants Siemens and Schneider Electric released a total of 15 advisories on Tuesday to address nearly 50 vulnerabilities discovered in their products.Security Week
February 09, 2022 – Attack
Iranian Hackers Using New Marlin Backdoor in ‘Out to Sea’ Espionage Campaign Full Text
Abstract
An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed "Out to Sea" — to a threat actor called OilRig (aka APT34), while also conclusively connecting its activities to a second Iranian group tracked under the name Lyceum (Hexane aka SiameseKitten ). "Victims of the campaign include diplomatic organizations, technology companies, and medical organizations in Israel, Tunisia, and the United Arab Emirates," ESET noted in its T3 2021 Threat Report shared with The Hacker News. Active since at least 2014, the hacking group is known to strike Middle Eastern governments and a variety of business verticals, including chemical, energy, financial, and telecommunications. In April 2021, the actor targeted a Lebanese entity with an implant calledThe Hacker News
February 9, 2022 – Vulnerabilities
Microsoft February 2022 Patch Tuesday security updates fix a zero-day Full Text
Abstract
Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products including Microsoft Windows and Windows...Security Affairs
February 09, 2022 – Ransomware
Ransomware dev releases Egregor, Maze master decryption keys Full Text
Abstract
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums by the alleged malware developer.BleepingComputer
February 9, 2022 – Business
Vulnerability Remediation Platform Vicarius Raises $24 Million Full Text
Abstract
The New York-based company’s cloud-first, integrated platform – called Topia – helps organizations identify, prioritize and address software vulnerabilities before hackers can exploit them.Security Week
February 09, 2022 – APT
Russian APT Hackers Used COVID-19 Lures to Target European Diplomats Full Text
Abstract
The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET's T3 2021 Threat Report shared with The Hacker News, the intrusions paved the way for the deployment of Cobalt Strike Beacon on compromised systems, followed by leveraging the foothold to drop additional malware for gathering information about the hosts and other machines in the same network. Also tracked under the names The Dukes, Cozy Bear, and Nobelium, the advanced persistent threat group is an infamous cyber-espionage group that has been active for more than a decade, with its attacks targeting Europe and the U.S., before it gained widespread attention for the supply‐chain compromise of SolarWinds, leading to further infections in several downstream entities, including U.S. government agencies in 2020. The spear-phishing attacks commenced with a COVIThe Hacker News
February 9, 2022 – Vulnerabilities
Google February 2022 Android security updates fix remote escalation bug Full Text
Abstract
Google February 2022 Android security updates address two critical flaws, including a remote escalation of privilege. Google has released the February 2022 Android security updates that address two critical vulnerabilities, one of them is a remote...Security Affairs
February 09, 2022 – Policy and Law
Meta and Chime sue Nigerians behind Facebook, Instagram phishing Full Text
Abstract
Meta (formerly known as Facebook) has filed a joint lawsuit with Chime, a financial technology and digital banking company, against two Nigerian individuals who allegedly used Instagram and Facebook accounts to impersonate Chime and target its users in phishing attacks.BleepingComputer
February 9, 2022 – Government
FBI Received 1,600 SIM Swapping Complaints in 2021 Full Text
Abstract
The Federal Bureau of Investigation (FBI) this week announced that between 2018 and 2021 its Internet Crime Complaint Center (IC3) received more than 1,900 complaints related to SIM swapping.Security Week
February 9, 2022 – Attack
The Pirate Bay clones target millions of users with malware and malicious ads Full Text
Abstract
CyberNews researchers discovered five clones of The Pirate Bay serving malicious ads to more than seven million users each month. Original Post @ https://cybernews.com/security/the-pirate-bay-clones-target-millions-of-users-with-malware-and-malicious-ads/ CyberNews...Security Affairs
February 09, 2022 – Malware
Fake Windows 11 upgrade installers infect you with RedLine malware Full Text
Abstract
Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware.BleepingComputer
February 9, 2022 – General
Brute-forcing passwords, ProxyLogon exploits were some of 2021’s most popular attack methods Full Text
Abstract
Brute-force and automated password guessing, such as through dictionary-based attacks, were the most frequent attack vectors detected according to telemetry collected by ESET.ZDNet
February 09, 2022 – Government
FBI warns of criminals escalating SIM swap attacks to steal millions Full Text
Abstract
The Federal Bureau of Investigation (FBI) says criminals have escalated SIM swap attacks to steal millions by hijacking victims' phone numbers.BleepingComputer
February 9, 2022 – Policy and Law
Chinese telecom Hytera charged for allegedly recruiting Motorola employees to steal trade secrets Full Text
Abstract
The DoJ said that Hytera Communications Corp "recruited and hired Motorola Solutions employees and directed them to take proprietary and trade secret information from Motorola without authorization."ZDNet
February 09, 2022 – Attack
Molerats hackers deploy new malware in highly evasive campaign Full Text
Abstract
The Palestinian-aligned APT group tracked as TA402 (aka Molerats) was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites.BleepingComputer
February 8, 2022 – Attack
China Suspected of News Corp Cyberespionage Attack Full Text
Abstract
Attackers infiltrated the media giant’s network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC.Threatpost
February 08, 2022 – Vulnerabilities
Microsoft and Other Major Software Firms Release February 2022 Patch Updates Full Text
Abstract
Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated Important and one is rated Moderate in severity, making it one of the rare Patch Tuesday updates without any fixes for Critical-rated vulnerabilities. This is also in addition to 19 more flaws the company addressed in its Chromium-based Edge browser. None of the security vulnerabilities are listed as under active exploit, while of the flaws — CVE-2022-21989 (CVSS score: 7.8) — has been classified as a publicly disclosed zero-day at the time of the release. The issue concerns a privilege escalation bug in Windows Kernel, with Microsoft warning of potential attacks exploiting the shortcoming. "Successful exploitation of this vulnerability requires an attacker to take additional actionsThe Hacker News
February 08, 2022 – Vulnerabilities
Google fixes remote escalation of privileges bug on Android Full Text
Abstract
Google has released the February 2022 Android security updates, addressing two critical vulnerabilities, one being a remote escalation of privilege that requires no user interaction.BleepingComputer
February 8, 2022 – Malware
BazarBackdoor Spreads via Malicious CSV Files Full Text
Abstract
Cybercriminals have found a way to abuse text-based CSV files in a phishing campaign that pretends to be Payment Remittance Advice to install BazarBackdoor malware on users' systems. In the past two days, researchers have spotted 102 actual non-sandbox corporations, along with government victims. O ... Read MoreCyware Alerts - Hacker News
February 08, 2022 – Attack
Palestinian Hackers Use New NimbleMamba Implant in Recent Attacks Full Text
Abstract
An advanced persistent threat (APT) hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba . The intrusions leveraged a sophisticated attack chain targeting Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline, enterprise security firm Proofpoint said in a report, attributing the covert operation to a threat actor tracked as Molerats (aka TA402). Notorious for continuously updating their malware implants and their delivery methods, the APT group was most recently linked to an espionage offensive aimed at human rights activists and journalists in Palestine and Turkey, while a previous attack exposed in June 2021 resulted in the deployment of a backdoor called LastConn . But the lull in the activities has been offset by the operators actively working to retool their arsenal, resulting in the development of NimbleMamba, which is desiThe Hacker News
February 8, 2022 – Policy and Law
Justice Department Charges Individuals for Attempting to Launder Billions in Stolen Bitcoin Full Text
Abstract
On Feb. 8, the Department of Justice released a criminal complaint against two individuals for an alleged conspiracy to launder billions of dollars in cryptocurrency. The Justice Department charged Ilya Lichtenstein and Heather Morgan with conspiring to commit money laundering and conspiring to defraud the United States.Lawfare
February 8, 2022 – General
Defending Fire: A Need for Policy to Protect the Security of Open Source Full Text
Abstract
The security of open-source development tools and infrastructure must be made a priority by federal cybersecurity policymakers.Lawfare
February 8, 2022 – Cryptocurrency
US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack Full Text
Abstract
The law enforcement seized $3.6 billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. Law enforcement Ilya Lichtenstein (34) and his wife, Heather Morgan (31), were arrested for alleged conspiracy to launder...Security Affairs
February 08, 2022 – Hacker
Kimsuki hackers use commodity RATs with custom Gold Dragon malware Full Text
Abstract
South Korean researchers have spotted a new wave of activity from the Kimsuky hacking group, involving commodity open-source remote access tools dropped with their custom backdoor, Gold Dragon.BleepingComputer
February 8, 2022 – Attack
Gamaredon Responsible for Attacks on Ukraine Since 2021 Full Text
Abstract
Microsoft shared new information on Gamaredon, also known as ACTINIUM, which has been responsible for a plethora of spear-phishing attacks against Ukrainian organizations since October 2021. One of the techniques used by Gamaredon was sending spear-phishing emails containing malicious macro as atta ... Read MoreCyware Alerts - Hacker News
February 08, 2022 – Malware
Several Malware Families Using Pay-Per-Install Service to Expand Their Targets Full Text
Abstract
A detailed examination of a Pay-per-install (PPI) malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader , RedLine Stealer , Vidar , Raccoon , and GCleaner since at least May 2021. Loaders are malicious programs used for loading additional executables onto the infected machine. With PPI malware services such as PrivateLoader, malware operators pay the service owners to get their payloads "installed" based on the targets provided. "The accessibility and moderate costs allow malware operators to leverage these services as another weapon for rapid, bulk and geo-targeted malware infections," cybersecurity firm Intel 471 said in a new report shared with The Hacker News. PrivateLoader, written in the C++ programming language, is designed to retrieve URLs for the malicious payloads to be deployed on the infected host, with the distribution primarily relying on a network of bait websitesThe Hacker News
February 8, 2022 – Attack
Vodafone Portugal hit by a massive cyberattack Full Text
Abstract
A cyberattack hit Vodafone Portugal causing severe outages in the country of its communication and television services. Vodafone Portugal suffered a major cyberattack that caused service outages in the country, media reported the temporary disruption...Security Affairs
February 08, 2022 – Vulnerabilities
Microsoft February 2022 Patch Tuesday fixes 48 flaws, 1 zero-day Full Text
Abstract
Today is Microsoft's February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws.BleepingComputer
February 8, 2022 – Phishing
Roaming Mantis Operators Use Fake SMS Messages to Lure European Targets Full Text
Abstract
Researchers have detected new activity of Roaming Mantis; attackers have modified the Android trojan Wroba to target Android and iPhone users in Germany and France to steal credentials. Germany and French officials have alerted users about smishing messages with package notifications and compromise ... Read MoreCyware Alerts - Hacker News
February 08, 2022 – Malware
‘Roaming Mantis’ Android Malware Targeting Europeans via Smishing Campaigns Full Text
Abstract
A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time. Dubbed Roaming Mantis , the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android users are infected with a banking trojan known as Wroba whereas iPhone users are redirected to a phishing page that masquerades as the official Apple website. The top affected countries, based on telemetry data gathered by Kaspersky between July 2021 and January 2022, are France, Japan, India, China, Germany, and Korea. Also tracked under the names MoqHao and XLoader (not to be confused with the info-stealer malware of the same name targeting Windows and macOS ), the group's activity has continued to expand geographically even as the operators broadened their attack methods to mThe Hacker News
February 8, 2022 – Breach
Data of +6K Puma employees stolen in December Kronos Ransomware attack Full Text
Abstract
Data belonging to 6,632 Puma employees was stolen in a December 2021 ransomware attack that hit Ultimate Kronos Group (UKG). Data of 6,632 Puma employees was stolen in a ransomware attack that hit HR management platform Ultimate Kronos Group (UKG)...Security Affairs
February 08, 2022 – Criminals
US seizes $3.6 billion stolen in 2016 Bitfinex cryptoexchange hack Full Text
Abstract
The US Department of Justice announced that law enforcement seized billions worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack.BleepingComputer
February 8, 2022 – APT
Chinese APT Actor Stayed Hidden for 250 Days Full Text
Abstract
The xPack backdoor allowed the threat actors to remotely run WMI commands, interact with SMB shares to transfer files, and browse the web by using the backdoor as a proxy to hide their IP addresses.Cyware Alerts - Hacker News
February 08, 2022 – Malware
Medusa Android Banking Trojan Spreading Through Flubot’s Attacks Network Full Text
Abstract
Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric. The ongoing side-by-side infections, facilitated through the same smishing (SMS phishing) infrastructure, involved the overlapping usage of "app names, package names, and similar icons," the Dutch mobile security firm said. Medusa, first discovered targeting Turkish financial organizations in July 2020, has undergone several iterations, chief among which is the ability to abuse accessibility permissions in Android to siphon funds from banking apps to an account controlled by the attacker. "Medusa sports other dangerous features like keylogging, accessibility event logging, and audio and video streaming — all these capabilities provide actors with almost full access to [a] victim's device," the researchers said . The malware-ridden apps used in conjunction with FluThe Hacker News
February 8, 2022 – Criminals
Russian police arrested six people involved in the theft and selling of stolen credit cards Full Text
Abstract
Russian police arrested six people individuals, allegedly members of a crime ring involved in the theft and selling of stolen credit cards. Another success of Russian police that arrested six people allegedly members of a crime gang involved in the theft...Security Affairs
February 08, 2022 – Vulnerabilities
Mozilla fixes Firefox bug letting you get Windows admin privileges Full Text
Abstract
Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service.BleepingComputer
February 8, 2022 – Malware
The Growing Menace of Malicious npm Packages Full Text
Abstract
Researchers found 1,300 malicious npm packages that could help hackers trigger supply chain attacks and steal credentials and cryptocurrency, as well as run botnets. The report states that 57% of attacks happened during three days of the week - Friday, Saturday, and Sunday. It is recommended to ... Read MoreCyware Alerts - Hacker News
February 8, 2022 – Phishing
Roaming Mantis SMSishing campaign now targets Europe Full Text
Abstract
The Roaming Mantis SMS phishing campaign is now targeting Android and iPhone users in Europe with malicious apps and phishing pages. Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Roaming...Security Affairs
February 08, 2022 – Business
ExpressVPN offering $100,000 to first person who hacks its servers Full Text
Abstract
ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems.BleepingComputer
February 8, 2022 – Government
FBI Issued Flash Alert on LockBit Ransomware Full Text
Abstract
The FBI released an alert containing technical details and IOCs associated with LockBit ransomware to restrict its action whenever spotted in a victim’s network. It also asked admins and cyber teams to share attack-related data, going forward. Follow the flash alert that offers defense tips to ... Read MoreCyware Alerts - Hacker News
February 08, 2022 – Outage
Vodafone Portugal 4G and 5G services down after cyberattack Full Text
Abstract
Vodafone Portugal suffered a cyberattack causing country-wide service outages, including the disruption of 4G/5G data networks, SMS texts, and television services.BleepingComputer
February 8, 2022 – Malware
PrivateLoader Used to Deploy Smokeloader, Redline, and Vidar Malware Full Text
Abstract
An examination of a pay-per-install loader called PrivateLoader has highlighted its place in the deployment of popular malware strains including Smokeloader, Redline, and Vidar.ZDNet
February 08, 2022 – Policy and Law
NetWalker ransomware affiliate sentenced to 80 months in prison Full Text
Abstract
Sebastien Vachon-Desjardins, a Canadian man charged by the US for his involvement in NetWalker ransomware attacks, was sentenced to 6 years and 8 months in prison after pleading guilty before an Ontario judge to multiple offenses linked to attacks on 17 Canadian victims.BleepingComputer
February 8, 2022 – Solution
Microsoft Ups Office Protections With Improved Blocking of Macros Full Text
Abstract
For documents coming from unknown or untrusted sources, Microsoft blocks macros by default, but users have the option to enable them by clicking on a yellow warning at the top of the document.Security Week
February 08, 2022 – Business
Google sees 50% security boost for 150M users after 2FA enroll Full Text
Abstract
After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication (2FA), Google announced that an additional 150 million users now have 2FA enabled.BleepingComputer
February 8, 2022 – Vulnerabilities
Android’s February 2022 Security Updates Patch 36 Vulnerabilities Full Text
Abstract
The first part of the update arrives on devices as the 2022-02-01 patch level and delivers fixes for 15 security holes in three components, namely Framework, Media framework, and System.Security Week
February 08, 2022 – Malware
Qbot needs only 30 minutes to steal your credentials, emails Full Text
Abstract
The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection.BleepingComputer
February 7, 2022 – Ransomware
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong Full Text
Abstract
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.Threatpost
February 7, 2022 – Malware
Roaming Mantis Expands Android Backdoor to Europe Full Text
Abstract
The ‘smishing’ group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.Threatpost
February 07, 2022 – Education
How Attack Surface Management Preempts Cyberattacks Full Text
Abstract
The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations' networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations' attack surface and led to a growing number of blind spots in connected architectures. The unforeseen results of this expanded and attack surface with fragmented monitoring has been a marked increase in the number of successful cyber-attacks, most notoriously, ransomware, but covering a range of other types of attacks as well. The main issues are unmonitored blind spots used by cyber-attackers to breach organizations' infrastructure and escalate their attack or move laterally, seeking valuable information. The problem lies in discovery. Most organizations have evolved faster than their ability to keep track of all the moving parts involved and to catch up to catalog all past and present assets is often viewed as a complex and resource-heavy task witThe Hacker News
February 07, 2022 – Business
Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks Full Text
Abstract
Microsoft on Monday said it's taking steps to disable Visual Basic for Applications (VBA) macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. "Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access," Kellie Eickmeyer said in a post announcing the move. While the company does warn users about permitting macros in Office files, unsuspecting users — e.g., recipients of phishing emails — can still be lured into enabling the feature, effectively granting the attackers the ability to gain an initial foothold into the system. As part of the new change, when a user opens an attachment or downloads from the internet an untrusted Office file containing macros, the app displays a seThe Hacker News
February 07, 2022 – Business
Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse Full Text
Abstract
Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX , based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal Windows app package format that allows developers to distribute their applications for the desktop operating system and other platforms . ms-appinstaller, specifically, is designed to help users install a Windows app by simply clicking a link on a website. But a spoofing vulnerability uncovered in Windows App Installer ( CVE-2021-43890 , CVSS score: 7.1) meant that it could be tricked into installing a rogue app that was never intended to be installed by the user via a malicious attachment used in phishing campaigns. Although Microsoft released initial patches to address this flaw as partThe Hacker News
February 07, 2022 – Criminals
Russia arrests third hacking group, reportedly seizes carding forums Full Text
Abstract
Russia arrested six people today, allegedly part of a hacking group that was involved in the theft and selling of stolen credit cards.BleepingComputer
February 07, 2022 – Breach
DPD Group parcel tracking flaw may have exposed customer data Full Text
Abstract
An unauthenticated API call vulnerability in DPD Group's package tracking system could have been exploited to access the personally identifiable details of its clients.BleepingComputer
February 7, 2022 – Criminals
Cybercriminals Using SEO Poisoning To Spread Malware Full Text
Abstract
A new SEO poisoning campaign drops Batloader and Atera Agent malware targeting users attempting to download productivity tools, such as Zoom, Visual Studio, and TeamViewer. The researchers claim that some techniques used in the campaigns match with those in the Conti playbooks. It is suggested to c ... Read MoreCyware Alerts - Hacker News
February 07, 2022 – Malware
New CapraRAT Android Malware Targets Indian Government and Military Personnel Full Text
Abstract
A politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high "degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth Karkaddan, a threat actor that's also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe. The first concrete signs of APT36's existence appeared in 2016 as the group began distributing information-stealing malware through phishing emails with malicious PDF attachments targeting Indian military and government personnel. The group is believed to be of Pakistani origin and operational since at least 2013. The threat actor is also known to be consistent in its modus operandi, with the attacks predominantly banking oThe Hacker News
February 7, 2022 – Policy and Law
When Platforms Do the State’s Bidding, Who Is Accountable? Not the Government, Says Israel’s Supreme Court Full Text
Abstract
The Adalah ruling highlights an unresolved tension between widely held goals for restricting online content and the constitutionally permissible means available to achieve them.Lawfare
February 7, 2022 – Solution
Avast released a free decryptor for TargetCompany ransomware Full Text
Abstract
Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware...Security Affairs
February 7, 2022 – Privacy
QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug Full Text
Abstract
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.Threatpost
February 07, 2022 – Criminals
Russia arrests third hacking group, seizes carding forums Full Text
Abstract
Russia arrested six people today, allegedly part of a hacking group that was involved in the theft and selling of stolen credit cards.BleepingComputer
February 7, 2022 – APT
MuddyWater APT Associated with Recent Attacks on Turkey Full Text
Abstract
Iranian MuddyWater APT has reportedly launched fresh attacks targeting the users in the Turkish government and other private organizations in the country. Hackers lure victims via maldocs that masquerade as genuine documents from the Turkish Health and Interior Ministries. Targeted organizatio ... Read MoreCyware Alerts - Hacker News
February 07, 2022 – Breach
Hackers Backdoored Systems at China’s National Games Just Before Competition Full Text
Abstract
Systems hosting content pertaining to the National Games of China were successfully breached last year by an unnamed Chinese-language-speaking hacking group. Cybersecurity firm Avast, which dissected the intrusion, said that the attackers gained access to a web server 12 days prior to the start of the event on September 3 to drop multiple reverse web shells for remote access and achieve permanent foothold in the network. The National Games of China , a multi-sport event held every four years, took place in the Shaanxi Province between September 15 and 27, 2021. The Czech company said it was unable to determine the nature of the information stolen by the hackers, adding it has "reason to believe [the attackers] are either native Chinese-language speakers or show high fluency in Chinese." The breach is said to have been resolved ahead of the start of the games. The initial access was facilitated by exploiting a vulnerability in the webserver. But before dropping the weThe Hacker News
February 7, 2022 – Vulnerabilities
Microsoft disables the ms-appinstaller protocol because it was abused to spread malware Full Text
Abstract
Microsoft temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. Microsoft announced to have temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware,...Security Affairs
February 07, 2022 – Breach
Puma hit by data breach after Kronos ransomware attack Full Text
Abstract
Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021.BleepingComputer
February 7, 2022 – Ransomware
Newly Found Sugar Ransomware is Now Being Offered as RaaS Full Text
Abstract
The cyber threat team at retail giant Walmart has uncovered the new ransomware family Sugar, which is now being made available to cybercriminals as a Ransomware-as-a-Service (RaaS).Cyware Alerts - Hacker News
February 07, 2022 – IOT
IoT/connected Device Discovery and Security Auditing in Corporate Networks Full Text
Abstract
Today's enterprise networks are complex environments with different types of wired and wireless devices being connected and disconnected. The current device discovery solutions have been mainly focused on identifying and monitoring servers, workstation PCs, laptops and infrastructure devices such as network firewalls, switches and routers, because the most valuable information assets of organizations are being stored, processed and transferred over those devices, hence making them the prime target of security breaches and intrusions. However, a new trend has been emerging in the past four years, where attackers have been targeting purpose-built connected devices such as network printers and video conferencing systems as an entry point and data exfiltration route. These devices cannot be identified properly by the current IT asset discovery solutions for the following main reasons: Proprietary protocols are often used for managing and monitoring such devices that are not knowThe Hacker News
February 7, 2022 – Business
US Telecom providers requested $5.6B to replace Chinese equipment Full Text
Abstract
The Federal Communications Commission (FCC) says that small telecom providers have requested $5.6 billion to replace Chinese gear. The U.S. government has requested telecom providers to replace Chinese equipment in their networks due to security issues...Security Affairs
February 07, 2022 – Malware
Microsoft plans to kill malware delivery via Office macros Full Text
Abstract
Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular distribution method for malware.BleepingComputer
February 7, 2022 – APT
APT27 Group Targets German Organizations with HyperBro Full Text
Abstract
Researchers warned against ongoing attacks by China-backed APT27 hacking group that has been targeting commercial organizations in Germany. The goal of the campaign seems to be stealing sensitive information and targeting victims' customers in supply chain attacks. The intelligence agen ... Read MoreCyware Alerts - Hacker News
February 7, 2022 – Breach
Hackers breached a server of National Games of China days before the event Full Text
Abstract
An unnamed Chinese-language-speaking hacking group compromised systems at National Games of China in 2021. Researchers at cybersecurity firm Avast discovered that a Chinese-language-speaking threat actor has compromised systems at National Games of China...Security Affairs
February 07, 2022 – Solution
Free decryptor released for TargetCompany ransomware victims Full Text
Abstract
Czech cybersecurity software firm Avast has released a decryption utility to help TargetCompany ransomware victims recover their files for free.BleepingComputer
February 7, 2022 – General
UN Experts: North Korea Stealing Millions in Cyber Attacks Full Text
Abstract
Cyber-actors stole more than $50 million between 2020 and mid-2021 from at least three cryptocurrency exchanges in North America, Europe, and Asia, the panel of U.N. experts noted.Security Week
February 7, 2022 – APT
Russian Gamaredon APT is targeting Ukraine since October Full Text
Abstract
Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. Russia-linked cyberespionage group Gamaredon (aka Armageddon, Primitive Bear, and ACTINIUM) is behind the spear-phishing...Security Affairs
February 07, 2022 – Cryptocurrency
Google Cloud hypervisor modified to detect cryptominers without agents Full Text
Abstract
Google has announced the public preview of a new Virtual Machine Threat Detection (VMTD) system that can detect cryptocurrency miners and other malware without the need for software agents.BleepingComputer
February 7, 2022 – Criminals
Ransomware groups and APT actors laser-focused on financial services Full Text
Abstract
Despite a community reckoning to ban ransomware activity from online forums, hacker groups used alternate personas to proliferate the use of ransomware against an increasing spectrum of sectorsHelp Net Security
February 07, 2022 – Phishing
Medusa malware ramps up Android SMS phishing attacks Full Text
Abstract
The Medusa Android banking Trojan is seeing increased infection rates as it targets more geographic regions to steal online credentials and perform financial fraud.BleepingComputer
February 7, 2022 – Breach
$4.4 Million Stolen in Attack on Meter Network and Moonriver Network Full Text
Abstract
Blockchain research company PeckShield confirmed that 1391 ETH and 2.74 BTC were stolen during the incident. The Meter network, as well as the Moonriver network, were affected by the hack.ZDNet
February 07, 2022 – Attack
Roaming Mantis Android malware campaign sets sights on Europe Full Text
Abstract
The Roaming Mantis SMS phishing campaign has finally reached Europe, as researchers detect campaigns targeting Android and iPhone users in Germany and France with malicious apps and phishing pages.BleepingComputer
February 7, 2022 – Attack
Gamaredon Targets Ukraine with New Payloads Full Text
Abstract
Symantec experts disclosed that the Russia-linked Gamaredon deployed eight custom malware samples against Ukrainian targets in the attacks that began last year in July. These files launch a VBS file that eventually drops a well-documented backdoor, known as Pteranodon. Organizations are suggested t ... Read MoreCyware Alerts - Hacker News
February 06, 2022 – Government
CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882 (CVSS score: 7.0) to the Known Exploited Vulnerabilities Catalog , necessitating that Federal Civilian Executive Branch (FCEB) agencies patch all systems against this vulnerability by February 18, 2022. "These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise," CISA said in an advisory published last week. CVE-2022-21882 , which has been tagged with an "Exploitation More Likely" exploitability index assessment, concerns a case of elevation of privilege vulnerability affecting the Win32k component. The bug was addressed by Microsoft as part of its January 2022 Patch TuThe Hacker News
February 06, 2022 – Criminals
Law enforcement action push ransomware gangs to surgical attacks Full Text
Abstract
The numerous law enforcement operations leading to the arrests and takedown of ransomware operations in 2021 have forced threat actors to narrow their targeting scope and maximize the efficiency of their operations.BleepingComputer
February 6, 2022 – Business
Israeli surveillance firm QuaDream emerges from the dark Full Text
Abstract
One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group...Security Affairs
February 6, 2022 – Vulnerabilities
Argo CD flaw could allow stealing sensitive data from Kubernetes Apps Full Text
Abstract
A flaw in Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps. A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive...Security Affairs
February 6, 2022 – General
Security Affairs newsletter Round 352 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
February 05, 2022 – Breach
Washington state agency says data of hundreds of thousands of professionals may have been breached Full Text
Abstract
The Washington State Department of Licensing (DOL) announced Friday that it had detected irregular activity on one of its online systems last month and that the personal data of professional licensees may have been breached.The Hill
February 05, 2022 – Ransomware
BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs Full Text
Abstract
The Black Cat ransomware gang, also known as ALPHV, has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation.BleepingComputer
February 05, 2022 – Government
FBI shares Lockbit ransomware technical details, defense tips Full Text
Abstract
The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with Lockbit ransomware attacks in a new flash alert published this Friday.BleepingComputer
February 5, 2022 – Criminals
LockBit ransomware gang claims to have stolen data from PayBito crypto exchange Full Text
Abstract
LockBit ransomware gang claims to have stolen customers' data from the PayBito crypto exchange. PayBito is a bitcoin and cryptocurrency exchange for major cryptocurrencies including Bitcoin Cash, Bitcoin, Ethereum, HCX, Litecoin, Ethereum Classic....Security Affairs
February 5, 2022 – Government
FBI issued a flash alert on Lockbit ransomware operation Full Text
Abstract
The FBI released a flash alert containing technical details associated with the LockBit ransomware operation. The Federal Bureau of Investigation (FBI) has issued a flash alert containing technical details and indicators of compromise associated with...Security Affairs
February 5, 2022 – Government
CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw Full Text
Abstract
US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively...Security Affairs
February 04, 2022 – Ransomware
The Week in Ransomware - February 4th 2022 - Critical Infrastructure Full Text
Abstract
Critical infrastructure suffered ransomware attacks, with threat actors targeting an oil petrol distributor and oil terminals in major ports in different attacks.BleepingComputer
February 4, 2022 – Attack
Ransomware attack hit Swissport International causing delays in flights Full Text
Abstract
Swissport International was hit by a ransomware attack that had a severe impact on its operations causing flights to suffer delays. The company said via Twitter that the attack has been largely contained.Security Affairs
February 04, 2022 – General
Hillicon Valley — Presented by Cisco — Amazon gears up for second union vote Full Text
Abstract
Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 04, 2022 – Hacker
Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware Full Text
Abstract
A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters , citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into iPhones [and] compromise Apple phones without an owner needing to open a malicious link." The zero-click exploit in question is FORCEDENTRY , a flaw in iMessage that could be leveraged to circumvent iOS security protections and install spyware that allowed attackers to scoop up a wealth of information such as contacts, emails, files, messages, and photos, as well as access to the phone's camera and microphone. QuaDream's spyware, named REIGN , functions in a manner similar to NSO Group's Pegasus, granting its users full control of the device. Apple addressedThe Hacker News
February 4, 2022 – Attack
Over 500,000 people were impacted by a ransomware attack that hit Morley Full Text
Abstract
Business services firm Morley was hit by a ransomware attack that may have exposed data of +500,000 individuals. Business services company Morley was victim of a ransomware attack that may have resulted in a data breach impacting more than 500,000...Security Affairs
February 4, 2022 – Vulnerabilities
‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet Full Text
Abstract
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next.Threatpost
February 04, 2022 – Vulnerabilities
Microsoft disables MSIX protocol handler abused in Emotet attacks Full Text
Abstract
Microsoft has disabled the MSIX ms-appinstaller protocol handler exploited in malware attacks to install malicious apps directly from a website via a Windows AppX Installer spoofing vulnerability.BleepingComputer
February 4, 2022 – Government
US Federal Government Creates Cybersecurity Incident Review Board Full Text
Abstract
The Department of Homeland Security has announced a new Cyber Safety Review Board bringing together cybersecurity experts from public and private organizations to “review and assess significant cybersecurity events.”IT Security Guru
February 04, 2022 – Attack
News Corp hit by cyberattack with suspected link to China Full Text
Abstract
The media company News Corp. said Friday it was the victim of a cyberattack likely to benefit the Chinese government, and that the intrusion targeted its businesses including the New York Post, Dow Jones and others.The Hill
February 04, 2022 – Policy and Law
U.S. Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans Full Text
Abstract
A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged Manu Chawla, Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, Dinesh Manohar Sachdev, Gaje Singh Rathore, Sanket Modi, Rajiv Solanki and their respective call centers for conspiring with previously indicted VoIP provider E Sampark and its director, Guarav Gupta, to forward the calls to U.S. citizens. "Criminal India-based call centers defraud U.S. residents, including the elderly, by misleading victims over the telephone utilizing scams such as Social Security and IRS impersonation as well as loan fraud," the U.S. Justice Department said in a release. According to the November 2020 indictment issued against E Sampark and Gupta, the calls from India-based phone scammers led to reported losses of over $20 million from May 2015 to June 2020, with the cThe Hacker News
February 4, 2022 – Attack
Ransomware attack hit Swissport International causing delays in flights Full Text
Abstract
Aviation services company Swissport International was hit by a ransomware attack that impacted its operations. Swissport International Ltd. is an aviation services company providing airport ground,lounge hospitality and cargo handling services owned...Security Affairs
February 04, 2022 – Hacker
Microsoft: Russian FSB hackers hitting Ukraine since October Full Text
Abstract
Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021.BleepingComputer
February 4, 2022 – Attack
How attackers got access to the systems of the National Games of China Full Text
Abstract
In early September 2021, Avast threat researcher David Álvarez found a malware sample with a suspicious file extension and a report submitted by the National Games IT team to VirusTotal on an attack against a server associated with the Games.Avast
February 04, 2022 – Hacker
Russian Gamaredon Hackers Targeted ‘Western Government Entity’ in Ukraine Full Text
Abstract
The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "mapped out three large clusters of their infrastructure used to support different phishing and malware purposes." The threat actor, also known as Shuckworm, Armageddon, or Primitive Bear, has historically focused its offensive cyber attacks against Ukrainian government officials and organizations since 2013. Last year, Ukraine disclosed the collective's ties to Russia's Federal Security Service (FSB). To carry out the phishing attack, the operators behind the campaign leveraged a job search and employment platform within the country as a conduit to upload their malware downloader in the form of a resThe Hacker News
February 4, 2022 – Attack
A nation-state actor hacked media and publishing giant News Corp Full Text
Abstract
American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor. American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat...Security Affairs
February 04, 2022 – Ransomware
A look at the new Sugar ransomware demanding low ransoms Full Text
Abstract
A new Sugar Ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands.BleepingComputer
February 4, 2022 – Phishing
AsyncRAT Operators Adopt New Evasive Delivery Technique Full Text
Abstract
Morphisec identified a new sophisticated campaign using a phishing tactic with an HTML attachment to deliver AsyncRAT for around five months. Moreover, the malware campaign has one of the lowest detection rates, according to VirusTotal. This calls upon the organizations to regularly audit and upgra ... Read MoreCyware Alerts - Hacker News
February 04, 2022 – Education
Cynet Log4Shell Webinar: A Thorough - And Clear - Explanation Full Text
Abstract
Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful and instructive for security practitioners to have a deeper understanding of this most recent critical vulnerability. Fortunately, Cynet Senior Security Researcher Igor Lahav is hosting a webinar [ Register here ] to provide "buzzword free" insights into Log4Shell. Based on a webinar preview provided by Cynet, the discussion will cover the software bugs in Apache Log4j that permitted the critical vulnerability, the exploits used to take advantage of the vulnerabilities and the remediation options available to protect your organization. This webinar will help make sense of the soThe Hacker News
February 4, 2022 – Skimming
Retail giant Target open sources Merry Maker e-skimmer detection tool Full Text
Abstract
Retail giant Target is going to open-source an internal tool, dubbed Merry Maker, designed to detect e-skimming attacks. Retail giant Target announced the release in open-source of an internal tool, dubbed Merry Maker, designed to detect e-skimming...Security Affairs
February 04, 2022 – Government
CISA orders federal agencies to patch actively exploited Windows bug Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges.BleepingComputer
February 4, 2022 – Attack
Airport Services Firm Faces Cyberattack Resulting in Flight Delays Due to Impact on IT Infrastructure Full Text
Abstract
Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said its IT infrastructure was targeted by the ransomware attack.ZDNet
February 4, 2022 – APT
Russia-linked Gamaredon APT targeted a western government entity in Ukraine Full Text
Abstract
The Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity in Ukraine. Palo Alto Networks' Unit 42 reported that the Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity...Security Affairs
February 04, 2022 – Phishing
US indicts multiple call centers for IRS, Social Security scams Full Text
Abstract
The U.S. Department of Justice has announced the indictment of several India-based call centers and their directors for targeting Americans with Social Security, IRS, and loan phone call scams.BleepingComputer
February 4, 2022 – Attack
Millions of Android Users Targeted by Dark Herring Full Text
Abstract
Experts exposed Dark Herring subscription fraud campaign that infected 105 million devices worldwide via 500 malicious apps to steal hundreds of millions of dollars from unsuspecting users. The names of some malicious apps are Smashex, Upgradem, Stream HD, Vidly Vibe, and Cast It. This indicat ... Read MoreCyware Alerts - Hacker News
February 4, 2022 – Vulnerabilities
Zimbra zero-day vulnerability actively exploited by an alleged Chinese threat actor Full Text
Abstract
An alleged Chinese threat actor is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform. An alleged Chinese threat actor, tracked as TEMP_Heretic, is actively attempting to exploit a zero-day XSS vulnerability...Security Affairs
February 04, 2022 – Attack
HHS: Conti ransomware encrypted 80% of Ireland’s HSE IT systems Full Text
Abstract
A threat brief published by the US Department of Health and Human Services (HHS) on Thursday paints a grim picture of how Ireland's health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year's Conti ransomware attack.BleepingComputer
February 4, 2022 – Criminals
Distrust, feuds building among ransomware groups Full Text
Abstract
In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model.Tech Target
February 4, 2022 – Phishing
Microsoft blocked tens of billions of brute-force and phishing attacks in 2021 Full Text
Abstract
Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of brute-force and phishing attacks last year. Microsoft revealed that Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions...Security Affairs
February 04, 2022 – Breach
Argo CD vulnerability leaks sensitive info from Kubernetes apps Full Text
Abstract
A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys.BleepingComputer
February 04, 2022 – Outage
Swissport ransomware attack delays flights, disrupts operations Full Text
Abstract
Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays.BleepingComputer
February 04, 2022 – Attack
News Corp discloses hack from “persistent” nation state cyber attacks Full Text
Abstract
American media and publishing giant News Corp has disclosed today that it was the target of a "persistent" cyberattack. The attack discovered sometime this January, reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists.BleepingComputer
February 04, 2022 – Cryptocurrency
Wormhole restores stolen $326 million after major crypto bailout Full Text
Abstract
Cryptocurrency platform Wormhole has recovered upwards of $326 million stolen in this week's crypto hack, thanks to a major bailout.BleepingComputer
February 3, 2022 – Attack
Kronos Still Dragging Itself Back From Ransomware Hell Full Text
Abstract
And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more.Threatpost
February 3, 2022 – Vulnerabilities
PowerPoint Files Abused to Take Over Computers Full Text
Abstract
Attackers are using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines.Threatpost
February 03, 2022 – Government
CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an Industrial Controls Systems Advisory (ICSA) warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service (DoS) condition, and obtain sensitive information. "Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa's AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices," CISA said in the alert. The seven flaws, which were discovered and reported to CISA by industrial cybersecurity company Claroty, affect the following products — Mimosa Management Platform ( MMP ) running versions prior to v1.0.3 Point-to-Point ( PTP ) C5c and C5x running versions prior to v2.8.6.1, and Point-to-Multipoint (The Hacker News
February 03, 2022 – Vulnerabilities
Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users Full Text
Abstract
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed " EmailThief " — was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting (XSS) vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session. Volexity attributed the intrusions, which started on December 14, 2021, to a previously undocumented hacking group it's tracking under the moniker TEMP_HERETIC, with the assaults aimed at European government and media entities. The zero-day bug impacts the most recent open-source edition of Zimbra running version 8.8.15 . The attacks are believed to have occurred in two phases; the first stage aimed at reconnaissance and distributThe Hacker News
February 03, 2022 – Vulnerabilities
Zimbra zero-day vulnerability actively exploited to steal emails Full Text
Abstract
A cross-site scripting (XSS) Zimbra security vulnerability is actively exploited in attacks targeting European media and government organizations.BleepingComputer
February 3, 2022 – Malware
MacOS Malware UpdateAgent Grows Increasingly Malicious Full Text
Abstract
The macOS malware, dubbed UpdateAgent, was found propagating for almost 14 months. It started circulating around November or December 2020 as a basic infostealer.Cyware Alerts - Hacker News
February 03, 2022 – Vulnerabilities
Critical Flaws Discovered in Cisco Small Business RV Series Routers Full Text
Abstract
Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers. Additionally, the flaws could be exploited to bypass authentication and authorization protections, retrieve and run unsigned software, and even cause denial-of-service (DoS) conditions. The networking equipment maker acknowledged that it's "aware that proof-of-concept exploit code is available for several of the vulnerabilities" but didn't share any further specifics on the nature of the exploit or the identity of the threat actors that may be exploiting them. CVE-2022-20699The Hacker News
February 3, 2022 – Hacker
Exclusive interview with the Powerful Greek Army (PGA) hacker group Full Text
Abstract
Six years ago the Powerful Greek Army (PGA) appeared in the threat landscape. After a long breach the hacker collective is back. I have interviewed them in exclusive ... enjoy it! Tell me about your hacker team, which is the motivation behind the attacks? We...Security Affairs
February 3, 2022 – Cryptocurrency
Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist Full Text
Abstract
The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it’s-not-saying. Wormhole is trying to negotiate with the attacker.Threatpost
February 03, 2022 – Phishing
Intuit warns of phishing emails threatening to delete accounts Full Text
Abstract
Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended.BleepingComputer
February 3, 2022 – General
OT Data Stolen by Ransomware Gangs can Fuel Other Sophisticated Attacks, Reveals Research Full Text
Abstract
In 2021, Mandiant Threat Intelligence observed that over 1,300 organizations in the critical and industrial sectors were impacted by ransomware attacks.Cyware Alerts - Hacker News
February 03, 2022 – Attack
New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software Full Text
Abstract
An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software development tools installation' themes as SEO keywords to lure victims to a compromised website and to download a malicious installer," researchers from Mandiant said in a report published this week. In SEO poisoning attacks, adversaries artificially increase the search engine ranking of websites (genuine or otherwise) hosting their malware to make them show up on top of search results so that users searching for specific apps like TeamViewer, Visual Studio, and Zoom are infected with malware. The installer, while packing the legitimate software, is also bundled with the BATLOADER payload that's executed during the installation process. The malware then acts as aThe Hacker News
February 3, 2022 – Vulnerabilities
Cisco fixes critical flaws in its Small Business Routers Full Text
Abstract
Cisco released security patches to address multiple flaws in its Small Business RV160, RV260, RV340, and RV345 series routers. Cisco announced patches for multiple issue affecting its Small Business RV160, RV260, RV340, and RV345 series routers. Some...Security Affairs
February 03, 2022 – Vulnerabilities
Cisco fixes critical bugs in SMB routers, exploits available Full Text
Abstract
Cisco has released patches for multiple vulnerabilities in the Small Business RV Series router platform that could allow remote attackers to gain complete control over the device, in many cases, without authentication.BleepingComputer
February 3, 2022 – Botnet
BotenaGo Source Code Leaked - What does it Mean? Full Text
Abstract
AT&T experts unearthed the new BotenaGo botnet, which leaked on GitHub last year. It could target 33 exploits affecting nearly 2 million routers and IoT devices. Experts also discovered several hacking tools—from several sources—in the same GitHub repository. The leak of such ready-to-use ... Read MoreCyware Alerts - Hacker News
February 03, 2022 – Solution
How SSPM Simplifies Your SOC2 SaaS Security Posture Audit Full Text
Abstract
An accountant and a security expert walk into a bar… SOC2 is no joke. Whether you're a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public Accountant (CPA). However, customers often ask for SOC2 reports as part of their vendor due diligence process. Out of the three types of SOC reports, SOC2 is the standard to successfully pass regulatory requirements and signals high security and resilience within the organization — and is based on the American Institute of Certified Public Accountants (AICPA) attestation requirements. The purpose of this report is to evaluate an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy — over a period of time (roughly six to twelve months). As part of a SOC2 audit, iThe Hacker News
February 3, 2022 – APT
Antlion APT group used a custom backdoor that allowed them to fly under the radar for months Full Text
Abstract
A China-linked APT group tracked as Antlion used a custom backdoor called xPack that was undetected for months. A China-linked APT group tracked as Antlion is using a custom backdoor called xPack in attacks aimed at financial organizations and manufacturing...Security Affairs
February 03, 2022 – Skimming
Target open sources scanner for digital credit card skimmers Full Text
Abstract
Target, one of the largest American department store chains and e-commerce retailers, has open sourced 'Merry Maker' - its years-old proprietary scanner for payment card skimming.BleepingComputer
February 3, 2022 – Attack
Tennessee Community College Suffers Ransomware Attack Full Text
Abstract
The college’s main database and credit card payment systems were not involved, and no data from them was accessed by unauthorized users, said the board, which oversees the state’s community colleges.Security Week
February 03, 2022 – Malware
New Variant of UpdateAgent Malware Infects Mac Computers with Adware Full Text
Abstract
Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has undergone several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family " UpdateAgent ," charting its evolution from a barebones information stealer to a second-stage payload distributor as part of multiple attack waves observed in 2021. "The latest campaign saw the malware installing the evasive and persistent Adload adware, but UpdateAgent's ability to gain access to a device can theoretically be further leveraged to fetch other, potentially more dangerous payloads," the researchers said . The actively in-development malware is said to be propagated via drive-by downloads or advertisement pop-ups that masquerade as legitimate software like video applications and support agentsThe Hacker News
February 3, 2022 – Attack
Oil terminals in Europe’s biggest ports hit by a cyberattack Full Text
Abstract
A cyber attack hit the oil terminals of some of the biggest European ports impacting their operations. Some of the major oil terminals in Western Europe's biggest ports have been targeted with a cyberattack. Threat actors have hit multiple oil facilities...Security Affairs
February 03, 2022 – Phishing
Microsoft blocked billions of brute-force and phishing attacks last year Full Text
Abstract
Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft.BleepingComputer
February 3, 2022 – Cryptocurrency
Hackers Abuse Vulnerability in Smart Contracts Cryptocurrency Platform Wormhole Full Text
Abstract
The attack took place earlier today and impacted Wormhole Portal, a web-based application—also known as a blockchain “bridge”—that allows users to convert one form of cryptocurrency into another.The Record
February 03, 2022 – Attack
New Wave of Cyber Attacks Target Palestine with Political Bait and Malware Full Text
Abstract
Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based implant called Micropsia dating all the way back to June 2017 . The threat actor's activities , also tracked under the monikers Desert Falcon and the APT-C-23, were first documented in February 2015 by Kasperksy and subsequently in 2017, when Qihoo 360 disclosed details of cross-platform backdoors developed by the group to strike Palestinian institutions. The Russian cybersecurity company-branded Arid Viper the "first exclusively Arabic APT group." Then in April 2021, Meta (formerly Facebook), which pointed out the group's affiliations to the cyber arm of HamasThe Hacker News
February 3, 2022 – Cryptocurrency
Wormhole cryptocurrency platform hacked, crooks stole $326 million, the second-biggest hack of a DeFi platform Full Text
Abstract
Threat actors have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge. Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took...Security Affairs
February 03, 2022 – Malware
State hackers’ new malware helped them stay undetected for 250 days Full Text
Abstract
A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies.BleepingComputer
February 3, 2022 – Government
US State Department offers $10M for information on Iranian election interference Full Text
Abstract
The Department is offering a reward for information on two Iranian hackers who allegedly participated in state-sponsored cyber operations designed to interfere with the 2020 presidential election.Cyberscoop
February 3, 2022 – Vulnerabilities
Trend Micro fixed 2 flaws in Hybrid Cloud Security products Full Text
Abstract
Trend Micro recently addressed two high-severity flaws affecting some of its hybrid cloud security products. Trend Micro released security updates to fix two high-severity vulnerabilities, tracked as CVE-2022-23119 and CVE-2022-23120, affecting...Security Affairs
February 03, 2022 – Phishing
MFA adoption pushes phishing actors to reverse-proxy solutions Full Text
Abstract
The rising adoption of multi-factor authentication (MFA) for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools.BleepingComputer
February 3, 2022 – Vulnerabilities
Trend Micro Patches Vulnerabilities in Hybrid Cloud Security Products Full Text
Abstract
The vulnerabilities are tracked as CVE-2022-23119 and CVE-2022-23120, and they impact Deep Security and Cloud One workload security solutions, specifically the Linux agent component.Security Week
February 3, 2022 – Attack
Ransomware Often Hits Industrial Systems, With Significant Impact: Survey Full Text
Abstract
In a new survey, 80% of respondents admitted that their organization had experienced a ransomware attack within the past year, and nearly half said the incident had impacted their ICS/OT environment.Security Week
February 3, 2022 – Criminals
Cybercriminals Bypass MFA, Stealing Browser Sessions Using MiTM Phishing Kits Full Text
Abstract
Threat actors are using phish kits that leverage transparent reverse proxy, which enables them to man-in-the-middle (MitM) a browser session and steal credentials and session cookies in real-time.Proof Point
February 3, 2022 – Skimming
Target shares its own web skimming detection tool Merry Maker with the world Full Text
Abstract
The new open-source tool Merry Maker from Target simulates online browsing and shopping to identify malicious code meant to steal payment card information on retailers' websites.CSO Online
February 2, 2022 – Attack
KP Snacks Left with Crumbs After Ransomware Attack Full Text
Abstract
The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening supermarket shelves that could stay empty for weeks.Threatpost
February 2, 2022 – Malware
Thousands of Malicious npm Packages Threaten Web Apps Full Text
Abstract
Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.Threatpost
February 2, 2022 – Malware
Charming Kitten Sharpens Its Claws with PowerShell Backdoor Full Text
Abstract
The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.Threatpost
February 02, 2022 – Cryptocurrency
Wormhole cryptocurrency platform hacked to steal $326 million Full Text
Abstract
Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal approximately $326 million in cryptocurrency.BleepingComputer
February 02, 2022 – Cryptocurrency
Wormhole platform hacked to steal $326 million in crypto Full Text
Abstract
Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $320 million in cryptocurrency.BleepingComputer
February 2, 2022 – Attack
DeadBolt Hits QNAP Hard, 3600 Devices Impacted Full Text
Abstract
A new DeadBolt ransomware group encrypted more than 3,600 network-attached storage (NAS) devices worldwide by exploiting a zero-day with the most affected countries being the U.S., France, Taiwan, Italy, and the U.K. QNAP has warned customers to protect their devices by updating the QTS software ve ... Read MoreCyware Alerts - Hacker News
February 02, 2022 – General
Hillicon Valley — Presented by Cisco — Media industry divided over Big Tech bill Full Text
Abstract
Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 2, 2022 – Vulnerabilities
Researcher found an Information Disclosure in the Brave browser Full Text
Abstract
Security researcher discovered an Information Disclosure vulnerability in Brave browser and reported it through the HackerOne platform. Security researcher Kirtikumar Anandrao Ramchandani discovered an Information Disclosure vulnerability in the Brave...Security Affairs
February 2, 2022 – Education
Supply-Chain Security Is Not a Problem…It’s a Predicament Full Text
Abstract
Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them.Threatpost
February 02, 2022 – Vulnerabilities
ESET antivirus bug let attackers gain Windows SYSTEM privileges Full Text
Abstract
Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above.BleepingComputer
February 2, 2022 – Criminals
Is REvil Active Even After Arrests? Full Text
Abstract
Even after the recent arrest of the members of the REvil ransomware group, researchers have found multiple samples being deployed across targets. After the arrests, the number of REvil implants dipped to 24 per day, but that again increased to 26 implants a day. Today, it is highly obscure wh ... Read MoreCyware Alerts - Hacker News
February 02, 2022 – Government
FBI says Pegasus spyware was tested, not used in any investigation Full Text
Abstract
The FBI tested the NSO Group's Pegasus spyware for potential use in criminal investigations.The Hill
February 2, 2022 – Ransomware
Sugar Ransomware, a new RaaS in the threat landscape Full Text
Abstract
Cyber security team at retail giant Walmart dissected a new ransomware family dubbed Sugar, which implements a ransomware-as-a-service model. The cyber threat team at retail giant Walmart has analyzed a new ransomware family dubbed Sugar, which is offered...Security Affairs
February 02, 2022 – Solution
Office 365 boosts email security against MITM, downgrade attacks Full Text
Abstract
Microsoft has added SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers' email communication integrity and security.BleepingComputer
February 2, 2022 – Malware
Lazarus Pushes Malware by Placing Job Offers Full Text
Abstract
Lazarus APT group, infamous for targeting the defense industry, now abuses Windows Update Client to spread malware. It was recently observed masquerading as Lockheed Martin in spear-phishing campaigns. For the first time in this campaign, the group had used GitHub as a C2 for targeted and short-ter ... Read MoreCyware Alerts - Hacker News
February 02, 2022 – General
Intel unveils Circuit Breaker bug bounty expansion for elite hackers Full Text
Abstract
Intel says its engineers are partnering with security researchers to hunt for vulnerabilities in firmware, GPUs, hypervisors, chipsets, and other products in a new expansion to its bug bounty program.BleepingComputer
February 2, 2022 – Malware
CoinStomp Malware Targets Asian Cloud Service Providers to Mine Monero Full Text
Abstract
Researchers say that the purpose of CoinStomp is to quietly compromise instances in order to harness computing power to illicit mine for cryptocurrency, a form of attack known as cryptojacking.ZDNet
February 02, 2022 – Outage
KP Snacks giant hit by Conti ransomware, deliveries disrupted Full Text
Abstract
KP Snacks, a major producer of popular British snacks has been hit by the Conti ransomware group affecting distribution to leading supermarkets.BleepingComputer
February 2, 2022 – Business
PlexTrac Raises $70M Series B Funding Round to Fuel Growth in Proactive Cybersecurity Management Full Text
Abstract
New York-based global venture capital firm Insight Partners led the round, with participation from existing investors Madrona Venture Group, Noro-Moseley Partners, and StageDotO Ventures.idahocountyfreepress
February 02, 2022 – Solution
Microsoft Sentinel adds threat monitoring for GitHub repos Full Text
Abstract
Microsoft says its cloud-native SIEM (Security Information and Event Management) platform now allows to detect potential ransomware activity using the Fusion machine learning model.BleepingComputer
February 2, 2022 – Vulnerabilities
Fastly patches memory leak HTTP/3 vulnerability in H2O HTTP server project Full Text
Abstract
An uninitialized memory leak vulnerability in the H2O HTTP server project has been patched. H20 is an open-source optimization project for HTTP/1, HTTP/2, and HTTP/3 serversThe Daily Swig
February 02, 2022 – Attack
Business services provider Morley discloses ransomware incident Full Text
Abstract
Morley Companies Inc. disclosed a data breach after suffering a ransomware attack on August 1st, 2021, allowing threat actors to steal data before encrypting files.BleepingComputer
February 2, 2022 – Business
Tenable agrees to acquire Cymptom; terms undisclosed (NASDAQ:TENB) Full Text
Abstract
Tenable has agreed to acquire Cymptom, a specialist in attack path management. The financial terms of the deal were not disclosed. The acquisition is expected to close in Q122.Seeking Alpha
February 02, 2022 – Malware
SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers Full Text
Abstract
A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio.BleepingComputer
February 2, 2022 – Attack
Arid Viper Hackers Strike Palestinian Targets with Political Lures and Trojans Full Text
Abstract
In the past, the group has been responsible for spear phishing attacks against Palestinian law enforcement, the military, educational establishments, and the Israel Security Agency (ISA).ZDNet
February 02, 2022 – Vulnerabilities
UEFI firmware vulnerabilities affect at least 25 computer vendors Full Text
Abstract
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.BleepingComputer
February 2, 2022 – Vulnerabilities
Google Patches 27 Vulnerabilities With Release of Chrome 98 Full Text
Abstract
Of the 19 flaws, 8 carry a severity rating of high, 10 are medium severity, and one is low risk. Over half of the externally reported vulnerabilities addressed in this release are use-after-free bugs.Security Week
February 02, 2022 – Malware
New Malware Used by SolarWinds Attackers Went Undetected for Years Full Text
Abstract
The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years. According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted by the Nobelium hacking group last week, two sophisticated malware families were placed on victim systems — a Linux variant of GoldMax and a new implant dubbed TrailBlazer — long before the scale of the attacks came to light. Nobelium, the Microsoft-assigned moniker for the SolarWinds intrusion in December 2020, is also tracked by the wider cybersecurity community under the names UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks). The malicious activities have since been attributed to a Russian state-sponsoreThe Hacker News
February 2, 2022 – Vulnerabilities
ESET releases fixes for local privilege escalation bug in Windows Applications Full Text
Abstract
Antivirus firm ESET addressed a local privilege escalation vulnerability, tracked CVE-2021-37852, impacting its Windows clients. Antivirus firm ESET released security patches to address a high severity local privilege escalation vulnerability, tracked...Security Affairs
February 2, 2022 – Attack
Massive Social Engineering Campaigns Impacted Banks in Europe and South America Full Text
Abstract
The campaigns, which aim to steal banking secrets and payment cards of users, are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails.Security Affairs
February 02, 2022 – Solution
Cynet’s Keys to Extend Threat Visibility Full Text
Abstract
We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM's Cost of a Data Breach Report that has been tracking this statistic for years. In the 2021 report, IBM found that, on average, it takes an average of 212 days to identify a breach and then another 75 days to contain the breach, for a total of 287 days. A new solution overview document provides insights on how XDR provider Cynet tackles the difficult problem of greatly improving threat visibility. Cynet takes a modern approach that includes a greater level of native technology integration and advanced automation purposely designed for organizations with smaller security teams than Fortune 500 organizations. A live webinar will discuss the same topic ( Register here ) Cynet's Keys for Threat Visibility Einstein said that the definition of iThe Hacker News
February 2, 2022 – APT
Experts warn of a spike in APT35 activity and a possible link to Memento ransomware op Full Text
Abstract
The Cybereason Nocturnus Team reported a spike in the activity of the Iran-linked APT group APT35 (aka Phosphorus or Charming Kitten). The Cybereason Nocturnus Team observed a spike in the activity of the Iran-linked APT group APT35 (aka...Security Affairs
February 2, 2022 – Business
Check Point Acquires Developer Security Startup Spectral Full Text
Abstract
Check Point Software Technologies has bought Spectral to broaden its range of cloud application security use cases to include Infrastructure as Code scanning and hard-coded secrets detection.CRN
February 2, 2022 – Vulnerabilities
Experts found 23 flaws in UEFI firmware potentially impact millions of devices Full Text
Abstract
Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers....Security Affairs
February 2, 2022 – Vulnerabilities
Two Dozen UEFI Vulnerabilities Impact Millions of Devices From Major Vendors Full Text
Abstract
The vulnerabilities are mostly related to System Management Mode and they can lead to arbitrary code execution with elevated privileges. CVE IDs have been assigned to each of the 23 weaknesses.Security Week
February 2, 2022 – Business
Forescout Acquires CyberMDX to Expand Healthcare Cybersecurity Focus Full Text
Abstract
Forescout Technologies announced its acquisition of CyberMDX, a leading healthcare cybersecurity provider delivering visibility and threat prevention for medical devices and clinical networks.Dark Reading
February 01, 2022 – General
Hillicon Valley — Presented by Cisco — Spotify faces critics over Rogan controversy Full Text
Abstract
Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 1, 2022 – Government
FBI: Use a Burner Phone at the Olympics Full Text
Abstract
The warning follows a Citizen Lab report that found the official, mandatory app has an encryption flaw that “can be trivially sidestepped.” Besides burners, here are more tips on staying cyber-safe at the Games.Threatpost
February 01, 2022 – Government
FBI warns of fake job postings used to steal money, personal info Full Text
Abstract
Scammers are trying to steal job seekers' money and personal information through phishing campaigns using fake advertisements posted on recruitment platforms.BleepingComputer
February 01, 2022 – Government
FBI says cyber actors could ‘disrupt’ Beijing Olympics, Paralympics Full Text
Abstract
The FBI’s cyber division warned in a private industry notification dated Monday that cyber actors could “disrupt” the 2022 Beijing Winter Olympics set to start on Friday, in addition to next month’s Paralympics.The Hill
February 1, 2022 – Education
Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities Full Text
Abstract
LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection.Threatpost
February 01, 2022 – Malware
Malicious CSV text files used to install BazarBackdoor malware Full Text
Abstract
A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware.BleepingComputer
February 01, 2022 – Privacy
Israeli police: Evidence points to improper spyware use by investigators Full Text
Abstract
New evidence indicates that investigators with the Israeli police improperly used spyware to spy on citizens' phones, the national police force announced on Tuesday.The Hill
February 01, 2022 – Vulnerabilities
Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors Full Text
Abstract
As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface ( UEFI ) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company Binarly , with a majority of the anomalies diagnosed in the System Management Mode ( SMM ). UEFI is a software specification that provides a standard programming interface connecting a computer's firmware to its operating system during the booting process. In x86 systems, the UEFI firmware is usually stored in the flash memory chip of the motherboard. "By exploiting these vulnerabilities, attackers can successfully install malware that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot , and Virtualization-Based SecuritThe Hacker News
February 01, 2022 – Solution
Microsoft Defender now detects Android and iOS vulnerabilities Full Text
Abstract
Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform.BleepingComputer
February 01, 2022 – Government
Top White House cyber official to meet with Europeans amid Russia tensions Full Text
Abstract
The White House is dispatching its top cyber official to Europe for meetings with allies on countering cyberthreats from Russia, a senior Biden administration official said.The Hill
February 01, 2022 – Hacker
Hacker Group ‘Moses Staff’ Using New StrifeWater RAT in Ransomware Attacks Full Text
Abstract
A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar. Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware " StrifeWater ." "The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions." Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli orThe Hacker News
February 1, 2022 – Attack
Massive social engineering waves have impacted banks in several countries Full Text
Abstract
A massive social engineering campaign targeting banks has been delivered in the last two years in several countries. A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil,...Security Affairs
February 01, 2022 – APT
Cyberspies linked to Memento ransomware use new PowerShell malware Full Text
Abstract
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell.BleepingComputer
February 01, 2022 – Vulnerabilities
Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations Full Text
Abstract
A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor , which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts. "This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed." That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a webThe Hacker News
February 1, 2022 – Breach
British Council exposed 144,000 files containing student details Full Text
Abstract
Personal information belonging to British Council students was exposed online via an unsecured repository. The British Council is a British organisation specialising in international cultural and educational opportunities. It operates in over 100 countries:...Security Affairs
February 01, 2022 – Malware
Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto Full Text
Abstract
A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020.BleepingComputer
February 01, 2022 – Malware
SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems Full Text
Abstract
In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021. Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April , took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines. Then in August, the malware was observed targeting healthcare and education sectors with the goal of gathering credentials and sensitive information.The Hacker News
February 1, 2022 – Attack
A cyber attack severely impacted the operations of German petrol distributor Oiltanking GmbH Full Text
Abstract
German petrol distributor Oiltanking GmbH was a victim of a cyberattack that has a severe impact on its operations. A cyber attack hit Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, severely impacting...Security Affairs
February 01, 2022 – Breach
British Council exposed more than 100,000 files with student records Full Text
Abstract
More than 100,000 files with student records belonging to British Council were found exposed online. An unsecured Microsoft Azure blob found on the internet by cybersecurity firm revealed student IDs, names, usernames and email addresses, and other personal information.BleepingComputer
February 01, 2022 – Hacker
Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks Full Text
Abstract
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor , according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453 ), while also calling out the backdoor's evasive PowerShell execution. "The PowerShell code runs in the context of a .NET application, thus not launching 'powershell.exe' which enables it to evade security products," Daniel Frank, senior malware researcher at Cybereason, said . "The toolset analyzed includes extremely modular, multi-staged malware that decrypts and deploys additional payloads in several stages for the sake of both stealth and efficacy." The threat actor, which is active since at least 2017, has been behind a series of campaigns in recent years, including those wherein the adversaThe Hacker News
February 1, 2022 – APT
Iran-linked MuddyWater APT group campaign targets Turkish entities Full Text
Abstract
The Iran-linked MuddyWater APT group is targeting private Turkish organizations and governmental institutions. Researchers from Cisco Talos have uncovered a cyber espionage campaign carried out by the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros) and...Security Affairs
February 01, 2022 – Outage
German petrol supply firm Oiltanking paralyzed by cyber attack Full Text
Abstract
Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations.BleepingComputer
February 1, 2022 – Vulnerabilities
RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites Full Text
Abstract
A critical RCE in the popular WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites. Essential Addons for Elementor is a popular WordPress plugin used in over a million sites that provides easy-to-use and creative...Security Affairs
February 01, 2022 – Policy and Law
Telco fined €9 million for hiding cyberattack impact from customers Full Text
Abstract
The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures.BleepingComputer
February 01, 2022 – Attack
MuddyWater hacking group targets Turkey in new campaign Full Text
Abstract
The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions.BleepingComputer